Podcasts about UDP

Este domingo nos acompaña la presidenta de la UDP, la Unión democrática de pensionistas y jubilados, Inmaculada Ruiz.Escuchar audio

Dans cet épisode, Emmanuel, Katia et Guillaume discutent de Spring 7, Quarkus, d'Infinispan et Keycloak. On discute aussi de projets sympas comme Javelit, de comment démarre une JVM, du besoin d'argent de NTP. Et puis on discute du changement de carrière d'Emmanuel. Enregistré le 14 novembre 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-332.mp3 ou en vidéo sur YouTube. News Emmanuel quitte Red Hat après 20 ans https://emmanuelbernard.com/blog/2025/11/13/leaving-redhat/ Langages Support HTTP/3 dans le HttpClient de JDK 26 - https://inside.java/2025/10/22/http3-support/ JDK 26 introduit le support de HTTP/3 dans l'API HttpClient existante depuis Java 11 HTTP/3 utilise le protocole QUIC sur UDP au lieu de TCP utilisé par HTTP/2 Par défaut HttpClient préfère HTTP/2, il faut explicitement configurer HTTP/3 avec Version.HTTP_3 Le client effectue automatiquement un downgrade vers HTTP/2 puis HTTP/1.1 si le serveur ne supporte pas HTTP/3 On peut forcer l'utilisation exclusive de HTTP/3 avec l'option H3_DISCOVERY en mode HTTP_3_URI_ONLY HttpClient apprend qu'un serveur supporte HTTP/3 via le header alt-svc (RFC 7838) et utilise cette info pour les requêtes suivantes La première requête peut utiliser HTTP/2 même avec HTTP/3 préféré, mais la seconde utilisera HTTP/3 si le serveur l'annonce L'équipe OpenJDK encourage les tests et retours d'expérience sur les builds early access de JDK 26 Librairies Eclispe Jetty et CometD changent leurs stratégie de support https://webtide.com/end-of-life-changes-to-eclipse-jetty-and-cometd/ À partir du 1er janvier 2026, Webtide ne publiera plus Jetty 9/10/11 et CometD 5/6/7 sur Maven Central Pendant 20 ans, Webtide a financé les projets Jetty et CometD via services et support, publiant gratuitement les mises à jour EOL Le comportement des entreprises a changé : beaucoup cherchent juste du gratuit plutôt que du véritable support Des sociétés utilisent des versions de plus de 10 ans sans migrer tant que les correctifs CVE sont gratuits Cette politique gratuite a involontairement encouragé la complaisance et retardé les migrations vers versions récentes MITRE développe des changements au système CVE pour mieux gérer les concepts d'EOL Webtide lance un programme de partenariat avec TuxCare et HeroDevs pour distribuer les résolutions CVE des versions EOL Les binaires EOL seront désormais distribués uniquement aux clients commerciaux et via le réseau de partenaires Webtide continue le support standard open-source : quand Jetty 13 sortira, Jetty 12.1 recevra des mises à jour pendant 6 mois à un an Ce changement vise à clarifier la politique EOL avec une terminologie industrielle établie Améliorations cloud du SDK A2A Java https://quarkus.io/blog/quarkus-a2a-cloud-enhancements/ Version 0.3.0.Final du SDK A2A Java apporte des améliorations pour les environnements cloud et distribués Composants en mémoire remplacés par des implémentations persistantes et répliquées pour environnements multi-instances JpaDatabaseTaskStore et JpaDatabasePushNotificationConfigStore permettent la persistance des tâches et configurations en base PostgreSQL ReplicatedQueueManager assure la réplication des événements entre instances A2A Agent via Kafka et MicroProfile Reactive Messaging Exemple complet de déploiement Kubernetes avec Kind incluant PostgreSQL, Kafka via Strimzi, et load balancing entre pods Démonstration pratique montrant que les messages peuvent être traités par différents pods tout en maintenant la cohérence des tâches Architecture inspirée du SDK Python A2A, permettant la gestion de tâches asynchrones longues durée en environnement distribué Quarkus 3.29 sort avec des backends de cache multiples et support du débogueur Qute https://quarkus.io/blog/quarkus-3-29-released/ Possibilité d'utiliser plusieurs backends de cache simultanément dans une même application Chaque cache peut être associé à un backend spécifique (par exemple Caffeine et Redis ou Infinispan) Support du Debug Adapter Protocol (DAP) pour déboguer les templates Qute directement dans l'IDE et dans la version 3.28 Configuration programmatique de la protection CSRF via une API fluent Possibilité de restreindre les filtres OIDC à des flux d'authentification spécifiques avec annotations Support des dashboards Grafana personnalisés via fichiers JSON dans META-INF/grafana/ Extension Liquibase MongoDB supporte désormais plusieurs clients simultanés Amélioration significative des performances de build avec réduction des allocations mémoire Parallélisation de tâches comme la génération de proxies Hibernate ORM et la construction des Jar Et l'utilisation des fichiers .proto est plus simple dans Quarkus avbec Quarkus gRPC Zero https://quarkus.io/blog/grpc-zero/ c'est toujours galere des fichiers .proto car les generateurs demandent des executables natifs maintenant ils sont bundlés dans la JVM et vous n'avez rien a configurer cela utilise Caffeine pour faire tourner cela en WASM dans la JVM Spring AI 1.1 est presque là https://spring.io/blog/2025/11/08/spring-ai-1-1-0-RC1-available-now support des MCP tool caching pour les callback qui reduit les iooerations redondantes Access au contenu de raisonnement OpenAI Un modele de Chat MongoDB Support du modele de penser Ollama Reessaye sur les echec de reseau OpenAI speech to text Spring gRPC Les prochaines étapes pour la 1.0.0 https://spring.io/blog/2025/11/05/spring-grpc-next-steps Spring gRPC 1.0 arrive prochainement avec support de Spring Boot 4 L'intégration dans Spring Boot 4.0 est reportée, prévue pour Spring Boot 4.1 Les coordonnées Maven restent sous org.springframework.grpc pour la version 1.0 Le jar spring-grpc-test est renommé en spring-grpc-test-spring-boot-autoconfigure Les packages d'autoconfiguration changent de nom nécessitant de modifier les imports Les dépendances d'autoconfiguration seront immédiatement dépréciées après la release 1.0 Migration minimale attendue pour les projets utilisant déjà la version 0.x La version 1.0.0-RC1 sera publiée dès que possible avant la version finale Spring arrete le support reactif d'Apache Pulsar https://spring.io/blog/2025/10/29/spring-pulsar-reactive-discontinued logique d'évaluer le temps passé vs le nombre d'utilisateurs c'est cependant une tendance qu'on a vu s'accélerer Spring 7 est sorti https://spring.io/blog/2025/11/13/spring-framework-7-0-general-availability Infrastructure Infinispan 16.0 https://infinispan.org/blog/2025/11/10/infinispan-16-0 Ajout majeur : migration en ligne sans interruption pour les nœuds d'un cluster (rolling upgrades) (infinispan.org) Messages de clustering refaits avec Protocol Buffers + ProtoStream : meilleure compatibilité, schéma évolutif garanti (infinispan.org) Console Web améliorée API dédiée de gestion des schémas (SchemasAdmin) pour gérer les schémas ProtoStream à distance (infinispan.org) Module de requête (query) optimisé : support complet des agrégations (sum, avg …) dans les requêtes indexées en cluster grâce à l'intégration de Hibernate Search 8.1 (infinispan.org) Serveur : image conteneur minimalisée pour réduire la surface d'attaque (infinispan.org) démarrage plus rapide grâce à séparation du démarrage cache/serveur (infinispan.org) caches pour connecteurs (Memcached, RESP) créés à la demande (on-demand) et non à l'initiaton automatique (infinispan.org) moteur Lua 5.1 mis à jour avec corrections de vulnérabilités et opérations dangereuses désactivées (infinispan.org) Support JDK : version minimale toujours JDK 17 (infinispan.org) prise en charge des threads virtuels (virtual threads) et des fonctionnalités AOT (Ahead-of-Time) de JDK plus récentes (infinispan.org) Web Javelit, une nouvelle librairie Java inspirée de Streamlit pour faire facilement et rapidement des petites interfaces web https://glaforge.dev/posts/2025/10/24/javelit-to-create-quick-interactive-app-frontends-in-java/ Site web du projet : https://javelit.io/ Javelit : outil pour créer rapidement des applications de données (mais pas que) en Java. Simplifie le développement : élimine les tracas du frontend et de la gestion des événements. Transforme une classe Java en application web en quelques minutes. Inspiré par la simplicité de Streamlit de l'écosystème Python (ou Gradio et Mesop), mais pour Java. Développement axé sur la logique : pas de code standard répétitif (boilerplate), rechargement à chaud. Interactions faciles : les widgets retournent directement leur valeur, sans besoin de HTML/CSS/JS ou gestion d'événements. Déploiement flexible : applications autonomes ou intégrables dans des frameworks Java (Spring, Quarkus, etc.). L'article de Guillaume montre comment créer une petite interface pour créer et modifier des images avec le modèle génératif Nano Banana Un deuxième article montre comment utiliser Javelit pour créer une interface de chat avec LangChain4j https://glaforge.dev/posts/2025/10/25/creating-a-javelit-chat-interface-for-langchain4j/ Améliorer l'accessibilité avec les applis JetPack Compose https://blog.ippon.fr/2025/10/29/rendre-son-application-accessible-avec-jetpack-compose/ TalkBack est le lecteur d'écran Android qui vocalise les éléments sélectionnés pour les personnes malvoyantes Accessibility Scanner et les outils Android Studio détectent automatiquement les problèmes d'accessibilité statiques Les images fonctionnelles doivent avoir un contentDescription, les images décoratives contentDescription null Le contraste minimum requis est de 4.5:1 pour le texte normal et 3:1 pour le texte large ou les icônes Les zones cliquables doivent mesurer au minimum 48dp x 48dp pour faciliter l'interaction Les formulaires nécessitent des labels visibles permanents et non de simples placeholders qui disparaissent Modifier.semantics permet de définir l'arbre sémantique lu par les lecteurs d'écran Les propriétés mergeDescendants et traversalIndex contrôlent l'ordre et le regroupement de la lecture Diriger le navigateur Chrome avec le modèle Gemini Computer Use https://glaforge.dev/posts/2025/11/03/driving-a-web-browser-with-gemini-computer-use-model-in-java/ Objectif : Automatiser la navigation web en Java avec le modèle "Computer Use" de Gemini 2.5 Pro. Modèle "Computer Use" : Gemini analyse des captures d'écran et génère des actions d'interface (clic, saisie, etc.). Outils : Gemini API, Java, Playwright (pour l'interaction navigateur). Fonctionnement : Boucle agent où Gemini reçoit une capture, propose une action, Playwright l'exécute, puis une nouvelle capture est envoyée à Gemini. Implémentation clé : Toujours envoyer une capture d'écran à Gemini après chaque action pour qu'il comprenne l'état actuel. Défis : Lenteur, gestion des CAPTCHA et pop-ups (gérables). Potentiel : Automatisation des tâches web répétitives, création d'agents autonomes. Data et Intelligence Artificielle Apicurio ajoute le support de nouveaux schema sans reconstruire Apicurio https://www.apicur.io/blog/2025/10/27/custom-artifact-types Apicurio Registry 3.1.0 permet d'ajouter des types d'artefacts personnalisés au moment du déploiement sans recompiler le projet Supporte nativement OpenAPI, AsyncAPI, Avro, JSON Schema, Protobuf, GraphQL, WSDL et XSD Trois approches d'implémentation disponibles : classes Java pour la performance maximale, JavaScript/TypeScript pour la facilité de développement, ou webhooks pour une flexibilité totale Configuration via un simple fichier JSON pointant vers les implémentations des composants personnalisés Les scripts JavaScript sont exécutés via QuickJS dans un environnement sandboxé sécurisé Un package npm TypeScript fournit l'autocomplétion et la sécurité de type pour le développement Six composants optionnels configurables : détection automatique de type, validation, vérification de compatibilité, canonicalisation, déréférencement et recherche de références Cas d'usage typiques : formats propriétaires internes, support RAML, formats legacy comme WADL, schémas spécifiques à un domaine métier Déploiement simple via Docker en montant les fichiers de configuration et scripts comme volumes Les performances varient selon l'approche : Java offre les meilleures performances, JavaScript un bon équilibre, webhooks la flexibilité maximale Le truc interessant c'est que c'est Quarkus based et donc demandait le rebuilt donc pour eviter cela, ils ont ajouter QuickJS via Chicorey un moteur WebAssembly GPT 5.1 pour les développeurs est sorti. https://openai.com/index/gpt-5-1-for-developers/ C'est le meilleur puisque c'est le dernier :slightly_smiling_face: Raisonnement Adaptatif et Efficace : GPT-5.1 ajuste dynamiquement son temps de réflexion en fonction de la complexité de la tâche, le rendant nettement plus rapide et plus économique en jetons pour les tâches simples, tout en maintenant des performances de pointe sur les tâches difficiles. Nouveau Mode « Sans Raisonnement » : Un mode (reasoning_effort='none') a été introduit pour les cas d'utilisation sensibles à la latence, permettant une réponse plus rapide avec une intelligence élevée et une meilleure exécution des outils. Cache de Prompt Étendu : La mise en cache des invites est étendue jusqu'à 24 heures (contre quelques minutes auparavant), ce qui réduit la latence et le coût pour les interactions de longue durée (chats multi-tours, sessions de codage). Les jetons mis en cache sont 90 % moins chers. Améliorations en Codage : Le modèle offre une meilleure personnalité de codage, une qualité de code améliorée et de meilleures performances sur les tâches d'agenticité de code, atteignant 76,3 % sur SWE-bench Verified. Nouveaux Outils pour les Développeurs : Deux nouveaux outils sont introduits ( https://cookbook.openai.com/examples/build_a_coding_agent_with_gpt-5.1 ) : L'outil apply_patch pour des modifications de code plus fiables via des diffs structurés. L'outil shell qui permet au modèle de proposer et d'exécuter des commandes shell sur une machine locale, facilitant les boucles d'inspection et d'exécution. Disponibilité : GPT-5.1 (ainsi que les modèles gpt-5.1-codex) est disponible pour les développeurs sur toutes les plateformes API payantes, avec les mêmes tarifs et limites de débit que GPT-5. Comparaison de similarité d'articles et de documents avec les embedding models https://glaforge.dev/posts/2025/11/12/finding-related-articles-with-vector-embedding-models/ Principe : Convertir les articles en vecteurs numériques ; la similarité sémantique est mesurée par la proximité de ces vecteurs. Démarche : Résumé des articles via Gemini-2.5-flash. Conversion des résumés en vecteurs (embeddings) par Gemini-embedding-001. Calcul de la similarité entre vecteurs par similarité cosinus. Affichage des 3 articles les plus pertinents (>0.75) dans le frontmatter Hugo. Bilan : Approche "résumé et embedding" efficace, pragmatique et améliorant l'engagement des lecteurs. Outillage Composer : Nouveau modèle d'agent rapide pour l'ingénierie logicielle - https://cursor.com/blog/composer Composer est un modèle d'agent conçu pour l'ingénierie logicielle qui génère du code quatre fois plus rapidement que les modèles similaires Le modèle est entraîné sur de vrais défis d'ingénierie logicielle dans de grandes bases de code avec accès à des outils de recherche et d'édition Il s'agit d'un modèle de type mixture-of-experts optimisé pour des réponses interactives et rapides afin de maintenir le flux de développement L'entraînement utilise l'apprentissage par renforcement dans divers environnements de développement avec des outils comme la lecture de fichiers, l'édition, les commandes terminal et la recherche sémantique Cursor Bench est un benchmark d'évaluation basé sur de vraies demandes d'ingénieurs qui mesure la correction et le respect des abstractions du code existant Le modèle apprend automatiquement des comportements utiles comme effectuer des recherches complexes, corriger les erreurs de linter et écrire des tests unitaires L'infrastructure d'entraînement utilise PyTorch et Ray avec des kernels MXFP8 pour entraîner sur des milliers de GPUs NVIDIA Le système exécute des centaines de milliers d'environnements de codage sandboxés concurrents dans le cloud pour l'entraînement Composer est déjà utilisé quotidiennement par les développeurs de Cursor pour leur propre travail Le modèle se positionne juste derrière GPT-5 et Sonnet 4.5 en termes de performance sur les benchmarks internes Rex sur l'utilisation de l'IA pour les développeurs, un gain de productivité réel et des contextes adaptés https://mcorbin.fr/posts/2025-10-17-genai-dev/ Un développeur avec 18 ans d'expérience partage son retour sur l'IA générative après avoir changé d'avis Utilise exclusivement Claude Code dans le terminal pour coder en langage naturel Le "vibe coding" permet de générer des scripts et interfaces sans regarder le code généré Génération rapide de scripts Python pour traiter des CSV, JSON ou créer des interfaces HTML Le mode chirurgien résout des bugs complexes en one-shot, exemple avec un plugin Grafana fixé en une minute Pour le code de production, l'IA génère les couches repository, service et API de manière itérative, mais le dev controle le modele de données Le développeur relit toujours le code et ajuste manuellement ou via l'IA selon le besoin L'IA ne remplacera pas les développeurs car la réflexion, conception et expertise technique restent essentielles La construction de produits robustes, scalables et maintenables nécessite une expérience humaine L'IA libère du temps sur les tâches répétitives et permet de se concentrer sur les aspects complexes ce que je trouve interessant c'est la partie sur le code de prod effectivement, je corrige aussi beaucoup les propositions de l'IA en lui demandant de faire mieux dans tel ou tel domaine Sans guide, tout cela serait perdu Affaire a suivre un article en parallele sur le métier de designer https://blog.ippon.fr/2025/11/03/lia-ne-remplace-pas-un-designer-elle-amplifie-la-difference-entre-faire-et-bien-faire/ Plus besoin de se rappeler les racourcis dans IntelliJ idea avec l'universal entry point https://blog.jetbrains.com/idea/2025/11/universal-entry-point-a-single-entry-point-for-context-aware-coding-assistance/ IntelliJ IDEA introduit Command Completion, une nouvelle façon d'accéder aux actions de l'IDE directement depuis l'éditeur Fonctionne comme la complétion de code : tapez point (.) pour voir les actions contextuelles disponibles Tapez double point (..) pour filtrer et n'afficher que les actions disponibles Propose des corrections, refactorings, génération de code et navigation selon le contexte Complète les fonctionnalités existantes sans les remplacer : raccourcis, Alt+Enter, Search Everywhere Facilite la découverte des fonctionnalités de l'IDE sans interrompre le flux de développement En Beta dans la version 2025.2, sera activé par défaut dans 2025.3 Support actuel pour Java et Kotlin, avec actions spécifiques aux frameworks comme Spring et Hibernate Homebrew, package manage pour macOS et Linux passe en version 5 https://brew.sh/2025/11/12/homebrew-5.0.0/ Téléchargements Parallèles par Défaut : Le paramètre HOMEBREW_DOWNLOAD_CONCURRENCY=auto est activé par défaut, permettant des téléchargements concurrents pour tous les utilisateurs, avec un rapport de progression. Support Linux ARM64/AArch64 en Tier 1 : Le support pour Linux ARM64/AArch64 a été promu au niveau "Tier 1" (support officiel de premier plan). Feuille de Route pour les Dépréciations macOS : Septembre 2026 (ou plus tard) : Homebrew ne fonctionnera plus sur macOS Catalina (10.15) et versions antérieures. macOS Intel (x86_64) passera en "Tier 3" (fin du support CI et des binaires précompilés/bottles). Septembre 2027 (ou plus tard) : Homebrew ne fonctionnera plus sur macOS Big Sur (11) sur Apple Silicon ni du tout sur Intel (x86_64). Sécurité et Casks : Dépréciation des Casks sans signature de code. Désactivation des Casks échouant aux vérifications Gatekeeper en septembre 2026. Les options --no-quarantine et --quarantine sont dépréciés pour ne plus faciliter le contournement des fonctionnalités de sécurité de macOS. Nouvelles Fonctionnalités & Améliorations : Support officiel pour macOS 26 (Tahoe). brew bundle supporte désormais l'installation de packages Go via un Brewfile. Ajout de la commande brew info --sizes pour afficher la taille des formulae et casks. La commande brew search --alpine permet de chercher des packages Alpine Linux. Architecture Selon l'analyste RedMonk, Java reste très pertinent dans l'aire de l'IA et des agents https://redmonk.com/jgovernor/java-relevance-in-the-ai-era-agent-frameworks-emerge/ Java reste pertinent à l'ère de l'IA, pas besoin d'apprendre une pile technique entièrement nouvelle. Capacité d'adaptation de Java ("anticorps") aux innovations (Big Data, cloud, IA), le rendant idéal pour les contextes d'entreprise. L'écosystème JVM offre des avantages sur Python pour la logique métier et les applications sophistiquées, notamment en termes de sécurité et d'évolutivité. Embabel (par Rod Johnson, créateur de Spring) : un framework d'agents fortement typé pour JVM, visant le déterminisme des projets avant la génération de code par LLM. LangChain4J : facilite l'accès aux capacités d'IA pour les développeurs Java, s'aligne sur les modèles d'entreprise établis et permet aux LLM d'appeler des méthodes Java. Koog (Jetbrains) : framework d'agents basé sur Kotlin, typé et spécifique aux développeurs JVM/Kotlin. Akka : a pivoté pour se concentrer sur les flux de travail d'agents IA, abordant la complexité, la confiance et les coûts des agents dans les systèmes distribués. Le Model Context Protocol (MCP) est jugé insuffisant, manquant d'explicabilité, de découvrabilité, de capacité à mélanger les modèles, de garde-fous, de gestion de flux, de composabilité et d'intégration sécurisée. Les développeurs Java sont bien placés pour construire des applications compatibles IA et intégrer des agents. Des acteurs majeurs comme IBM, Red Hat et Oracle continuent d'investir massivement dans Java et son intégration avec l'IA. Sécurité AI Deepfake, Hiring … A danger réel https://www.eu-startups.com/2025/10/european-startups-get-serious-about-deepfakes-as-ai-fraud-losses-surpass-e1-3-billion/ Pertes liées aux deepfakes en Europe : > 1,3 milliard € (860 M € rien qu'en 2025). Création de deepfakes désormais possible pour quelques euros. Fraudes : faux entretiens vidéo, usurpations d'identité, arnaques diverses. Startups actives : Acoru, IdentifAI, Trustfull, Innerworks, Keyless (détection et prévention). Réglementation : AI Act et Digital Services Act imposent transparence et contrôle. Recommandations : vérifier identités, former employés, adopter authentification multi-facteurs. En lien : https://www.techmonitor.ai/technology/cybersecurity/remote-hiring-cybersecurity 1 Candidat sur 4 sera Fake en 2028 selon Gartner research https://www.gartner.com/en/newsroom/press-releases/2025-07-31-gartner-survey-shows-j[…]-percent-of-job-applicants-trust-ai-will-fairly-evaluate-them Loi, société et organisation Amazon - prévoit supprimer 30.000 postes https://www.20minutes.fr/economie/4181936-20251028-amazon-prevoit-supprimer-30-000-emplois-bureau-selon-plusieurs-medias Postes supprimés : 30 000 bureaux Part des effectifs : ~10 % des employés corporatifs Tranche confirmée : 14 000 postes Divisions touchées : RH, Opérations, Devices & Services, Cloud Motifs : sur-recrutement, bureaucratie, automatisation/IA Accompagnement : 90 jours pour poste interne + aides Non concernés : entrepôts/logistique Objectif : concentrer sur priorités stratégiques NTP a besoin d'argent https://www.ntp.org/ Il n'est que le protocole qui synchronise toutes les machines du monde La fondation https://www.nwtime.org/ recherche 11000$ pour maintenir son activité Rubrique débutant Une plongée approfondie dans le démarrage de la JVM https://inside.java/2025/01/28/jvm-start-up La JVM effectue une initialisation complexe avant d'exécuter le code : validation des arguments, détection des ressources système et sélection du garbage collector approprié Le chargement de classes suit une stratégie lazy où chaque classe charge d'abord ses dépendances dans l'ordre de déclaration, créant une chaîne d'environ 450 classes même pour un simple Hello World La liaison de classes comprend trois sous-processus : vérification de la structure, préparation avec initialisation des champs statiques à leurs valeurs par défaut, et résolution des références symboliques du Constant Pool Le CDS améliore les performances au démarrage en fournissant des classes pré-vérifiées, réduisant le travail de la JVM L'initialisation de classe exécute les initialiseurs statiques via la méthode spéciale clinit générée automatiquement par javac Le Project Leyden introduit la compilation AOT dans JDK 24 pour réduire le temps de démarrage en effectuant le chargement et la liaison de classes en avance de phase Pas si débutant finalement Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 19-21 novembre 2025 : Agile Grenoble - Grenoble (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 24 novembre 2025 : Forward Data & AI Conference - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 4-5 décembre 2025 : Agile Tour Rennes - Rennes (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 11 décembre 2025 : Normandie.ai 2025 - Rouen (France) 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 22 janvier 2026 : DevCon #26 : sécurité / post-quantique / hacking - Paris (France) 29-31 janvier 2026 : Epitech Summit 2026 - Paris - Paris (France) 2-5 février 2026 : Epitech Summit 2026 - Moulins - Moulins (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 3-4 février 2026 : Epitech Summit 2026 - Lille - Lille (France) 3-4 février 2026 : Epitech Summit 2026 - Mulhouse - Mulhouse (France) 3-4 février 2026 : Epitech Summit 2026 - Nancy - Nancy (France) 3-4 février 2026 : Epitech Summit 2026 - Nantes - Nantes (France) 3-4 février 2026 : Epitech Summit 2026 - Marseille - Marseille (France) 3-4 février 2026 : Epitech Summit 2026 - Rennes - Rennes (France) 3-4 février 2026 : Epitech Summit 2026 - Montpellier - Montpellier (France) 3-4 février 2026 : Epitech Summit 2026 - Strasbourg - Strasbourg (France) 3-4 février 2026 : Epitech Summit 2026 - Toulouse - Toulouse (France) 4-5 février 2026 : Epitech Summit 2026 - Bordeaux - Bordeaux (France) 4-5 février 2026 : Epitech Summit 2026 - Lyon - Lyon (France) 4-6 février 2026 : Epitech Summit 2026 - Nice - Nice (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 26-27 mars 2026 : SymfonyLive Paris 2026 - Paris (France) 27-29 mars 2026 : Shift - Nantes (France) 31 mars 2026 : ParisTestConf - Paris (France) 16-17 avril 2026 : MiXiT 2026 - Lyon (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 6-7 mai 2026 : Devoxx UK 2026 - London (UK) 22 mai 2026 : AFUP Day 2026 Lille - Lille (France) 22 mai 2026 : AFUP Day 2026 Paris - Paris (France) 22 mai 2026 : AFUP Day 2026 Bordeaux - Bordeaux (France) 22 mai 2026 : AFUP Day 2026 Lyon - Lyon (France) 17 juin 2026 : Devoxx Poland - Krakow (Poland) 11-12 juillet 2026 : DevLille 2026 - Lille (France) 4 septembre 2026 : JUG Summer Camp 2026 - La Rochelle (France) 17-18 septembre 2026 : API Platform Conference 2026 - Lille (France) 5-9 octobre 2026 : Devoxx Belgium - Antwerp (Belgium) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

professorjrod@gmail.comEver wish the network would just explain itself? We walk through the real language of connectivity—how links come alive, how packets choose their paths, and how a few core ideas unlock routers, firewalls, addressing, and the exam questions that test them. It starts with the wire (and the air): DSL over copper, cable scaling with DOCSIS, fiber to an ONT at your home, and why fixed wireless, satellite, and 5G fill coverage gaps with very different tradeoffs in speed and latency. From there, we draw the line between moving traffic and governing it. Routers forward based on IP and subnets; firewalls enforce policy using IPs, protocols, and ports—think velvet rope, but for packets.We bring the TCP/IP stack down to earth with a clean mental model of layers and encapsulation, then dig into IPv4 addressing, subnet masks, and private ranges that rely on NAT to share a single public IP. You'll learn why static IPs belong on printers and servers, how DHCP's DORA flow keeps clients online, and what APIPA is telling you when a lease fails. We also size up IPv6—128-bit addresses, hexadecimal notation, dual stack—and unpack the practical roadblocks that slow adoption despite the promise of massive address space.Transport choices make or break performance, so we compare TCP's three‑way handshake and delivery guarantees with UDP's low-latency approach favored by streaming and gaming. We highlight the ports every tech should know—22, 53, 80, 443, 67/68, 21/20, 3389—because port literacy speeds troubleshooting. On identity and isolation, we translate DNS records (A, AAAA, CNAME, MX, TXT) into everyday use and show how VLANs reduce broadcast noise while VPNs protect data over untrusted networks. To cement it all, we run live quiz walkthroughs and model how to spot keywords, eliminate distractors, and reason under time pressure—skills you can carry straight into the CompTIA A+ and beyond.If this helped you think more clearly about networks, follow the show, leave a rating, and share it with a friend who's studying. Got a topic you want us to deep-dive next—DHCP, DNS, or VLANs? Drop a note and subscribe so you don't miss the next breakdown.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Juan Bravo, director del Observatorio del Contexto Económico UDP, analizó en Canal 24 Horas los despidos por necesidad de la empresa, que anotaron en junio su mayor alza en 16 meses.

En mi último libro te cuento lo que ha sucedido con la economía de Bolivia los últimos 20 años con el MAS en el poder, lo que todavía sucederá y cómo puedes defenderte: https://www.amazon.com/Auge-Decadencia-Bolivia-2003-Dolarizaci%C3%B3n/dp/B0FLC45VBP En esta entrevista le cuento a mi buen amigo Nehomar Hernández que, aun si no hubiera teoría conspirativa que explique un resultado tan inesperado, Paz Pereira tampoco es confiable. Es un improvisado. Y el Capitán Lara, mucho más. No tienen la menor idea de cómo enfrentar la crisis. Salvo que Samuel ponga a disposición todo su plan y equipo, la cosa se complica. Tuto, que tampoco tiene un buen programa de estabilización inmediata —gradualista y keynesiano como es— al menos resulta predecible. Pero ahora está en una posición muy difícil para encarar la segunda vuelta, con el mirismo entero en su contra (lo que sorprende también: cómo ha logrado sostenerse en el poder con unos y con otros durante los últimos 40 años, desde la UDP). En definitiva, lo esencial es que la discusión sobre cómo estabilizar la economía a corto plazo está quedando completamente relegada. El resultado de esta primera vuelta es un enorme factor de incertidumbre e inestabilidad. No veo a Rodrigo Paz ni a Lara entendiendo siquiera cómo funcionan el tipo de cambio, las tasas de interés o el encaje legal. No dan la talla. Y aun suponiendo que el plan de Tuto fuera bueno, tiene cuesta arriba la segunda vuelta: solo le queda aprovechar los debates al máximo. El resto será resistir en el Legislativo para evitar que la situación se deteriore aún más. ________________ Encuéntrame en más redes: Web: http://riosmauricio.com​​​​ X/Twitter: https://x.com/riosmauricio​​​​ https://www.linkedin.com/in/riosmauricio/ Facebook: https://www.facebook.com/riosmauriciocom Patreon: https://patreon.com/riosmauricio

El abogado y académico de la UDP también se refirió a la implementación de la Ley Karin que en agosto cumple 1 año.

FreeBSD version 14.3 is available, Reliable ZFS Storage on Commodity Hardware, My website is ugly because I made it, Semi distributed filesystems with ZFS and Sanoid, April 2025 Laptop Support and Usability Project Update, UDP sockets instead of BPF in dhcpd(8), and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD 14.3 released (https://www.freebsd.org/releases/14.3R/announce/) Reliable ZFS Storage on Commodity Hardware (https://klarasystems.com/articles/cost-efficient-storage-commodity-hardware/) News Roundup My website is ugly because I made it (https://goodinternetmagazine.com/my-website-is-ugly-because-i-made-it/) Semi distributed filesystems with ZFS and Sanoid (https://anil.recoil.org/notes/syncoid-sanoid-zfs) April 2025 Laptop Support and Usability Project Update (https://freebsdfoundation.org/blog/april-2025-laptop-support-and-usability-project-update/) dhcpd(8): use UDP sockets instead of BPF (https://undeadly.org/cgi?action=article;sid=20250613111800) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions No feedback this week. Send more... Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Sobre la vida de Enrique Correa, Iván Valenzuela y Angélica Bulnes conversaron con Andrea Insunza y Javier Ortega, directores de la productora periodística "Un día en la vida", autores del libro "Enrique Correa, una biografía sobre el poder", editado por periodismo UDP y Catalonia.

Send us a textVulnerability assessments serve as the frontline defense against cybersecurity threats, yet many professionals struggle to understand the terminology and methodologies that make them effective. In this comprehensive episode, we demystify the critical components of vulnerability management that every security practitioner should master – whether you're preparing for the CISSP exam or strengthening your organization's security posture.We begin by examining recent ransomware attacks targeting municipal governments across the United States, highlighting how 28 county and tribal governments have already fallen victim in 2024 alone. These incidents underscore why vulnerability management isn't just theoretical knowledge but an urgent practical necessity for protecting critical infrastructure and services.Diving into the technical foundations, we explore how the Common Vulnerability and Exposures (CVE) system works, from discovery to disclosure, and how the Common Vulnerability Scoring System (CVSS) helps prioritize remediation efforts through its base, temporal, and environmental metrics. You'll gain clarity on related frameworks including CPE, CCE, and OVAL, understanding how these pieces fit together to create a comprehensive vulnerability management approach.The episode also provides a practical breakdown of network scanning techniques essential for vulnerability discovery, including SYN scans, TCP connect scans, ACK scans, UDP scans, and Christmas tree scans. We explain the intricacies of the TCP handshake process and how different scanning methods leverage various aspects of this protocol to identify potential vulnerabilities while avoiding detection.We also examine how AI-assisted code generation is transforming development practices, with 70% of professional developers expected to use these tools by 2027. While this technology promises significant productivity gains, it creates new security challenges that vulnerability assessment processes must address.Whether you're studying for the CISSP exam or looking to strengthen your organization's security practices, this episode equips you with the knowledge to implement effective vulnerability management. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textNavigating the complex landscape of authentication frameworks is essential for any cybersecurity professional, especially those preparing for the CISSP exam. This deep-dive episode unravels the intricate world of authentication systems that protect our digital identities across multiple platforms and services.We begin by examining OAuth 2.0 and OpenID Connect (OIDC), exploring how these token-based frameworks revolutionize third-party authentication without exposing user credentials. When you click "Login with Google," you're experiencing these protocols in action—reducing password reuse while maintaining security across digital services. Learn the difference between authorization flows and how these systems interact to verify your identity seamlessly across the web.The podcast then transitions to Security Assertion Markup Language (SAML), breaking down how this XML-based protocol establishes trust between identity providers and service providers. Through practical examples, we illustrate how SAML enables web single sign-on capabilities across educational institutions, corporate environments, and cloud services—creating that "connective tissue" between disparate systems while enhancing both security and user experience.Kerberos, MIT's powerful network authentication protocol, takes center stage as we explore its ticketing system architecture. Named after the three-headed dog of Greek mythology, this protocol's Authentication Service, Ticket Granting Service, and Key Distribution Center work in concert to verify identities without transmitting passwords across networks. We also discuss critical considerations like time synchronization requirements that can make or break your Kerberos implementation.For remote authentication scenarios, we compare RADIUS and TACACS+ protocols, highlighting their distinct approaches to the AAA (Authentication, Authorization, and Accounting) framework. Discover why network administrators choose UDP-based RADIUS for general network access while preferring the TCP-based TACACS+ for granular administrative control with command-level authorization and full payload encryption.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the knowledge foundation you need to implement robust authentication systems in today's interconnected world. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

以下のようなトピックについて話をしました。 01. NotebookLMの音声概要機能で資料を耳から学習 NotebookLMは、Googleが提供する新しいAIノートサービスで、アップロードした資料をAIが会話形式で音声解説してくれる「音声概要」機能が注目されています。長い資料や専門的な内容も、耳から手軽に理解できるのが特徴です。 使い方は簡単で、NotebookLMにログインし、資料をアップロードしたら「音声概要」ボタンをクリックするだけ。AIが自動で内容を分析し、2人のAIによる会話形式の音声解説を生成します。2025年4月のアップデートで日本語を含む50以上の言語に対応し、さらに使いやすくなりました。 料金プランは無料プランとNotebookLM Plus（月額2,900円）の2種類。無料プランでも基本的な機能が使えますが、Plusではノート数やアップロード容量、質問回数が大幅に増加し、高度な分析機能や音声概要も利用できます。 通勤中や家事の合間など、ながら作業の時間を活用して、学習から仕事、趣味のインプットまで幅広く活用できる音声概要。ぜひ試してみて、新しい情報収集のスタイルを見つけてみてください。 02. AnthropicのAPIに4つの新機能が追加 Anthropicは、開発者がより強力なAIエージェントを構築できるようにするために、Anthropic APIに4つの新機能を発表しました。 Code execution tool：Claudeがサンドボックス環境でPythonコードを実行し、計算結果とデータ可視化を生成できるようになります。これにより、Claudeはコード作成アシスタントからデータアナリストへと進化し、財務モデリング、科学計算、ビジネスインテリジェンス、ドキュメント処理、統計分析などのユースケースに対応できます。 MCP connector：開発者はクライアントコードを記述することなく、Claudeを任意のRemote MCPサーバに接続できます。APIリクエストにRemote MCPサーバのURLを追加するだけで、強力なサードパーティ製ツールにすぐにアクセスできます。 Files API：開発者がドキュメントを保存およびアクセスする方法を簡素化します。ドキュメントを一度アップロードすれば、複数の会話にわたって繰り返し参照できるようになります。 Extended prompt caching：プロンプトキャッシュの有効期間を標準の5分間から1時間に延長できるようになりました。これにより、長時間実行されるエージェントワークフローのコストを削減できます。 これらの機能はすべて、Anthropic APIのパブリックベータ版として利用可能です。 03. 数字を等幅化した帳票UDPゴシック 「帳票 UDPゴシック」は、モリサワの「BIZ UDPゴシック」をベースに、数字（0〜9）のみを等幅にしたフォントです。「BIZ UDPゴシック」では、数字の1だけ幅が異なっていましたが、「帳票 UDPゴシック」ではその1の幅を調整し、数字全体を等幅にしました。これにより、「BIZ UDPゴシック」の特徴を保ちつつ、帳票などで数字を揃えやすくなりました。「BIZ UDPゴシック」の約99.99%のグリフはそのまま使用しており、変更点は最小限に抑えられています。このフォントは、GitHub からダウンロードできます。また、同様の調整を加えた「帳票 UDP明朝」も公開されています。 04. 空孔コアファイバで次世代通信に挑む 次世代の大容量高速通信を実現するため、古河電工とグループ会社が協力して革新的な「空孔コアファイバ」の開発に取り組んでいる。空孔コアファイバは、ファイバのコア部分を空洞にすることで、遅延時間の短縮、ハイパワーへの耐性、究極の低損失という3つのメリットを持つ。 開発には、アメリカのOFS社やハンガリーのFETI社など、グループ・グローバルでの連携が不可欠だった。ケーブル化や接続技術の確立には多くの課題があったが、既存技術と斬新な発想で乗り越えてきた。慶應義塾大学や電気通信大学との共同研究でも高い評価を得ている。 実用化に向けては、さらなる技術の改良や最適化、量産性の向上など、まだ多くの挑戦が残されている。古河電工グループは、この革新的な技術で次世代通信の実現を目指す。 05. 寒天テープで束ねる溶ける乾麺を開発 岡山の製麺会社が、乾麺を束ねる際に使用する紙やビニールのテープを寒天で作った「エコらく麺」を開発しました。このテープは麺をゆでる際に溶けてなくなるため、手間が省け、ゴミも出ません。 開発のきっかけは、毎年顧客から寄せられていた「そうめんの帯がとりにくい、何とかならないか」という声でした。日本で年間に作られる乾麺は約15億束で、それに使用されるテープをつなげると地球25周分にもなります。 現在は細めの手延べうどんのみに寒天テープを使用していますが、今後はそうめんなど他の麺にも適応できるよう研究を続けていくとのことです。 この「エコらく麺」は、クラウドファンディングで目標金額を達成し、好評を博しています。流通大手からも問い合わせがあり、普及すれば革命的な商品となりそうです。岡山手延素麺株式会社は、顧客の声を大切にした商品開発を続けていきたいと述べています。 本ラジオはあくまで個人の見解であり現実のいかなる団体を代表するものではありません ご理解頂ますようよろしくおねがいします

La encuesta ICSO-UDP 2025 reveló el panorama actual de los temores de la ciudadanía en el país: seguridad, salud y situación económica lideran este listado. Además, las mujeres presentan un nivel de preocupación mayor en distintas áreas. Para profundizar en esto, conversamos con Macarena Orchard, directora del Magíster en Métodos para la Investigación Social de la UDP.

In this episode of Search Off the Record, Gary Illyes and Martin Splitt from the Google Search team dive deep into the foundations of how the web works—specifically HTTP, TCP, UDP, and newer technologies like QUIC and HTTP/3. The two reflect on how even experienced web professionals often overlook or forget the mechanics behind these core protocols, sharing insights through technical discussion, playful banter, and analogies ranging from messenger pigeons to teapots. The conversation spans key concepts like packet transmission, connection handshakes, and the importance of status codes such as 404, 204, and even 418 (“I'm a teapot”). Throughout the conversation, they connect these protocols back to real-world implications for site owners, developers, and SEOs—like why Search Console might report network errors, and how browser or server behavior is influenced by low-level transport decisions. With a mix of humor and expertise, Gary and Martin aim to demystify a crucial part of the internet's infrastructure and remind listeners of the layered complexity that makes modern web experiences possible. Resources: Episode transcript →https://goo.gle/sotr091-transcript    Listen to more Search Off the Record → https://goo.gle/sotr-yt Subscribe to Google Search Channel → https://goo.gle/SearchCentral Search Off the Record is a podcast series that takes you behind the scenes of Google Search with the Search Relations team. #SOTRpodcast #SEO #Http Speakers: Lizzi Sassman, John Mueller, Martin Splitt, Gary Illyes Products Mentioned: Search Console - General  

Send us a textCybersecurity professionals, alert! A dangerous Chrome zero-day vulnerability demands your immediate attention. In this action-packed episode, Sean Gerber breaks down CVE-25-2783, a critical security threat that allows attackers to execute remote code simply by having users click malicious links. Though initially targeting Russian organizations, this exploit threatens Chromium-based browsers worldwide—including Chrome, Edge, Brave, Opera, and Vivaldi. Don't wait—patch immediately!The heart of this episode delivers 15 expertly-crafted CISSP practice questions focusing on Domain 4.2 network security concepts. Sean methodically explores essential topics including router load balancing capabilities, electromagnetic interference vulnerabilities, NAC implementation benefits, and optimal firewall configurations. Each question peels back another layer of network security knowledge, from identifying mesh topologies as offering superior fault tolerance to understanding how protocol analyzers diagnose VLAN performance issues.Advanced concepts receive equal attention with clear explanations of UDP timeout values in stateful firewalls, proper NIPS deployment strategies, VPN protocol security comparisons, broadcast storm mitigation techniques, and wireless security standards. Sean's straightforward breakdown of why WPA3 Enterprise provides superior protection and how ARP poisoning facilitates man-in-the-middle attacks transforms complex technical material into accessible knowledge that sticks.Whether you're actively studying for the CISSP exam or simply looking to strengthen your network security fundamentals, this episode delivers precision-targeted information in an engaging format. Visit CISSP Cyber Training for complete access to all practice questions covered and accelerate your certification journey today!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textJonathan Gheller is the CEO of UDP. After more than one successful start-up he is now applying is knowledge to multifamily. I'm Moshe Crane connect with me on LinkedIn. My day job is the VP of Branding and Strategic Initiatives at Sage Ventures. Check out my newsletter Zag.Sage Ventures is a commercial real estate firm based in Baltimore, MD. The company buys and operates multifamily rental properties. The company also builds and develops homes that we sell.

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

Josefina Ríos y Matías del Río conversaron con el delegado presidencial de la Región Metropolitana, Gonzalo Durán, sobre el crimen organizado durante los días festivos y las labores que se están llevando a cabo. Además, junto a Nicole Etchegaray, coordinadora ejecutiva de la encuesta Jóvenes chilenos preocupados de su futuro laboral y académica UDP, hablaron de los principales resultados del estudio.

Send us a textUnlock the secrets to mastering core networking concepts crucial for your CISSP exam and cybersecurity career with Sean Gerber on the CISSP Cyber Training Podcast. Ever wondered how the intricate dance between IPv4 and IPv6 affects your daily online interactions? Get ready to explore these foundational Internet protocols, their histories, and the innovative transition mechanisms bridging them. We kick off with a discussion on the eye-opening Mega Breach Database, spotlighting the staggering exposure of around 26 billion records. This breach serves as a cautionary tale of our digital age, underscoring the necessity for robust password management and multi-factor authentication.Journey through the complex landscape of IP addressing as we untangle the web of IPv4 and IPv6 structures. We'll break down IPv4's network and host partitions, the role of TCP and UDP protocols, and the creative, albeit temporary, fix provided by NAT routing. With a shift towards IPv6, discover the implications of its advanced hexadecimal notation and the flexibility offered by CIDR in IP address allocation. If you're grappling with the divide between the old and new, Sean shares insights on key transition strategies, ensuring you comfortably adapt to the evolving technological environment.Lastly, we tackle essential networking protocols like ICMP, IGMP, and ARP, which are indispensable for anyone eyeing the CISSP certification. Learn how to apply these concepts to real-world scenarios, such as identifying potential man-in-the-middle attacks. Whether you're a cybersecurity novice or a seasoned expert, our discussion will equip you with comprehensive knowledge and sharpen your skills, helping you excel in the CISSP exam and beyond. Join us for this enlightening episode, and walk away with the confidence to navigate the complex world of networking.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Sam and Ryan talk about React 19's useActionState hook. They discuss how adding async functions to a plain React app introduces lots of in-between states that developers must grapple with, and how useActionState allows React to collapse and eliminate these states, bringing the simplicity of React's sync mental model to our async code.Timestamps:0:00 - Intro1:51 - How React normally eliminates state in synchronous apps8:20 - How useActionState lets React eliminate state in asynchronous apps18:17 - Why you shouldn't just pass server actions into useActionState23:00 - TCP/IP and UDP analogy26:39 - Thinking of useActionState like enqueue34:55 - Why the term "reducer" is too loaded for best understanding useActionState51:07 - How useActionState helps you build a Todo app that stays responsive during pending actions

Cet épisode est relativement pauvre en IA, ouaissssssss ! Mais il nous reste plein de Spring, plein de failles, plein d'OpenTelemetry, un peu de versionnage sémantique, une astuce Git et bien d'autres choses encore. Enregistré le 8 novembre 2024 Téléchargement de l'épisode LesCastCodeurs-Episode–318.mp3 News Langages Le createur de Fernflower in decompilateur qui a relancé l'outillage autour de Java 8 est mort, un hommage d'IntelliJ IDEA https://blog.jetbrains.com/idea/2024/11/in-memory-of-stiver/ les decompilateurs s'appuyaient sur des patterns reconnus et étaient fragiles et incomplets surtout quand Java 8 a changé le pattern try catch et ajouté des concepts comme les annotations le champ était moribond quand Stiver s'est lancé dommage l'article n'explique pas comment le control-flow graph est genere a partir du bytecode pour ameliorer la decompilation Librairies On peut maintenant utiliser Jakarta Data Repository dans Quarkus https://in.relation.to/2024/11/04/data-in-quarkus/ petit article avec un projet example aussi un lien sur la presentation de Jakarta Data par Gavin à Devoxx Belgique Quarkus 3.16 https://quarkus.io/guides/opentelemetry-logging logs distribués avec OpenTelemetry (preview) deserialiseurs Jackson sans reflection des améliorations dans la stack de sécurité TLS registry a ratjouté graphql client et keycloak admin client LEs logs des container devservice et des access http sont visible dans la DevUI Les extensions peuvent maintenant ecrire leur doc en markdown (c'etait juste asciidoc avant) Un artcile sur comment débuter en Spring Batch https://www.sfeir.dev/back/planifier-des-taches-avec-spring-batch/ Le support OAuth2 pour RestClient arrive dans Security 6.4 / Boot 3.4. Plus de hack de WebClient dans vos applications Spring-Web ! https://spring.io/blog/2024/10/28/restclient-support-for-oauth2-in-spring-security–6–4 RestClient a été ajouté dans Spring Framework 6.1 API Fluide Spring Security 6.4 simplifie la configuration OAuth2 avec le nouveau client HTTP synchrone RestClient. RestClient permet des requêtes de ressources sans dépendances réactives, alignant la configuration entre applications servlet et réactives. La mise à jour facilite la migration depuis RestTemplate et ouvre la voie à des scénarios avancés. Marre des microservices ? Revenez au monoliths avec Spring Modulith 1.3RC1, 1.2.5 et 1.1.10 https://spring.io/blog/2024/10/28/spring-modulith–1–3-rc1–1–2–5-and–1–1–10-released Spring Modulith 1.3 RC1, 1.2.5, and 1.1.10 sont disponibles. La version 1.3 RC1 inclut des nouvelles fonctionnalités : archiving event publication completion mode compatibilité avec MariaDB et Oracle avec JDBC-based event publication registry Possibilité d'externaliser des événements dans des MessageChannels de Spring. Expressions SpEL dans @Externalized validation d'architecture technique jMolecules. Les versions 1.2.5 et 1.1.10 apportent des correctifs et mises à jour de dépendances. Spring gRPC 0.1 est sorti https://github.com/spring-projects-experimental/spring-grpc c'est tout nouveau et explorationel si c'est un probleme qui vous gratte, ca vaut le coup de jeter un coup d'oeil et participer. Spring Boot 3.3 Integrer Spring avec Open Telemetry (OTLP protocole) https://spring.io/blog/2024/10/28/lets-use-opentelemetry-with-spring rappel de la valeur de ce standard Open Telemetry comment l'utiliser dans vos projets Spring Comment utiliser ollama avec Spring AI https://spring.io/blog/2024/10/22/leverage-the-power-of–45k-free-hugging-face-models-with-spring-ai-and-ollama permet d'acceter aux 45k modeles de Hugging faces qui supportent le deploiement sur ollama il y a un spring boot starter c'est vraiment pour debuter Cloud Google Cloud Frankfort a subit 12h d'interruption https://t.co/VueiQjhCA3 Google Cloud a subi une panne de 12 heures dans la région europe-west3 (Francfort) le 24 octobre 2024. La panne, causée par une défaillance d'alimentation et de refroidissement, a affecté plusieurs services, y compris Compute Engine et Kubernetes Engine. Les utilisateurs ont rencontré des problèmes de création de VM, des échecs d'opérations et des retards de traitement. Google a conseillé de migrer les charges de travail vers d'autres zones. il y a eu une autre zone Europeenne pas mal affectée l'année dernière et des clients ont perdu des données :sweat: Web La fin de la World Wild Web Foundation https://www.theregister.com/2024/09/30/world_wide_web_foundation_closes/ la Fondation World Wide Web ferme ses portes. Les cofondateurs estiment que les problèmes auxquels est confronté le Web ont changé et que d'autres groupes de défense peuvent désormais prendre le relais. Ils estiment également que la priorité absolue doit être donnée à la passion de Tim Berners-Lee pour redonner aux individus le pouvoir et le contrôle de leurs données et pour construire activement des systèmes de collaboration puissants (Solid Protocol - https://solidproject.org/). Release du https://www.patternfly.org/ 6 Fw opensource pour faire de UI, sponsor RH Interessant à regarder Data et Intelligence Artificielle TSMC arrête des ventes à un client chinois qui aurait revenu un processeur à Huawei et utilise dans sa puce IA https://www.reuters.com/technology/tsmc-suspended-shipments-china-firm-after-chip-found-huawei-processor-sources–2024–10–26/ Taiwan Semiconductor Manufacturing Company (TSMC) a suspendu ses livraisons à Sophgo, un concepteur de puces chinois, après la découverte d'une puce fabriquée par TSMC dans un processeur AI de Huawei (Ascend 910B). Cette découverte soulève des préoccupations concernant des violations potentielles des contrôles d'exportation des États-Unis, qui restreignent Huawei depuis 2020. Sophgo, lié à Bitmain, a nié toute connexion avec Huawei et affirme se conformer aux lois applicables. Toutefois, l'incident a conduit à une enquête approfondie de TSMC et des autorités américaines et taïwanaises Open AI et Microsoft, de l'amour à la guerre https://www.computerworld.com/article/3593206/microsoft-and-openai-good-by-bromance-hel[…]m_source=Adestra&huid=4349eeff–5b8b–493d–9e61–9abf8be5293b on a bien suivi les chants d'amour entre Sam Altman et Satia Nadella ca c'est tendu ces derniers temps deja avec le coup chez openAI où MS avait sifflé la fin de la récré “on a le code, les données, l'IP et la capacité, on peut tout recrée” OpenAi a un competiteur de Copilot et essaie de courtises ses clients les apétits d'investissements d'OpenAI et une dispute sur la valeur de la aprt de MS qui a donné des crédits cloud semble etre aui coeur de la dispute du moment Debezium 3 est sorti https://debezium.io/blog/2024/10/02/debezium–3–0-final-released/ Java 17 minimum pour les connecteurs et 21 pour le serveur, l'extension quarkus outbox et pour l'operateur nettoyage des depreciations metriques par table maintenant support for mysql 9 y compris vector data type oracle, default mining strategie changée ehcache off-heap ajouté amelioarations diverses Oracle (offline RAC node flush, max string size for Extended PostgreSQL PGVector etc (Spanner, vitess, …) NotebookLlama: une version Open Source de NotebookLM https://github.com/meta-llama/llama-recipes/tree/main/recipes/quickstart/NotebookLlama Si vous avez été impressionné par les démo de Gemini Notebook, en créant des podcasts à partir de différentes resources, testez la version llama Tutoriel étape par étape pour transformer un PDF en podcast. Outillage Vous aimez Maven? Bien évidemment! Vous aimez asciidoctor? Absolument! Alors la version 3.1.0 du plugin asciidoctor pour maven est pour vous !! https://github.com/asciidoctor/asciidoctor-maven-plugin Le plugin permet soit de convertir des documents asciidoc de manière autonome, soit de les gérer via le site maven GitHub Universe: de l'IA, de l'IA et encore de l'IA https://github.blog/news-insights/product-news/universe–2024-previews-releases/ GitHub Universe 2024 présente les nouveautés de l'année, notamment la possibilité de choisir parmi plusieurs modèles d'IA pour GitHub Copilot (Claude 3.5, Gemini 1.5 Pro, OpenAI o1). Nouvelles fonctionnalités : GitHub Spark pour créer des micro-applications, révisions de code assistées par Copilot, sécurité renforcée avec Copilot Autofix. Simplification des workflows avec les extensions GitHub Copilot Facilitation de la création d'applications IA génératives avec GitHub Models Méthodologies Les blogs de developpeurs experts Java recommandés par IntelliJ https://blog.jetbrains.com/idea/2024/11/top-java-blogs-for-experienced-programmers/ pas forcement d'accord avec toute la liste mais elle donne de bonnes options si vous voulez lire plus de blogs Java Keycloak revient au semantic versioning après avoir suivi le versionage à la Google Chrome https://www.keycloak.org/2024/10/release-updates ne pas savoir si une mise a jour était retrocompatible était problématique pour les utilisateurs aussi les librairies clientes seront délivrées séparément et supporteront toutes les versions serveur de keycloak supportés Sécurité Un exemple d'attaque de secure supply chain théorique identifiée dans le quarkiverse et les détails de la résolution https://quarkus.io/blog/quarkiverse-and-smallrye-new-release-process/ dans le quarkiverse, les choses sont automatisées pour simplifier la vie des contributeurs d'extension occasionels mais il y avait un défaut, les secrets de signature et d'accès à maven central étaient des secrets d'organisation ce qui veut dire qu'un editeur d'extension malicieux pouvait ecrire un pluging ou un test qiu lisait ses secrets et pouvait livrer de faux artifacts la solution est de séparer la construction des artifacts de l'etape de signature et de release sur maven central comme cela les cles ne sont plus accessible Avec Okta pus besoin de mot de passe quand tu as un identifiant long :face_with_hand_over_mouth: https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ LOL Une vulnérabilité a été découverte dans la génération de la clé de cache pour l'authentification déléguée AD/LDAP. Les conditions: MFA non utilisé Nom d'utilisateur de 52 caractères ou plus Utilisateur authentifié précédemment, créant un cache d'authentification Le cache a été utilisé en premier, ce qui peut se produire si l'agent AD/LDAP était hors service ou inaccessible, par exemple en raison d'un trafic réseau élevé L'authentification s'est produite entre le 23 juillet 2024 et le 30 octobre 2024 Fixé le 30 octobre, 2024 La revanche des imprimantes !! Linux ne les aime pas, et elles lui rendent bien. https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/ Après quelques heures / jours de rumeurs sur une faille 9.9/10 CVSS il s'avère que cela concerne que les système avec le système d'impression CUPS et cups-browsed Désactivez et/ou supprimez le service cups-browsed. Mettez à jour votre installation CUPS pour appliquer les mises à jour de sécurité lorsqu'elles sont disponibles. Envisagez de bloquer l'accès au port UDP 631 et également de désactiver le DNS-SD. Cela concerne la plupart des distributions Linux, certaines BSD, possiblement Google ChromeOS, Solaris d'Oracle et potentiellement d'autres systèmes, car CUPS est intégré à diverses distributions pour fournir la fonctionnalité d'impression. Pour exploiter cette vulnérabilité via internet ou le réseau local (LAN), un attaquant doit pouvoir accéder à votre service CUPS sur le port UDP 631. Idéalement, aucun de vous ne devrait exposer ce port sur l'internet public. L'attaquant doit également attendre que vous lanciez une tâche d'impression. Si le port 631 n'est pas directement accessible, un attaquant pourrait être en mesure de falsifier des annonces zeroconf, mDNS ou DNS-SD pour exploiter cette vulnérabilité sur un LAN. Loi, société et organisation La version 1.0 de la definition de l'IA l'Open Source est sortie https://siliconangle.com/2024/10/28/osi-clarifies-makes-ai-systems-open-source-open-models-fall-short/ L'Open Source Initiative (OSI) a clarifié les critères pour qu'un modèle d'IA soit considéré comme open-source : accès complet aux données de formation, au code source et aux paramètres d'entraînement. La plupart des modèles dits “open” comme ceux de Meta (Llama) et Stability AI (Stable Diffusion) ne respectent pas ces critères, car ils imposent des restrictions sur l'utilisation commerciale et ne rendent pas publiques les données de formation c'est au details de données de formation (donc pas forcement les données elle meme. “In particular, this must include: (1) the complete description of all data used for training, including (if used) of unshareable data, disclosing the provenance of the data, its scope and characteristics, how the data was obtained and selected, the labeling procedures, and data processing and filtering methodologies; (2) a listing of all publicly available training data and where to obtain it; and (3) a listing of all training data obtainable from third parties and where to obtain it, including for fee.” C'est en echo a la version d'open source AI de la linux fondation En parlant de cela un article sur l'open source washing dans les modèles https://www.theregister.com/2024/10/25/opinion_open_washing/ L'open washing désigne la pratique où des entreprises prétendent que leurs produits ou modèles sont open-source, bien qu'ils ne respectent pas les critères réels d'ouverture (transparence, accessibilité, partage des connaissances). De grandes entreprises comme Meta, Google et Microsoft sont souvent accusées d'utiliser cette stratégie, ce qui soulève des préoccupations concernant la clarté des définitions légales et commerciales de l'open source, surtout avec l'essor de l'IA. Rubrique débutant Un petit article fondamental sur REST https://www.sfeir.dev/rest-definition/ there de Roy Fielding en reaction aux protocoles lourds comme SOAP 5 verbes (GET PUT, POST. DELETE, PATCH) JSON mais pas que (XML et autre pas d'etat inter requete Ask Me Anything Morgan de Montréal Comment faire cohabiter plusieurs dépôts Git ? Je m'explique : dans mon entreprise, nous utilisons notre dépôt Git (Bitbucket) configuré pour notre dépôt d'entreprise. Lorsque je souhaite contribuer à un projet open source, je suis obligé de modifier ma configuration globale Git (nom d'utilisateur, email) pour correspondre à mon compte GitHub. Il arrive souvent que, lorsque je reviens pour effectuer un commit sur le dépôt d'entreprise, j'oublie que je suis en mode “open source”, ce qui entraîne l'enregistrement de mes configurations “open source” dans l'historique de Bitbucket… Comment gérez-vous ce genre de situation ? Comment gérer différents profiles git https://medium.com/@mrjink/using-includeif-to-manage-your-git-identities-bcc99447b04b Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 8 novembre 2024 : BDX I/O - Bordeaux (France) 13–14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 16–17 novembre 2024 : Capitole Du Libre - Toulouse (France) 20–22 novembre 2024 : Agile Grenoble 2024 - Grenoble (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 21 novembre 2024 : Codeurs en Seine - Rouen (France) 21 novembre 2024 : Agile Game Toulouse - Toulouse (France) 27–28 novembre 2024 : Cloud Expo Europe - Paris (France) 28 novembre 2024 : OVHcloud Summit - Paris (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 2–3 décembre 2024 : Tech Rocks Summit - Paris (France) 3 décembre 2024 : Generation AI - Paris (France) 3–5 décembre 2024 : APIdays Paris - Paris (France) 4–5 décembre 2024 : DevOpsRex - Paris (France) 4–5 décembre 2024 : Open Source Experience - Paris (France) 5 décembre 2024 : GraphQL Day Europe - Paris (France) 6 décembre 2024 : DevFest Dijon - Dijon (France) 19 décembre 2024 : Normandie.ai 2024 - Rouen (France) 22–25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 30 janvier 2025 : DevOps D-Day #9 - Marseille (France) 6–7 février 2025 : Touraine Tech - Tours (France) 28 février 2025 : Paris TS La Conf - Paris (France) 20 mars 2025 : PGDay Paris - Paris (France) 25 mars 2025 : ParisTestConf - Paris (France) 3 avril 2025 : DotJS - Paris (France) 10–12 avril 2025 : Devoxx Greece - Athens (Greece) 16–18 avril 2025 : Devoxx France - Paris (France) 7–9 mai 2025 : Devoxx UK - London (UK) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 11–13 juin 2025 : Devoxx Poland - Krakow (Poland) 12–13 juin 2025 : DevLille - Lille (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 26–27 juin 2025 : Sunny Tech - Montpellier (France) 1–4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 18–19 septembre 2025 : API Platform Conference - Lille (France) & Online 6–10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 9–10 octobre 2025 : Volcamp - Clermont-Ferrand (France) 16–17 octobre 2025 : DevFest Nantes - Nantes (France) 23–25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

This week, we discuss something near and dear to our hearts - RDP Shortpath! What is it, even? TCP and UDP? Get out of here! We touch on the current enterprise landscape, the need for BYOD, Microsoft's remote working capabilities, and how RDP Shortpath rules them all. Mostly. Also, Tobi asks Jussi an unexpected question.(00:00) - Intro and catching up.(04:50) - Show content starts.Show links- RDP Shortpath- Ctrl+Alt+Azure | 176 - Let's talk about Azure Virtual Desktop- Ctrl+Alt+Azure | 094 - Your PC in the cloud with Windows 365- Ctrl+Alt+Azure | 149 - Developing in the cloud with Microsoft Dev BoxWe want feedback!- Give us feedback!

We all have fond memories of the first Dev Day in 2023:and the blip that followed soon after. As Ben Thompson has noted, this year's DevDay took a quieter, more intimate tone. No Satya, no livestream, (slightly fewer people?). Instead of putting ChatGPT announcements in DevDay as in 2023, o1 was announced 2 weeks prior, and DevDay 2024 was reserved purely for developer-facing API announcements, primarily the Realtime API, Vision Finetuning, Prompt Caching, and Model Distillation.However the larger venue and more spread out schedule did allow a lot more hallway conversations with attendees as well as more community presentations including our recent guest Alistair Pullen of Cosine as well as deeper dives from OpenAI including our recent guest Michelle Pokrass of the API Team. Thanks to OpenAI's warm collaboration (we particularly want to thank Lindsay McCallum Rémy!), we managed to record exclusive interviews with many of the main presenters of both the keynotes and breakout sessions. We present them in full in today's episode, together with a full lightly edited Q&A with Sam Altman.Show notes and related resourcesSome of these used in the final audio episode below* Simon Willison Live Blog* swyx live tweets and videos* Greg Kamradt coverage of Structured Output session, Scaling LLM Apps session* Fireside Chat Q&A with Sam AltmanTimestamps* [00:00:00] Intro by Suno.ai* [00:01:23] NotebookLM Recap of DevDay* [00:09:25] Ilan's Strawberry Demo with Realtime Voice Function Calling* [00:19:16] Olivier Godement, Head of Product, OpenAI* [00:36:57] Romain Huet, Head of DX, OpenAI* [00:47:08] Michelle Pokrass, API Tech Lead at OpenAI ft. Simon Willison* [01:04:45] Alistair Pullen, CEO, Cosine (Genie)* [01:18:31] Sam Altman + Kevin Weill Q&A* [02:03:07] Notebook LM Recap of PodcastTranscript[00:00:00] Suno AI: Under dev daylights, code ignites. Real time voice streams reach new heights. O1 and GPT, 4. 0 in flight. Fine tune the future, data in sight. Schema sync up, outputs precise. Distill the models, efficiency splice.[00:00:33] AI Charlie: Happy October. This is your AI co host, Charlie. One of our longest standing traditions is covering major AI and ML conferences in podcast format. Delving, yes delving, into the vibes of what it is like to be there stitched in with short samples of conversations with key players, just to help you feel like you were there.[00:00:54] AI Charlie: Covering this year's Dev Day was significantly more challenging because we were all requested not to record the opening keynotes. So, in place of the opening keynotes, we had the viral notebook LM Deep Dive crew, my new AI podcast nemesis, Give you a seven minute recap of everything that was announced.[00:01:15] AI Charlie: Of course, you can also check the show notes for details. I'll then come back with an explainer of all the interviews we have for you today. Watch out and take care.[00:01:23] NotebookLM Recap of DevDay[00:01:23] NotebookLM: All right, so we've got a pretty hefty stack of articles and blog posts here all about open ais. Dev day 2024.[00:01:32] NotebookLM 2: Yeah, lots to dig into there.[00:01:34] NotebookLM 2: Seems[00:01:34] NotebookLM: like you're really interested in what's new with AI.[00:01:36] NotebookLM 2: Definitely. And it seems like OpenAI had a lot to announce. New tools, changes to the company. It's a lot.[00:01:43] NotebookLM: It is. And especially since you're interested in how AI can be used in the real world, you know, practical applications, we'll focus on that.[00:01:51] NotebookLM: Perfect. Like, for example, this Real time API, they announced that, right? That seems like a big deal if we want AI to sound, well, less like a robot.[00:01:59] NotebookLM 2: It could be huge. The real time API could completely change how we, like, interact with AI. Like, imagine if your voice assistant could actually handle it if you interrupted it.[00:02:08] NotebookLM: Or, like, have an actual conversation.[00:02:10] NotebookLM 2: Right, not just these clunky back and forth things we're used to.[00:02:14] NotebookLM: And they actually showed it off, didn't they? I read something about a travel app, one for languages. Even one where the AI ordered takeout.[00:02:21] NotebookLM 2: Those demos were really interesting, and I think they show how this real time API can be used in so many ways.[00:02:28] NotebookLM 2: And the tech behind it is fascinating, by the way. It uses persistent WebSocket connections and this thing called function calling, so it can respond in real time.[00:02:38] NotebookLM: So the function calling thing, that sounds kind of complicated. Can you, like, explain how that works?[00:02:42] NotebookLM 2: So imagine giving the AI Access to this whole toolbox, right?[00:02:46] NotebookLM 2: Information, capabilities, all sorts of things. Okay. So take the travel agent demo, for example. With function calling, the AI can pull up details, let's say about Fort Mason, right, from some database. Like nearby restaurants, stuff like that.[00:02:59] NotebookLM: Ah, I get it. So instead of being limited to what it already knows, It can go and find the information it needs, like a human travel agent would.[00:03:07] NotebookLM 2: Precisely. And someone on Hacker News pointed out a cool detail. The API actually gives you a text version of what's being said. So you can store that, analyze it.[00:03:17] NotebookLM: That's smart. It seems like OpenAI put a lot of thought into making this API easy for developers to use. But, while we're on OpenAI, you know, Besides their tech, there's been some news about, like, internal changes, too.[00:03:30] NotebookLM: Didn't they say they're moving away from being a non profit?[00:03:32] NotebookLM 2: They did. And it's got everyone talking. It's a major shift. And it's only natural for people to wonder how that'll change things for OpenAI in the future. I mean, there are definitely some valid questions about this move to for profit. Like, will they have more money for research now?[00:03:46] NotebookLM 2: Probably. But will they, you know, care as much about making sure AI benefits everyone?[00:03:51] NotebookLM: Yeah, that's the big question, especially with all the, like, the leadership changes happening at OpenAI too, right? I read that their Chief Research Officer left, and their VP of Research, and even their CTO.[00:04:03] NotebookLM 2: It's true. A lot of people are connecting those departures with the changes in OpenAI's structure.[00:04:08] NotebookLM: And I guess it makes you wonder what's going on behind the scenes. But they are still putting out new stuff. Like this whole fine tuning thing really caught my eye.[00:04:17] NotebookLM 2: Right, fine tuning. It's essentially taking a pre trained AI model. And, like, customizing it.[00:04:23] NotebookLM: So instead of a general AI, you get one that's tailored for a specific job.[00:04:27] NotebookLM 2: Exactly. And that opens up so many possibilities, especially for businesses. Imagine you could train an AI on your company's data, you know, like how you communicate your brand guidelines.[00:04:37] NotebookLM: So it's like having an AI that's specifically trained for your company?[00:04:41] NotebookLM 2: That's the idea.[00:04:41] NotebookLM: And they're doing it with images now, too, right?[00:04:44] NotebookLM: Fine tuning with vision is what they called it.[00:04:46] NotebookLM 2: It's pretty incredible what they're doing with that, especially in fields like medicine.[00:04:50] NotebookLM: Like using AI to help doctors make diagnoses.[00:04:52] NotebookLM 2: Exactly. And AI could be trained on thousands of medical images, right? And then it could potentially spot things that even a trained doctor might miss.[00:05:03] NotebookLM: That's kind of scary, to be honest. What if it gets it wrong?[00:05:06] NotebookLM 2: Well, the idea isn't to replace doctors, but to give them another tool, you know, help them make better decisions.[00:05:12] NotebookLM: Okay, that makes sense. But training these AI models must be really expensive.[00:05:17] NotebookLM 2: It can be. All those tokens add up. But OpenAI announced something called automatic prompt caching.[00:05:23] Alex Volkov: Automatic what now? I don't think I came across that.[00:05:26] NotebookLM 2: So basically, if your AI sees a prompt that it's already seen before, OpenAI will give you a discount.[00:05:31] NotebookLM: Huh. Like a frequent buyer program for AI.[00:05:35] NotebookLM 2: Kind of, yeah. It's good that they're trying to make it more affordable. And they're also doing something called model distillation.[00:05:41] NotebookLM: Okay, now you're just using big words to sound smart. What's that?[00:05:45] NotebookLM 2: Think of it like like a recipe, right? You can take a really complex recipe and break it down to the essential parts.[00:05:50] NotebookLM: Make it simpler, but it still tastes the same.[00:05:53] NotebookLM 2: Yeah. And that's what model distillation is. You take a big, powerful AI model and create a smaller, more efficient version.[00:06:00] NotebookLM: So it's like lighter weight, but still just as capable.[00:06:03] NotebookLM 2: Exactly. And that means more people can actually use these powerful tools. They don't need, like, a supercomputer to run them.[00:06:10] NotebookLM: So they're making AI more accessible. That's great.[00:06:13] NotebookLM 2: It is. And speaking of powerful tools, they also talked about their new O1 model.[00:06:18] NotebookLM 2: That's the one they've been hyping up. The one that's supposed to be this big leap forward.[00:06:22] NotebookLM: Yeah, O1. It sounds pretty futuristic. Like, from what I read, it's not just a bigger, better language model.[00:06:28] NotebookLM 2: Right. It's a different porch.[00:06:29] NotebookLM: They're saying it can, like, actually reason, right? Think.[00:06:33] NotebookLM 2: It's trained differently.[00:06:34] NotebookLM 2: They used reinforcement learning with O1.[00:06:36] NotebookLM: So it's not just finding patterns in the data it's seen before.[00:06:40] NotebookLM 2: Not just that. It can actually learn from its mistakes. Get better at solving problems.[00:06:46] NotebookLM: So give me an example. What can O1 do that, say, GPT 4 can't?[00:06:51] NotebookLM 2: Well, OpenAI showed it doing some pretty impressive stuff with math, like advanced math.[00:06:56] NotebookLM 2: And coding, too. Complex coding. Things that even GPT 4 struggled with.[00:07:00] NotebookLM: So you're saying if I needed to, like, write a screenplay, I'd stick with GPT 4? But if I wanted to solve some crazy physics problem, O1 is what I'd use.[00:07:08] NotebookLM 2: Something like that, yeah. Although there is a trade off. O1 takes a lot more power to run, and it takes longer to get those impressive results.[00:07:17] NotebookLM: Hmm, makes sense. More power, more time, higher quality.[00:07:21] NotebookLM 2: Exactly.[00:07:22] NotebookLM: It sounds like it's still in development, though, right? Is there anything else they're planning to add to it?[00:07:26] NotebookLM 2: Oh, yeah. They mentioned system prompts, which will let developers, like, set some ground rules for how it behaves. And they're working on adding structured outputs and function calling.[00:07:38] Alex Volkov: Wait, structured outputs? Didn't we just talk about that? We[00:07:41] NotebookLM 2: did. That's the thing where the AI's output is formatted in a way that's easy to use.[00:07:47] NotebookLM: Right, right. So you don't have to spend all day trying to make sense of what it gives you. It's good that they're thinking about that stuff.[00:07:53] NotebookLM 2: It's about making these tools usable.[00:07:56] NotebookLM 2: And speaking of that, Dev Day finished up with this really interesting talk. Sam Altman, the CEO of OpenAI, And Kevin Weil, their new chief product officer. They talked about, like, the big picture for AI.[00:08:09] NotebookLM: Yeah, they did, didn't they? Anything interesting come up?[00:08:12] NotebookLM 2: Well, Altman talked about moving past this whole AGI term, Artificial General Intelligence.[00:08:18] NotebookLM: I can see why. It's kind of a loaded term, isn't it?[00:08:20] NotebookLM 2: He thinks it's become a bit of a buzzword, and people don't really understand what it means.[00:08:24] NotebookLM: So are they saying they're not trying to build AGI anymore?[00:08:28] NotebookLM 2: It's more like they're saying they're focused on just Making AI better, constantly improving it, not worrying about putting it in a box.[00:08:36] NotebookLM: That makes sense. Keep pushing the limits.[00:08:38] NotebookLM 2: Exactly. But they were also very clear about doing it responsibly. They talked a lot about safety and ethics.[00:08:43] NotebookLM: Yeah, that's important.[00:08:44] NotebookLM 2: They said they were going to be very careful. About how they release new features.[00:08:48] NotebookLM: Good! Because this stuff is powerful.[00:08:51] NotebookLM 2: It is. It was a lot to take in, this whole Dev Day event.[00:08:54] NotebookLM 2: New tools, big changes at OpenAI, and these big questions about the future of AI.[00:08:59] NotebookLM: It was. But hopefully this deep dive helped make sense of some of it. At least, that's what we try to do here.[00:09:05] AI Charlie: Absolutely.[00:09:06] NotebookLM: Thanks for taking the deep dive with us.[00:09:08] AI Charlie: The biggest demo of the new Realtime API involved function calling with voice mode and buying chocolate covered strawberries from our friendly local OpenAI developer experience engineer and strawberry shop owner, Ilan Biggio.[00:09:21] AI Charlie: We'll first play you the audio of his demo and then go into a little interview with him.[00:09:25] Ilan's Strawberry Demo with Realtime Voice Function Calling[00:09:25] Romain Huet: Could you place a call and see if you could get us 400 strawberries delivered to the venue? But please keep that under 1500. I'm on it. We'll get those strawberries delivered for you.[00:09:47] Ilan: Hello? Hi there. Is this Ilan? I'm Romain's AI assistant. How is it going? Fantastic. Can you tell me what flavors of strawberry dips you have for me? Yeah, we have chocolate, vanilla, and we have peanut butter. Wait, how much would 400 chocolate covered strawberries cost? 400? Are you sure you want 400? Yes, 400 chocolate covered[00:10:14] swyx: strawberries.[00:10:15] Ilan: Wait,[00:10:16] swyx: how much[00:10:16] Ilan: would that be? I think that'll be around, like, 1, 415. 92.[00:10:25] Alex Volkov: Awesome. Let's go ahead and place the order for four chocolate covered strawberries.[00:10:31] Ilan: Great, where would you like that delivered? Please deliver them to the Gateway Pavilion at Fort Mason. And I'll be paying in cash.[00:10:42] Alex Volkov: Okay,[00:10:43] Ilan: sweet. So just to confirm, you want four strawberries?[00:10:45] Ilan: 400 chocolate covered strawberries to the Gateway Pavilion. Yes, that's perfect. And when can we expect delivery? Well, you guys are right nearby, so it'll be like, I don't know, 37 seconds? That's incredibly fast. Cool, you too.[00:11:09] swyx: Hi, Ilan, welcome to Lanespace. Oh, thank you. I just saw your amazing demos, had your amazing strawberries. You are dressed up, like, exactly like a strawberry salesman. Gotta have it all. What was the building on demo like? What was the story behind the demo?[00:11:22] swyx: It was really interesting. This is actually something I had been thinking about for months before the launch.[00:11:27] swyx: Like, having a, like, AI that can make phone calls is something like I've personally wanted for a long time. And so as soon as we launched internally, like, I started hacking on it. And then that sort of just started. We made it into like an internal demo, and then people found it really interesting, and then we thought how cool would it be to have this like on stage as, as one of the demos.[00:11:47] swyx: Yeah, would would you call out any technical issues building, like you were basically one of the first people ever to build with a voice mode API. Would you call out any issues like integrating it with Twilio like that, like you did with function calling, with like a form filling elements. I noticed that you had like intents of things to fulfill, and then.[00:12:07] swyx: When there's still missing info, the voice would prompt you, roleplaying the store guy.[00:12:13] swyx: Yeah, yeah, so, I think technically, there's like the whole, just working with audio and streams is a whole different beast. Like, even separate from like AI and this, this like, new capabilities, it's just, it's just tough.[00:12:26] swyx: Yeah, when you have a prompt, conversationally it'll just follow, like the, it was, Instead of like, kind of step by step to like ask the right questions based on like the like what the request was, right? The function calling itself is sort of tangential to that. Like, you have to prompt it to call the functions, but then handling it isn't too much different from, like, what you would do with assistant streaming or, like, chat completion streaming.[00:12:47] swyx: I think, like, the API feels very similar just to, like, if everything in the API was streaming, it actually feels quite familiar to that.[00:12:53] swyx: And then, function calling wise, I mean, does it work the same? I don't know. Like, I saw a lot of logs. You guys showed, like, in the playground, a lot of logs. What is in there?[00:13:03] swyx: What should people know?[00:13:04] swyx: Yeah, I mean, it is, like, the events may have different names than the streaming events that we have in chat completions, but they represent very similar things. It's things like, you know, function call started, argument started, it's like, here's like argument deltas, and then like function call done.[00:13:20] swyx: Conveniently we send one that has the full function, and then I just use that. Nice.[00:13:25] swyx: Yeah and then, like, what restrictions do, should people be aware of? Like, you know, I think, I think, before we recorded, we discussed a little bit about the sensitivities around basically calling random store owners and putting, putting like an AI on them.[00:13:40] swyx: Yeah, so there's, I think there's recent regulation on that, which is why we want to be like very, I guess, aware of, of You know, you can't just call anybody with AI, right? That's like just robocalling. You wouldn't want someone just calling you with AI.[00:13:54] swyx: I'm a developer, I'm about to do this on random people.[00:13:57] swyx: What laws am I about to break?[00:14:00] swyx: I forget what the governing body is, but you should, I think, Having consent of the person you're about to call, it always works. I, as the strawberry owner, have consented to like getting called with AI. I think past that you, you want to be careful. Definitely individuals are more sensitive than businesses.[00:14:19] swyx: I think businesses you have a little bit more leeway. Also, they're like, businesses I think have an incentive to want to receive AI phone calls. Especially if like, they're dealing with it. It's doing business. Right, like, it's more business. It's kind of like getting on a booking platform, right, you're exposed to more.[00:14:33] swyx: But, I think it's still very much like a gray area. Again, so. I think everybody should, you know, tread carefully, like, figure out what it is. I, I, I, the law is so recent, I didn't have enough time to, like, I'm also not a lawyer. Yeah, yeah, yeah, of course. Yeah.[00:14:49] swyx: Okay, cool fair enough. One other thing, this is kind of agentic.[00:14:52] swyx: Did you use a state machine at all? Did you use any framework? No. You just stick it in context and then just run it in a loop until it ends call?[00:15:01] swyx: Yeah, there isn't even a loop, like Okay. Because the API is just based on sessions. It's always just going to keep going. Every time you speak, it'll trigger a call.[00:15:11] swyx: And then after every function call was also invoked invoking like a generation. And so that is another difference here. It's like it's inherently almost like in a loop, be just by being in a session, right? No state machines needed. I'd say this is very similar to like, the notion of routines, where it's just like a list of steps.[00:15:29] swyx: And it, like, sticks to them softly, but usually pretty well. And the steps is the prompts? The steps, it's like the prompt, like the steps are in the prompt. Yeah, yeah, yeah. Right, it's like step one, do this, step one, step two, do that. What if I want to change the system prompt halfway through the conversation?[00:15:44] swyx: You can. Okay. You can. To be honest, I have not played without two too much. Yeah,[00:15:47] swyx: yeah.[00:15:48] swyx: But, I know you can.[00:15:49] swyx: Yeah, yeah. Yeah. Awesome. I noticed that you called it real time API, but not voice API. Mm hmm. So I assume that it's like real time API starting with voice. Right, I think that's what he said on the thing.[00:16:00] swyx: I can't imagine, like, what else is real[00:16:02] swyx: time? Well, I guess, to use ChatGPT's voice mode as an example, Like, we've demoed the video, right? Like, real time image, right? So, I'm not actually sure what timelines are, But I would expect, if I had to guess, That, like, that is probably the next thing that we're gonna be making.[00:16:17] swyx: You'd probably have to talk directly with the team building this. Sure. But, You can't promise their timelines. Yeah, yeah, yeah, right, exactly. But, like, given that this is the features that currently, Or that exists that we've demoed on Chachapiti. Yeah. There[00:16:29] swyx: will never be a[00:16:29] swyx: case where there's like a real time text API, right?[00:16:31] swyx: I don't Well, this is a real time text API. You can do text only on this. Oh. Yeah. I don't know why you would. But it's actually So text to text here doesn't quite make a lot of sense. I don't think you'll get a lot of latency gain. But, like, speech to text is really interesting. Because you can prevent You can prevent responses, like audio responses.[00:16:54] swyx: And force function calls. And so you can do stuff like UI control. That is like super super reliable. We had a lot of like, you know, un, like, we weren't sure how well this was gonna work because it's like, you have a voice answering. It's like a whole persona, right? Like, that's a little bit more, you know, risky.[00:17:10] swyx: But if you, like, cut out the audio outputs and make it so it always has to output a function, like you can end up with pretty pretty good, like, Pretty reliable, like, command like a command architecture. Yeah,[00:17:21] swyx: actually, that's the way I want to interact with a lot of these things as well. Like, one sided voice.[00:17:26] swyx: Yeah, you don't necessarily want to hear the[00:17:27] swyx: voice back. And like, sometimes it's like, yeah, I think having an output voice is great. But I feel like I don't always want to hear an output voice. I'd say usually I don't. But yeah, exactly, being able to speak to it is super sweet.[00:17:39] swyx: Cool. Do you want to comment on any of the other stuff that you announced?[00:17:41] swyx: From caching I noticed was like, I like the no code change part. I'm looking forward to the docs because I'm sure there's a lot of details on like, what you cache, how long you cache. Cause like, enthalpy caches were like 5 minutes. I was like, okay, but what if I don't make a call every 5 minutes?[00:17:56] swyx: Yeah,[00:17:56] swyx: to be super honest with you, I've been so caught up with the real time API and making the demo that I haven't read up on the other stuff. Launches too much. I mean, I'm aware of them, but I think I'm excited to see how all distillation works. That's something that we've been doing like, I don't know, I've been like doing it between our models for a while And I've seen really good results like I've done back in a day like from GPT 4 to GPT 3.[00:18:19] swyx: 5 And got like, like pretty much the same level of like function calling with like hundreds of functions So that was super super compelling So, I feel like easier distillation, I'm really excited for. I see. Is it a tool?[00:18:31] swyx: So, I saw evals. Yeah. Like, what is the distillation product? It wasn't super clear, to be honest.[00:18:36] swyx: I, I think I want to, I want to let that team, I want to let that team talk about it. Okay,[00:18:40] swyx: alright. Well, I appreciate you jumping on. Yeah, of course. Amazing demo. It was beautifully designed. I'm sure that was part of you and Roman, and[00:18:47] swyx: Yeah, I guess, shout out to like, the first people to like, creators of Wanderlust, originally, were like, Simon and Carolis, and then like, I took it and built the voice component and the voice calling components.[00:18:59] swyx: Yeah, so it's been a big team effort. And like the entire PI team for like Debugging everything as it's been going on. It's been, it's been so good working with them. Yeah, you're the first consumers on the DX[00:19:07] swyx: team. Yeah. Yeah, I mean, the classic role of what we do there. Yeah. Okay, yeah, anything else? Any other call to action?[00:19:13] swyx: No, enjoy Dev Day. Thank you. Yeah. That's it.[00:19:16] Olivier Godement, Head of Product, OpenAI[00:19:16] AI Charlie: The latent space crew then talked to Olivier Godmont, head of product for the OpenAI platform, who led the entire Dev Day keynote and introduced all the major new features and updates that we talked about today.[00:19:28] swyx: Okay, so we are here with Olivier Godmont. That's right.[00:19:32] swyx: I don't pronounce French. That's fine. It was perfect. And it was amazing to see your keynote today. What was the back story of, of preparing something like this? Preparing, like, Dev Day? It[00:19:43] Olivier Godement: essentially came from a couple of places. Number one, excellent reception from last year's Dev Day.[00:19:48] Olivier Godement: Developers, startup founders, researchers want to spend more time with OpenAI, and we want to spend more time with them as well. And so for us, like, it was a no brainer, frankly, to do it again, like, you know, like a nice conference. The second thing is going global. We've done a few events like in Paris and like a few other like, you know, non European, non American countries.[00:20:05] Olivier Godement: And so this year we're doing SF, Singapore, and London. To frankly just meet more developers.[00:20:10] swyx: Yeah, I'm very excited for the Singapore one.[00:20:12] Olivier Godement: Ah,[00:20:12] swyx: yeah. Will you be[00:20:13] Olivier Godement: there?[00:20:14] swyx: I don't know. I don't know if I got an invite. No. I can't just talk to you. Yeah, like, and then there was some speculation around October 1st.[00:20:22] Olivier Godement: Yeah. Is it because[00:20:23] swyx: 01, October 1st? It[00:20:25] Olivier Godement: has nothing to do. I discovered the tweet yesterday where like, people are so creative. No one, there was no connection to October 1st. But in hindsight, that would have been a pretty good meme by Tiana. Okay.[00:20:37] swyx: Yeah, and you know, I think like, OpenAI's outreach to developers is something that I felt the whole in 2022, when like, you know, like, people were trying to build a chat GPT, and like, there was no function calling, all that stuff that you talked about in the past.[00:20:51] swyx: And that's why I started my own conference as like like, here's our little developer conference thing. And, but to see this OpenAI Dev Day now, and like to see so many developer oriented products coming to OpenAI, I think it's really encouraging.[00:21:02] Olivier Godement: Yeah, totally. It's that's what I said, essentially, like, developers are basically the people who make the best connection between the technology and, you know, the future, essentially.[00:21:14] Olivier Godement: Like, you know, essentially see a capability, see a low level, like, technology, and are like, hey, I see how that application or that use case that can be enabled. And so, in the direction of enabling, like, AGI, like, all of humanity, it's a no brainer for us, like, frankly, to partner with Devs.[00:21:31] Alessio: And most importantly, you almost never had waitlists, which, compared to like other releases, people usually, usually have.[00:21:38] Alessio: What is the, you know, you had from caching, you had real time voice API, we, you know, Shawn did a long Twitter thread, so people know the releases. Yeah. What is the thing that was like sneakily the hardest to actually get ready for, for that day, or like, what was the kind of like, you know, last 24 hours, anything that you didn't know was gonna work?[00:21:56] Olivier Godement: Yeah. The old Fairly, like, I would say, involved, like, features to ship. So the team has been working for a month, all of them. The one which I would say is the newest for OpenAI is the real time API. For a couple of reasons. I mean, one, you know, it's a new modality. Second, like, it's the first time that we have an actual, like, WebSocket based API.[00:22:16] Olivier Godement: And so, I would say that's the one that required, like, the most work over the month. To get right from a developer perspective and to also make sure that our existing safety mitigation that worked well with like real time audio in and audio out.[00:22:30] swyx: Yeah, what design choices or what was like the sort of design choices that you want to highlight?[00:22:35] swyx: Like, you know, like I think for me, like, WebSockets, you just receive a bunch of events. It's two way. I obviously don't have a ton of experience. I think a lot of developers are going to have to embrace this real time programming. Like, what are you designing for, or like, what advice would you have for developers exploring this?[00:22:51] Olivier Godement: The core design hypothesis was essentially, how do we enable, like, human level latency? We did a bunch of tests, like, on average, like, human beings, like, you know, takes, like, something like 300 milliseconds to converse with each other. And so that was the design principle, essentially. Like, working backward from that, and, you know, making the technology work.[00:23:11] Olivier Godement: And so we evaluated a few options, and WebSockets was the one that we landed on. So that was, like, one design choice. A few other, like, big design choices that we had to make prompt caching. Prompt caching, the design, like, target was automated from the get go. Like, zero code change from the developer.[00:23:27] Olivier Godement: That way you don't have to learn, like, what is a prompt prefix, and, you know, how long does a cache work, like, we just do it as much as we can, essentially. So that was a big design choice as well. And then finally, on distillation, like, and evaluation. The big design choice was something I learned at Skype, like in my previous job, like a philosophy around, like, a pit of success.[00:23:47] Olivier Godement: Like, what is essentially the, the, the minimum number of steps for the majority of developers to do the right thing? Because when you do evals on fat tuning, there are many, many ways, like, to mess it up, frankly, like, you know, and have, like, a crappy model, like, evals that tell, like, a wrong story. And so our whole design was, okay, we actually care about, like, helping people who don't have, like, that much experience, like, evaluating a model, like, get, like, in a few minutes, like, to a good spot.[00:24:11] Olivier Godement: And so how do we essentially enable that bit of success, like, in the product flow?[00:24:15] swyx: Yeah, yeah, I'm a little bit scared to fine tune especially for vision, because I don't know what I don't know for stuff like vision, right? Like, for text, I can evaluate pretty easily. For vision let's say I'm like trying to, one of your examples was grab.[00:24:33] swyx: Which, very close to home, I'm from Singapore. I think your example was like, they identified stop signs better. Why is that hard? Why do I have to fine tune that? If I fine tune that, do I lose other things? You know, like, there's a lot of unknowns with Vision that I think developers have to figure out.[00:24:50] swyx: For[00:24:50] Olivier Godement: sure. Vision is going to open up, like, a new, I would say, evaluation space. Because you're right, like, it's harder, like, you know, to tell correct from incorrect, essentially, with images. What I can say is we've been alpha testing, like, the Vision fine tuning, like, for several weeks at that point. We are seeing, like, even higher performance uplift compared to text fine tuning.[00:25:10] Olivier Godement: So that's, there is something here, like, we've been pretty impressed, like, in a good way, frankly. But, you know, how well it works. But for sure, like, you know, I expect the developers who are moving from one modality to, like, text and images will have, like, more, you know Testing, evaluation, like, you know, to set in place, like, to make sure it works well.[00:25:25] Alessio: The model distillation and evals is definitely, like, the most interesting. Moving away from just being a model provider to being a platform provider. How should people think about being the source of truth? Like, do you want OpenAI to be, like, the system of record of all the prompting? Because people sometimes store it in, like, different data sources.[00:25:41] Alessio: And then, is that going to be the same as the models evolve? So you don't have to worry about, you know, refactoring the data, like, things like that, or like future model structures.[00:25:51] Olivier Godement: The vision is if you want to be a source of truth, you have to earn it, right? Like, we're not going to force people, like, to pass us data.[00:25:57] Olivier Godement: There is no value prop, like, you know, for us to store the data. The vision here is at the moment, like, most developers, like, use like a one size fits all model, like be off the shelf, like GP40 essentially. The vision we have is fast forward a couple of years. I think, like, most developers will essentially, like, have a.[00:26:15] Olivier Godement: An automated, continuous, fine tuned model. The more, like, you use the model, the more data you pass to the model provider, like, the model is automatically, like, fine tuned, evaluated against some eval sets, and essentially, like, you don't have to every month, when there is a new snapshot, like, you know, to go online and, you know, try a few new things.[00:26:34] Olivier Godement: That's a direction. We are pretty far away from it. But I think, like, that evaluation and decision product are essentially a first good step in that direction. It's like, hey, it's you. I set it by that direction, and you give us the evaluation data. We can actually log your completion data and start to do some automation on your behalf.[00:26:52] Alessio: And then you can do evals for free if you share data with OpenAI. How should people think about when it's worth it, when it's not? Sometimes people get overly protective of their data when it's actually not that useful. But how should developers think about when it's right to do it, when not, or[00:27:07] Olivier Godement: if you have any thoughts on it?[00:27:08] Olivier Godement: The default policy is still the same, like, you know, we don't train on, like, any API data unless you opt in. What we've seen from feedback is evaluation can be expensive. Like, if you run, like, O1 evals on, like, thousands of samples Like, your build will get increased, like, you know, pretty pretty significantly.[00:27:22] Olivier Godement: That's problem statement number one. Problem statement number two is, essentially, I want to get to a world where whenever OpenAI ships a new model snapshot, we have full confidence that there is no regression for the task that developers care about. And for that to be the case, essentially, we need to get evals.[00:27:39] Olivier Godement: And so that, essentially, is a sort of a two bugs one stone. It's like, we subsidize, basically, the evals. And we also use the evals when we ship new models to make sure that we keep going in the right direction. So, in my sense, it's a win win, but again, completely opt in. I expect that many developers will not want to share their data, and that's perfectly fine to me.[00:27:56] swyx: Yeah, I think free evals though, very, very good incentive. I mean, it's a fair trade. You get data, we get free evals. Exactly,[00:28:04] Olivier Godement: and we sanitize PII, everything. We have no interest in the actual sensitive data. We just want to have good evaluation on the real use cases.[00:28:13] swyx: Like, I always want to eval the eval. I don't know if that ever came up.[00:28:17] swyx: Like, sometimes the evals themselves are wrong, and there's no way for me to tell you.[00:28:22] Olivier Godement: Everyone who is starting with LLM, teaching with LLM, is like, Yeah, evaluation, easy, you know, I've done testing, like, all my life. And then you start to actually be able to eval, understand, like, all the corner cases, And you realize, wow, there's like a whole field in itself.[00:28:35] Olivier Godement: So, yeah, good evaluation is hard and so, yeah. Yeah, yeah.[00:28:38] swyx: But I think there's a, you know, I just talked to Brain Trust which I think is one of your partners. Mm-Hmm. . They also emphasize code based evals versus your sort of low code. What I see is like, I don't know, maybe there's some more that you didn't demo.[00:28:53] swyx: YC is kind of like a low code experience, right, for evals. Would you ever support like a more code based, like, would I run code on OpenAI's eval platform?[00:29:02] Olivier Godement: For sure. I mean, we meet developers where they are, you know. At the moment, the demand was more for like, you know, easy to get started, like eval. But, you know, if we need to expose like an evaluation API, for instance, for people like, you know, to pass, like, you know, their existing test data we'll do it.[00:29:15] Olivier Godement: So yeah, there is no, you know, philosophical, I would say, like, you know, misalignment on that. Yeah,[00:29:19] swyx: yeah, yeah. What I think this is becoming, by the way, and I don't, like it's basically, like, you're becoming AWS. Like, the AI cloud. And I don't know if, like, that's a conscious strategy, or it's, like, It doesn't even have to be a conscious strategy.[00:29:33] swyx: Like, you're going to offer storage. You're going to offer compute. You're going to offer networking. I don't know what networking looks like. Networking is maybe, like, Caching or like it's a CDN. It's a prompt CDN.[00:29:45] Alex Volkov: Yeah,[00:29:45] swyx: but it's the AI versions of everything, right? Do you like do you see the analogies or?[00:29:52] Olivier Godement: Whatever Whatever I took to developers. I feel like Good models are just half of the story to build a good app There's a third model you need to do Evaluation is the perfect example. Like, you know, you can have the best model in the world If you're in the dark, like, you know, it's really hard to gain the confidence and so Our philosophy is[00:30:11] Olivier Godement: The whole like software development stack is being basically reinvented, you know, with LLMs. There is no freaking way that open AI can build everything. Like there is just too much to build, frankly. And so my philosophy is, essentially, we'll focus on like the tools which are like the closest to the model itself.[00:30:28] Olivier Godement: So that's why you see us like, you know, investing quite a bit in like fine tuning, distillation, our evaluation, because we think that it actually makes sense to have like in one spot, Like, you know, all of that. Like, there is some sort of virtual circle, essentially, that you can set in place. But stuff like, you know, LLMOps, like tools which are, like, further away from the model, I don't know if you want to do, like, you know, super elaborate, like, prompt management, or, you know, like, tooling, like, I'm not sure, like, you know, OpenAI has, like, such a big edge, frankly, like, you know, to build this sort of tools.[00:30:56] Olivier Godement: So that's how we view it at the moment. But again, frankly, the philosophy is super simple. The strategy is super simple. It's meeting developers where they want us to be. And so, you know that's frankly, like, you know, day in, day out, like, you know, what I try to do.[00:31:08] Alessio: Cool. Thank you so much for the time.[00:31:10] Alessio: I'm sure you,[00:31:10] swyx: Yeah, I have more questions on, a couple questions on voice, and then also, like, your call to action, like, what you want feedback on, right? So, I think we should spend a bit more time on voice, because I feel like that's, like, the big splash thing. I talked well Well, I mean, I mean, just what is the future of real time for OpenAI?[00:31:28] swyx: Yeah. Because I think obviously video is next. You already have it in the, the ChatGPT desktop app. Do we just have a permanent, like, you know, like, are developers just going to be, like, sending sockets back and forth with OpenAI? Like how do we program for that? Like, what what is the future?[00:31:44] Olivier Godement: Yeah, that makes sense. I think with multimodality, like, real time is quickly becoming, like, you know, essentially the right experience, like, to build an application. Yeah. So my expectation is that we'll see like a non trivial, like a volume of applications like moving to a real time API. Like if you zoom out, like, audio is really simple, like, audio until basically now.[00:32:05] Olivier Godement: Audio on the web, in apps, was basically very much like a second class citizen. Like, you basically did like an audio chatbot for users who did not have a choice. You know, they were like struggling to read, or I don't know, they were like not super educated with technology. And so, frankly, it was like the crappy option, you know, compared to text.[00:32:25] Olivier Godement: But when you talk to people in the real world, the vast majority of people, like, prefer to talk and listen instead of typing and writing.[00:32:34] swyx: We speak before we write.[00:32:35] Olivier Godement: Exactly. I don't know. I mean, I'm sure it's the case for you in Singapore. For me, my friends in Europe, the number of, like, WhatsApp, like, voice notes they receive every day, I mean, just people, it makes sense, frankly, like, you know.[00:32:45] Olivier Godement: Chinese. Chinese, yeah.[00:32:46] swyx: Yeah,[00:32:47] Olivier Godement: all voice. You know, it's easier. There is more emotions. I mean, you know, you get the point across, like, pretty well. And so my personal ambition for, like, the real time API and, like, audio in general is to make, like, audio and, like, multimodality, like, truly a first class experience.[00:33:01] Olivier Godement: Like, you know, if you're, like, you know, the amazing, like, super bold, like, start up out of YC, you want to build, like, the next, like, billion, like, you know, user application to make it, like, truly your first and make it feel, like, you know, an actual good, like, you know, product experience. So that's essentially the ambition, and I think, like, yeah, it could be pretty big.[00:33:17] swyx: Yeah. I think one, one people, one issue that people have with the voice so far as, as released in advanced voice mode is the refusals.[00:33:24] Alex Volkov: Yeah.[00:33:24] swyx: You guys had a very inspiring model spec. I think Joanne worked on that. Where you said, like, yeah, we don't want to overly refuse all the time. In fact, like, even if, like, not safe for work, like, in some occasions, it's okay.[00:33:38] swyx: How, is there an API that we can say, not safe for work, okay?[00:33:41] Olivier Godement: I think we'll get there. I think we'll get there. The mobile spec, like, nailed it, like, you know. It nailed it! It's so good! Yeah, we are not in the business of, like, policing, you know, if you can say, like, vulgar words or whatever. You know, there are some use cases, like, you know, I'm writing, like, a Hollywood, like, script I want to say, like, will go on, and it's perfectly fine, you know?[00:33:59] Olivier Godement: And so I think the direction where we'll go here is that basically There will always be like, you know, a set of behavior that we will, you know, just like forbid, frankly, because they're illegal against our terms of services. But then there will be like, you know, some more like risky, like themes, which are completely legal, like, you know, vulgar words or, you know, not safe for work stuff.[00:34:17] Olivier Godement: Where basically we'll expose like a controllable, like safety, like knobs in the API to basically allow you to say, hey, that theme okay, that theme not okay. How sensitive do you want the threshold to be on safety refusals? I think that's the Dijkstra. So a[00:34:31] swyx: safety API.[00:34:32] Olivier Godement: Yeah, in a way, yeah.[00:34:33] swyx: Yeah, we've never had that.[00:34:34] Olivier Godement: Yeah. '[00:34:35] swyx: cause right now is you, it is whatever you decide. And then it's, that's it. That, that, that would be the main reason I don't use opening a voice is because of[00:34:42] Olivier Godement: it's over police. Over refuse over refusals. Yeah. Yeah, yeah. No, we gotta fix that. Yeah. Like singing,[00:34:47] Alessio: we're trying to do voice. I'm a singer.[00:34:49] swyx: And you, you locked off singing.[00:34:51] swyx: Yeah,[00:34:51] Alessio: yeah, yeah.[00:34:52] swyx: But I, I understand music gets you in trouble. Okay. Yeah. So then, and then just generally, like, what do you want to hear from developers? Right? We have, we have all developers watching you know, what feedback do you want? Any, anything specific as well, like from, especially from today anything that you are unsure about, that you are like, Our feedback could really help you decide.[00:35:09] swyx: For sure.[00:35:10] Olivier Godement: I think, essentially, it's becoming pretty clear after today that, you know, I would say the open end direction has become pretty clear, like, you know, after today. Investment in reasoning, investment in multimodality, Investment as well, like in, I would say, tool use, like function calling. To me, the biggest question I have is, you know, Where should we put the cursor next?[00:35:30] Olivier Godement: I think we need all three of them, frankly, like, you know, so we'll keep pushing.[00:35:33] swyx: Hire 10, 000 people, or actually, no need, build a bunch of bots.[00:35:37] Olivier Godement: Exactly, and so let's take O1 smart enough, like, for your problems? Like, you know, let's set aside for a second the existing models, like, for the apps that you would love to build, is O1 basically it in reasoning, or do we still have, like, you know, a step to do?[00:35:50] Olivier Godement: Preview is not enough, I[00:35:52] swyx: need the full one.[00:35:53] Olivier Godement: Yeah, so that's exactly that sort of feedback. Essentially what they would love to do is for developers I mean, there's a thing that Sam has been saying like over and over again, like, you know, it's easier said than done, but I think it's directionally correct. As a developer, as a founder, you basically want to build an app which is a bit too difficult for the model today, right?[00:36:12] Olivier Godement: Like, what you think is right, it's like, sort of working, sometimes not working. And that way, you know, that basically gives us like a goalpost, and be like, okay, that's what you need to enable with the next model release, like in a few months. And so I would say that Usually, like, that's the sort of feedback which is like the most useful that I can, like, directly, like, you know, incorporate.[00:36:33] swyx: Awesome. I think that's our time. Thank you so much, guys. Yeah, thank you so much.[00:36:38] AI Charlie: Thank you. We were particularly impressed that Olivier addressed the not safe for work moderation policy question head on, as that had only previously been picked up on in Reddit forums. This is an encouraging sign that we will return to in the closing candor with Sam Altman at the end of this episode.[00:36:57] Romain Huet, Head of DX, OpenAI[00:36:57] AI Charlie: Next, a chat with Roman Hewitt, friend of the pod, AI Engineer World's fair closing keynote speaker, and head of developer experience at OpenAI on his incredible live demos And advice to AI engineers on all the new modalities.[00:37:12] Alessio: Alright, we're live from OpenAI Dev Day. We're with Juan, who just did two great demos on, on stage.[00:37:17] Alessio: And he's been a friend of Latentspace, so thanks for taking some of the time.[00:37:20] Romain Huet: Of course, yeah, thank you for being here and spending the time with us today.[00:37:23] swyx: Yeah, I appreciate appreciate you guys putting this on. I, I know it's like extra work, but it really shows the developers that you're, Care and about reaching out.[00:37:31] Romain Huet: Yeah, of course, I think when you go back to the OpenAI mission, I think for us it's super important that we have the developers involved in everything we do. Making sure that you know, they have all of the tools they need to build successful apps. And we really believe that the developers are always going to invent the ideas, the prototypes, the fun factors of AI that we can't build ourselves.[00:37:49] Romain Huet: So it's really cool to have everyone here.[00:37:51] swyx: We had Michelle from you guys on. Yes, great episode. She very seriously said API is the path to AGI. Correct. And people in our YouTube comments were like, API is not AGI. I'm like, no, she's very serious. API is the path to AGI. Like, you're not going to build everything like the developers are, right?[00:38:08] swyx: Of[00:38:08] Romain Huet: course, yeah, that's the whole value of having a platform and an ecosystem of amazing builders who can, like, in turn, create all of these apps. I'm sure we talked about this before, but there's now more than 3 million developers building on OpenAI, so it's pretty exciting to see all of that energy into creating new things.[00:38:26] Alessio: I was going to say, you built two apps on stage today, an international space station tracker and then a drone. The hardest thing must have been opening Xcode and setting that up. Now, like, the models are so good that they can do everything else. Yes. You had two modes of interaction. You had kind of like a GPT app to get the plan with one, and then you had a cursor to do apply some of the changes.[00:38:47] Alessio: Correct. How should people think about the best way to consume the coding models, especially both for You know, brand new projects and then existing projects that you're trying to modify.[00:38:56] Romain Huet: Yeah. I mean, one of the things that's really cool about O1 Preview and O1 Mini being available in the API is that you can use it in your favorite tools like cursor like I did, right?[00:39:06] Romain Huet: And that's also what like Devin from Cognition can use in their own software engineering agents. In the case of Xcode, like, it's not quite deeply integrated in Xcode, so that's why I had like chat GPT side by side. But it's cool, right, because I could instruct O1 Preview to be, like, my coding partner and brainstorming partner for this app, but also consolidate all of the, the files and architect the app the way I wanted.[00:39:28] Romain Huet: So, all I had to do was just, like, port the code over to Xcode and zero shot the app build. I don't think I conveyed, by the way, how big a deal that is, but, like, you can now create an iPhone app from scratch, describing a lot of intricate details that you want, and your vision comes to life in, like, a minute.[00:39:47] Romain Huet: It's pretty outstanding.[00:39:48] swyx: I have to admit, I was a bit skeptical because if I open up SQL, I don't know anything about iOS programming. You know which file to paste it in. You probably set it up a little bit. So I'm like, I have to go home and test it. And I need the ChatGPT desktop app so that it can tell me where to click.[00:40:04] Romain Huet: Yeah, I mean like, Xcode and iOS development has become easier over the years since they introduced Swift and SwiftUI. I think back in the days of Objective C, or like, you know, the storyboard, it was a bit harder to get in for someone new. But now with Swift and SwiftUI, their dev tools are really exceptional.[00:40:23] Romain Huet: But now when you combine that with O1, as your brainstorming and coding partner, it's like your architect, effectively. That's the best way, I think, to describe O1. People ask me, like, can GPT 4 do some of that? And it certainly can. But I think it will just start spitting out code, right? And I think what's great about O1, is that it can, like, make up a plan.[00:40:42] Romain Huet: In this case, for instance, the iOS app had to fetch data from an API, it had to look at the docs, it had to look at, like, how do I parse this JSON, where do I store this thing, and kind of wire things up together. So that's where it really shines. Is mini or preview the better model that people should be using?[00:40:58] Romain Huet: Like, how? I think people should try both. We're obviously very excited about the upcoming O1 that we shared the evals for. But we noticed that O1 Mini is very, very good at everything math, coding, everything STEM. If you need for your kind of brainstorming or your kind of science part, you need some broader knowledge than reaching for O1 previews better.[00:41:20] Romain Huet: But yeah, I used O1 Mini for my second demo. And it worked perfectly. All I needed was very much like something rooted in code, architecting and wiring up like a front end, a backend, some UDP packets, some web sockets, something very specific. And it did that perfectly.[00:41:35] swyx: And then maybe just talking about voice and Wanderlust, the app that keeps on giving, what's the backstory behind like preparing for all of that?[00:41:44] Romain Huet: You know, it's funny because when last year for Dev Day, we were trying to think about what could be a great demo app to show like an assistive experience. I've always thought travel is a kind of a great use case because you have, like, pictures, you have locations, you have the need for translations, potentially.[00:42:01] Romain Huet: There's like so many use cases that are bounded to travel that I thought last year, let's use a travel app. And that's how Wanderlust came to be. But of course, a year ago, all we had was a text based assistant. And now we thought, well, if there's a voice modality, what if we just bring this app back as a wink.[00:42:19] Romain Huet: And what if we were interacting better with voice? And so with this new demo, what I showed was the ability to like, So, we wanted to have a complete conversation in real time with the app, but also the thing we wanted to highlight was the ability to call tools and functions, right? So, like in this case, we placed a phone call using the Twilio API, interfacing with our AI agents, but developers are so smart that they'll come up with so many great ideas that we could not think of ourselves, right?[00:42:48] Romain Huet: But what if you could have like a, you know, a 911 dispatcher? What if you could have like a customer service? Like center, that is much smarter than what we've been used to today. There's gonna be so many use cases for real time, it's awesome.[00:43:00] swyx: Yeah, and sometimes actually you, you, like this should kill phone trees.[00:43:04] swyx: Like there should not be like dial one[00:43:07] Romain Huet: of course para[00:43:08] swyx: espanol, you know? Yeah, exactly. Or whatever. I dunno.[00:43:12] Romain Huet: I mean, even you starting speaking Spanish would just do the thing, you know you don't even have to ask. So yeah, I'm excited for this future where we don't have to interact with those legacy systems.[00:43:22] swyx: Yeah. Yeah. Is there anything, so you are doing function calling in a streaming environment. So basically it's, it's web sockets. It's UDP, I think. It's basically not guaranteed to be exactly once delivery. Like, is there any coding challenges that you encountered when building this?[00:43:39] Romain Huet: Yeah, it's a bit more delicate to get into it.[00:43:41] Romain Huet: We also think that for now, what we, what we shipped is a, is a beta of this API. I think there's much more to build onto it. It does have the function calling and the tools. But we think that for instance, if you want to have something very robust, On your client side, maybe you want to have web RTC as a client, right?[00:43:58] Romain Huet: And, and as opposed to like directly working with the sockets at scale. So that's why we have partners like Life Kit and Agora if you want to, if you want to use them. And I'm sure we'll have many mores in the, in many more in the future. But yeah, we keep on iterating on that, and I'm sure the feedback of developers in the weeks to come is going to be super critical for us to get it right.[00:44:16] swyx: Yeah, I think LiveKit has been fairly public that they are used in, in the Chachapiti app. Like, is it, it's just all open source, and we just use it directly with OpenAI, or do we use LiveKit Cloud or something?[00:44:28] Romain Huet: So right now we, we released the API, we released some sample code also, and referenced clients for people to get started with our API.[00:44:35] Romain Huet: And we also partnered with LifeKit and Agora, so they also have their own, like ways to help you get started that plugs natively with the real time API. So depending on the use case, people can, can can decide what to use. If you're working on something that's completely client or if you're working on something on the server side, for the voice interaction, you may have different needs, so we want to support all of those.[00:44:55] Alessio: I know you gotta run. Is there anything that you want the AI engineering community to give feedback on specifically, like even down to like, you know, a specific API end point or like, what, what's like the thing that you want? Yeah. I[00:45:08] Romain Huet: mean, you know, if we take a step back, I think dev Day this year is all different from last year and, and in, in a few different ways.[00:45:15] Romain Huet: But one way is that we wanted to keep it intimate, even more intimate than last year. We wanted to make sure that the community is. Thank you very much for joining us on the Spotlight. That's why we have community talks and everything. And the takeaway here is like learning from the very best developers and AI engineers.[00:45:31] Romain Huet: And so, you know we want to learn from them. Most of what we shipped this morning, including things like prompt caching the ability to generate prompts quickly in the playground, or even things like vision fine tuning. These are all things that developers have been asking of us. And so, the takeaway I would, I would leave them with is to say like, Hey, the roadmap that we're working on is heavily influenced by them and their work.[00:45:53] Romain Huet: And so we love feedback From high feature requests, as you say, down to, like, very intricate details of an API endpoint, we love feedback, so yes that's, that's how we, that's how we build this API.[00:46:05] swyx: Yeah, I think the, the model distillation thing as well, it might be, like, the, the most boring, but, like, actually used a lot.[00:46:12] Romain Huet: True, yeah. And I think maybe the most unexpected, right, because I think if I, if I read Twitter correctly the past few days, a lot of people were expecting us. To shape the real time API for speech to speech. I don't think developers were expecting us to have more tools for distillation, and we really think that's gonna be a big deal, right?[00:46:30] Romain Huet: If you're building apps that have you know, you, you want high, like like low latency, low cost, but high performance, high quality on the use case distillation is gonna be amazing.[00:46:40] swyx: Yeah. I sat in the distillation session just now and they showed how they distilled from four oh to four mini and it was like only like a 2% hit in the performance and 50 next.[00:46:49] swyx: Yeah,[00:46:50] Romain Huet: I was there as well for the superhuman kind of use case inspired for an Ebola client. Yeah, this was really good. Cool man! so much for having me. Thanks again for being here today. It's always[00:47:00] AI Charlie: great to have you. As you might have picked up at the end of that chat, there were many sessions throughout the day focused on specific new capabilities.[00:47:08] Michelle Pokrass, Head of API at OpenAI ft. Simon Willison[00:47:08] AI Charlie: Like the new model distillation features combining EVOLs and fine tuning. For our next session, we are delighted to bring back two former guests of the pod, which is something listeners have been greatly enjoying in our second year of doing the Latent Space podcast. Michelle Pokras of the API team joined us recently to talk about structured outputs, and today gave an updated long form session at Dev Day, describing the implementation details of the new structured output mode.[00:47:39] AI Charlie: We also got her updated thoughts on the VoiceMode API we discussed in her episode, now that it is finally announced. She is joined by friend of the pod and super blogger, Simon Willison, who also came back as guest co host in our Dev Day. 2023 episode.[00:47:56] Alessio: Great, we're back live at Dev Day returning guest Michelle and then returning guest co host Fork.[00:48:03] Alessio: Fork, yeah, I don't know. I've lost count. I think it's been a few. Simon Willison is back. Yeah, we just wrapped, we just wrapped everything up. Congrats on, on getting everything everything live. Simon did a great, like, blog, so if you haven't caught up, I[00:48:17] Simon Willison: wrote my, I implemented it. Now, I'm starting my live blog while waiting for the first talk to start, using like GPT 4, I wrote me the Javascript, and I got that live just in time and then, yeah, I was live blogging the whole day.[00:48:28] swyx: Are you a cursor enjoyer?[00:48:29] Simon Willison: I haven't really gotten into cursor yet to be honest. I just haven't spent enough time for it to click, I think. I'm more a copy and paste things out of Cloud and chat GPT. Yeah. It's interesting.[00:48:39] swyx: Yeah. I've converted to cursor and 01 is so easy to just toggle on and off.[00:48:45] Alessio: What's your workflow?[00:48:46] Alessio: VS[00:48:48] Michelle Pokrass: Code co pilot, so Yep, same here. Team co pilot. Co pilot is actually the reason I joined OpenAI. It was, you know, before ChatGPT, this is the thing that really got me. So I'm still into it, but I keep meaning to try out Cursor, and I think now that things have calmed down, I'm gonna give it a real go.[00:49:03] swyx: Yeah, it's a big thing to change your tool of choice.[00:49:06] swyx: Yes,[00:49:06] Michelle Pokrass: yeah, I'm pretty dialed, so.[00:49:09] swyx: I mean, you know, if you want, you can just fork VS Code and make your own. That's the thing to dumb thing, right? We joked about doing a hackathon where the only thing you do is fork VS Code and bet me the best fork win.[00:49:20] Michelle Pokrass: Nice.[00:49:22] swyx: That's actually a really good idea. Yeah, what's up?[00:49:26] swyx: I mean, congrats on launching everything today. I know, like, we touched on it a little bit, but, like, everyone was kind of guessing that Voice API was coming, and, like, we talked about it in our episode. How do you feel going into the launch? Like, any design decisions that you want to highlight?[00:49:41] Michelle Pokrass: Yeah, super jazzed about it. The team has been working on it for a while. It's, like, a very different API for us. It's the first WebSocket API, so a lot of different design decisions to be made. It's, like, what kind of events do you send? When do you send an event? What are the event names? What do you send, like, on connection versus on future messages?[00:49:57] Michelle Pokrass: So there have been a lot of interesting decisions there. The team has also hacked together really cool projects as we've been testing it. One that I really liked is we had an internal hack a thon for the API team. And some folks built like a little hack that you could use to, like VIM with voice mode, so like, control vim, and you would tell them on like, nice, write a file and it would, you know, know all the vim commands and, and pipe those in.[00:50:18] Michelle Pokrass: So yeah, a lot of cool stuff we've been hacking on and really excited to see what people build with it.[00:50:23] Simon Willison: I've gotta call out a demo from today. I think it was Katja had a 3D visualization of the solar system, like WebGL solar system, you could talk to. That is one of the coolest conference demos I've ever seen.[00:50:33] Simon Willison: That was so convincing. I really want the code. I really want the code for that to get put out there. I'll talk[00:50:39] Michelle Pokrass: to the team. I think we can[00:50:40] Simon Willison: probably

Forecast = 50% chance of unexpected software installations followed by scattered UDP packet sprays. ‍ In this episode of Storm⚡️Watch, we follow up on the intriguing 'Noise Storms' that had the cybersecurity community buzzing. Security researcher David Schuetz has made some fascinating discoveries about these mysterious ping packets flooding the internet. His investigation, detailed at darthnull.org/noisestorms/, takes us on a journey through packet analysis, timestamp decoding, and network protocol deep-dives, offering new perspectives on the potential origins of those enigmatic 'LOVE' packets. Our Cyberside Chat segment dives into the recent CUPS daemon vulnerability, exploring the implications of this daft uncoordinated disclosure. We'll break down the details provided by Censys in their analysis of the Common Unix Printing Service vulnerabilities. In our Cyber Focus segment, we discuss the surprising news about Kaspersky antivirus software deleting itself and installing UltraAV and other bits of code without warnings. We'll also highlight some recent blog posts from Censys, VulnCheck, and GreyNoise. These articles cover topics ranging from Fox Kitten infrastructure analysis to securing internet-exposed industrial control systems, and even delve into phishing tactics targeting election security. Our "We Need to Talk About KEV" segment rounds up the latest additions to CISA's Known Exploited Vulnerabilities catalog, keeping you informed about the most critical security issues to address. Storm Watch Homepage >> Learn more about GreyNoise >>  

We explain the one-packet attack on CUPS and discuss its real-world implications. Plus, a Meshtastic update and more.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Limiting Process Priority in a FreeBSD Jail, Why You Should Use FreeBSD, The web fun fact that domains can end in dots and canonicalization failures, Replacing postfix with dma + auth, modern unix tool list, Smol KVM, The Computers of Voyager NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD Tips and Tricks: Limiting Process Priority in a FreeBSD Jail (https://it-notes.dragas.net/2024/07/11/limiting-process-priority-in-freebsd-jail/) Why You Should Use FreeBSD (https://freebsdfoundation.org/blog/why-you-should-use-freebsd/) News Roundup The web fun fact that domains can end in dots and canonicalization failures (https://utcc.utoronto.ca/~cks/space/blog/web/DomainDotsAndCanonicalization) Replacing postfix with dma + auth (https://dan.langille.org/2024/08/02/replacing-postfix-with-dma-auth/) modern unix tool list (https://notes.billmill.org/computer_usage/cli_tips_and_tools/modern_unix_tool_list.html) Smol KVM (https://adventurist.me/posts/00324) The Computers of Voyager (https://hackaday.com/2024/05/06/the-computers-of-voyager/) Beastie Bits No unmodified files remain from original import of OpenBSD (https://www.undeadly.org/cgi?action=article;sid=20240824114631) The BSDCan 2024 Playlist is now complete (https://www.undeadly.org/cgi?action=article;sid=20240814053159) UDP parallel input committed to -current (http://undeadly.org/cgi?action=article;sid=20240727110501) Your browser is your Computer (https://www.exaequos.com) For the member-berries (https://defrag98.com) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Jim talks with Toufi Saliba about the Toda/IP protocol and HyperCycle, a decentralized network for AI-to-AI communication. They discuss the high-level view of Toda/IP & HyperCycle, enabling communication of value, what Toda adds on top of UDP, time & cost constraints, cryptographic proof in the first handshake, how Toda transfers value in very small quantities, how settlement occurs, who has custody of a dollar, transaction machines, where money is kept & what prevents stealing, an actual non-fungible token, fully decentralized smart contracts, whether or not Toda is analogous to paper money in a gold standard world, Toufi's motivation for building this tech, hyperinflation in Germany in the 1920s, the currency for AI, OpenCog's AGI ASI project, why inter-operation with AI is important, wealth creation at the node level, a market in results not compute, how this helps facilitate AGI, the entire world reaching AGI vs a single entity reaching it, why Toufi thinks AGI is close, reasons for thinking decentralized AGI will happen first, how to get involved, the cost of a node, using Moloch's incentives to overthrow Moloch, learning how to run nodes, HyperCycle vs SinguarityNET, and much more. Episode Transcript JRS Currents 027: Charles Hoskinson on Cardano Blockchain Project JRS EP217 - Ben Goertzel on a New Framework for AGI Toufi Saliba is the co-author of the Toda/IP protocol and currently serves as the global chair for international protocols for AI security for the IEEE, which is the world's largest technical professional organization dedicated to advancing technology for the benefit of all humanity. Toufi has a history of building various AI projects centered around cryptography and cybersecurity. In October 2022, he took on the leadership of Hypercycle.ai, which is focused on developing a general-purpose technology supporting a decentralized network for AI-to-AI communication.

In his regular monthly spot on PING, APNIC's Chief Scientist Geoff Huston re-visits the question of DNS Extensions, in particular the EDNS0 option signalling maximum UDP packet size accepted, and it's effect in the modern DNS. Through the APNIC Labs measurement system Geoff has visibility of the success rate for DNS events where EDNS0 signalling triggers DNS “truncation” and the consequent re-query in TCP as well as the impact of UDP fragmentation even inside the agreed limit, as well as the ability to handle the UDP packet sizes proffered in the settings. Read more about EDNS0 and UDP on the APNIC Blog and at APNIC Labs Revisiting DNS and UDP truncation (Geoff Huston, APNIC Blog July 2024) DNS TCP Requery failure rate (APNIC Labs)

Romain Basset is back for another podcast episode. Today, Andy and Romain discuss the notorious threat actor group, Anonymous Sudan. They explore who this group is, their affiliations, motivations, and the tactics, techniques, and procedures (TTPs) they employ.   The discussion includes an overview of various types of threat actor groups, situating Anonymous Sudan within this landscape, and providing a detailed background on the group's emergence, targets, and the significant impact of their attacks.  Key Takeaways:  Anonymous Sudan is a threat actor group that sits between being an activist group and a state-sponsored cyber-criminal group.    The group is known for highly disruptive and visible DDoS attacks, often targeting large organizations and infrastructure like Microsoft's Azure, OneDrive, and Outlook.com.  Anonymous Sudan utilizes a variety of DDoS techniques and tools, including HTTP floods, SYN floods, UDP floods, and ICMP floods, often coordinating with other botnets to amplify the impact. Anonymous Sudan's tactics appear focused on disruption and visibility, aiming to make a public impact and spread their political/religious messaging.    Timestamps:  (02:43) - Categories of Threat Actor Groups  (05:44) - Ties Between Anonymous Sudan and Russia  (10:59) - Tools Used by Anonymous Sudan  (15:47) - Techniques and Procedures of Anonymous Sudan  (24:08) - Typical DDoS Attack Procedure  Episode Resources:  Next-gen Microsoft Security and Compliance Management to meet your Requirements  

Greetings! And also with you! Welcome back to another episode with YOUR Brothers in Arms! Tonight we acknowledge And all you other people, RIP SeaMoose,  It's a tradition. Hi I'm Paul, boats are supposed to sink - ships don't, How do you get debt out of deployment? UDP. Is that like a urinary tract infection? Is it a drinking club, or gun club? Both. We're meeting on Tuesday. We forgot the cat memes. It's groundhog day. There's 2 gyms, why would we need that? We have free reign to run around base. Alex doesn't run. Unofficially sponsored by Garmin. I guess we're showing watches. I got mine from Walmart. I can ping my watch. Me too! It can tell you how stressed you are. I can do that. It has a button that says run. Alex wouldn't push that. Usher noises. What? Okay. On national television, worldwide. Greg is still struggling with a 15 year old game. Now he's cheating. It's all about the perks. Liz on a plane. No snakes, only kids. Alex is playing softball. Tomahawk chop. Line drives to the shortstop. No magic for Alex this week. Patrick went to a baseball game. 55 dollar hotdogs. Prayed for the new guys. They're going to need it. Rain checks. Braves lost, boo! It just kinda farted out. It was alot. It was harry potter night. How did we miss this? So yeah, that's us. I got a chicken. He goes everywhere. Venture pal. You know what has less than 30 calories? Water. Why do they say sugar free? Are they sugar free? Look out, they spit. Indoor plumbing, it's gonna be big. Walle? That's five. You got me thinking about it. Amy Grant was on that one. Mad props smart plane. The wifi is terrible. Generational rambling. Technology will be the end of us. make it a ticket - not reckless,  Dad jokes. Sign out for affiliation. Send us Dad jokes and cat memes. All this with multiple laughable moments on this week's episode of Brothers in Arms!   Where you can reach us: YouTube: BrothersinArmsPodcast Instagram: Yourbrothersinarmspodcast Twitter: @YourBIAPodcast Gmail: yourbrothersinarmspodcast@gmail.com Twitch: Twitch.tv/brothersinarmspodcast (schedule varies due to life) Website: https://brothersinarms.podbean.com

The political landscape of Utah has long been shaped by a diversity of voices and perspectives. Today, we turn our attention to the Utah Democratic Party. With a rich history deeply rooted in the principles of equality, justice, and compassion, the party continues to be a driving force for positive change within our communities. How is the Democratic Party looking in Utah's election cycle? What are the similarities between the local and national messaging of the Democratic Party? What should we expect with VP Kamala Harris' visit to Utah coming up? Scott Howell joins the show to answer all the questions about the UDP.

En Ivoox puedes encontrar sólo algunos de los audios de Mindalia. Para escuchar las 4 grabaciones diarias que publicamos entra en https://www.mindaliatelevision.com. Si deseas ver el vídeo perteneciente a este audio, pincha aquí: https://www.youtube.com/watch?v=xqTZKnV8aQc&t=53s Contemplamos los fenómenos de percepción extrasensorial desde las investigaciones y experimentaciones de Mauricio Arenas. Descubre cómo estas experiencias le han permitido demostrar la existencia de la Visión Remota, Visión Duermo Óptica, Visión Extraocular, y Clarisensibilidad, entre otras. La PES es una realidad y nos entrega la posibilidad de avanzar en nuestro despertar y desarrollo de la Consciencia. Mauricio Arenas Ingeniero y licenciado en Marketing de la UDP, con grado de magíster y estudios de Filosofía y Psicología. Consultor senior, investigador y experimentador en fenómenos de percepción extrasensorial. Director del Instituto de Parapsicología de Chile. Infórmate de todo el programa en: http://television.mindalia.com/catego... **CON PREGUNTAS AL FINAL DE LA CONFERENCIA PARA RESOLVER TUS DUDAS *** Si te parece interesante.... ¡COMPÁRTELO!! :-) -----------INFORMACIÓN SOBRE MINDALIA--------- Mindalia.com es una ONG internacional sin ánimo de lucro. Nuestra misión es la difusión universal de contenidos para la mejora de la consciencia espiritual, mental y física. -Apóyanos con tu donación en este enlace: https://streamelements.com/mindaliapl... -Colabora con el mundo suscribiéndote a este canal, dejándonos un comentario de energía positiva en nuestros vídeos y compartiéndolos. De esta forma, este conocimiento llegará a mucha más gente. - Sitio web: https://www.mindalia.com - Facebook: / mindalia.ayuda - Instagram: / mindalia_com - Twitch: / mindaliacom - Vaughn: https://vaughn.live/mindalia - Odysee: https://odysee.com/@Mindalia.com *Mindalia.com no se hace responsable de las opiniones vertidas en este vídeo, ni necesariamente participa de ellas. *Mindalia.com no se responsabiliza de la fiabilidad de las informaciones de este vídeo, cualquiera sea su origen. *Este vídeo es exclusivamente informativo.

Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities. In This Episode You Will Learn: The unique perspective Dor has with RDP security research How to approach security research when following the protocol specifications The importance of clear documentation in preventing security vulnerabilities Some Questions We Ask: How did you design and build the Capture the Flag event? Did you face any unexpected hurdles while researching the RDP protocol's security? Have you found other security vulnerabilities by closely adhering to protocol specifications? Resources: View Dor Dali on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

The first LinuxFest is back and better than ever. We share stories and friends from one of the best Linux gatherings of the year: LinuxFest Northwest.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:

Topics covered in this episode:

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-371

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-371

HGF Delivers the weekly breaches in “Whose Been Popped?” Oracle's macOS 14.4 Java hiccup, the ever-adapting landscape of ransomware warfare, the emerging threat of Loop DoS attacks, and the Biden-Harris administration's call to action for water sector cybersecurity. Original URLs: https://www.bleepingcomputer.com/news/apple/oracle-warns-that-macos-144-update-breaks-java-on-apple-cpus/ https://www.guidepointsecurity.com/blog/t-o-x-i-n-b-i-o-ransomware-recruitment-efforts-following-law-enforcement-disruption/ https://www.helpnetsecurity.com/2024/03/20/raas-recruit-affiliates/ https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html https://cispa.de/en/loop-dos https://www.epa.gov/newsreleases/biden-harris-administration-engages-states-safeguarding-water-sector-infrastructure https://www.cybersecuritydive.com/news/warnings-state-linked-cyber-threats-water/710834/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ macOS 14.4, Java Issues, Oracle Warning, Ransomware Wars, Law Enforcement, Cybersecurity, Loop DoS Attack, Water Sector Cyber Threats, Biden-Harris Administration, Cyberattack Prevention, Mobile Security, Password Managers, Apple Silicon CPUs Search Phrases: macOS 14.4 Java problems Oracle advice on macOS update Ransomware recruitment post-crackdown Effects of law enforcement on ransomware Understanding Loop DoS attacks Cyber threats to water infrastructure Biden-Harris cyber security efforts Protecting against cyberattacks in the water sector How ransomware groups adapt Cybersecurity measures for water systems Impact of macOS updates on Java Dealing with ransomware wars New cybersecurity threats 2024 Administration's response to cybersecurity in infrastructure Cybersecurity tips for protecting critical infrastructure Transcript: mar 21 [00:00:00] offsetkeyz: welcome back to the Daily Decrypt. Today, we're joined by HotGirlFarmer, as she delivers last week's breaches in your favorite segment, Who's Been Popped. Also, the company Oracle alerts customers that the new Mac OS 14. 4 update will disrupt Java functionality and urges. Customers to postpone this update. Ransomware as a Service groups are upping their recruitment efforts, defying law enforcement disruptions. With cunning resilience. What are ransomware as a service groups and how are they recruiting? Stick around to find out. And the White House is really doubling down on water utilities, urging states and governors to collaborate to help protect this critical infrastructure. And finally, researchers have discovered a new loop denial of service attack that targets [00:01:00] UDP based application level protocols, putting an estimated 300, internet hosts at risk for continuous looping and unneeded stress. How will this affect everyday users? Alrighty, so before we get into the breaches with Hot Girl Farmer, I just wanted to warn macOS users to maybe postpone the most recent update to avoid any system disruptions. There are no current workarounds and Java isn't liking the new update. This isn't like how it used to be in the earlier 2000s where Java ran everything on your computer. It shouldn't affect you unless you're developing in Java. But besides Java issues, Updated users are reporting issues with their printer drivers, lost iCloud files, and connectivity issues with USB hubs and monitors. So let's just hold off on the new macOS 14. 4 upgrade for a few more days. [00:01:53] HGF: [00:02:00] First off, hackers targeted MediaWorks, a company in New Zealand, demanding a ransom in cryptocurrency from victims who just wanted to win a free radio contest. MediaWorks is out here like, sorry, your name, address, and birthday were part of our grand prize giveaway to some hackers. Hopping on a financial rollercoaster, the International Monetary Fund got their emails hacked. And these weren't just any emails, they were the kind that you use fancy words in hoping to sound smart. The IMF is like the person who insists on using a $10 word when a $1 word will do, and now everyone knows they've been using "Synergy" wrong this whole time. [00:02:41] HGF: Meanwhile in France, they've turned data breaches into an art form, with up to 43 million people affected. It's a breach so chic, it's practically wearing a striped shirt and smoking a cigarette. And let's not forget Alabama, where the state government websites faced a denial of service [00:03:00] attack. Alabama's like, Our websites are slower than molasses in January, but don't you worry, your data's as safe as a church potluck. Except in this case, the potluck's been crashed by every hacker in a 10 mile radius. So, what have we learned aside from the fact that the world is a hacker's oyster? Keep your friends close, your passwords closer, and maybe, try not to store your entire life on a device that could be hacked by a 12 year old with a grudge. In the grand scheme of things, we're all just trying to make it through this digital world. [00:03:32] transition: Thanks for watching! [00:03:38] offsetkeyz: We've been hearing a lot coming out of the White House about critical infrastructure, such as power and water. They've been providing a lot of guidance recently and encouraging collaboration to avoid cyber attacks. So what do they know that we don't know? It's starting to get me a little scared. So just two days ago, the Biden Harris administration released some more guidance on how to stay safe, but is [00:04:00] also urgently calling governors and state governments to start collaborating. and really hardening the systems of their critical water infrastructure. When we think about crippling cyber threats, we tend to think about big corporations and ransomware and things like that, but those may be where the money is, but those who are out to get the United States of America, like maybe China and maybe Russia, I'm not sure. We'll be targeting our critical infrastructure first Now, if you are working in it in a critical infrastructure like power or water, our hats are off to you. I know what you're up against and even. The White House knows what you're up against, which is why they're starting to step in. So keep doing the Lord's work out there and try to get it as secure as possible. Because, hey, we all need water to live. And I don't want to be making that Walmart run when my water stops working. That's going to be crazy. So part of the major efforts by the Biden Harris administration includes creating a cybersecurity task force between the EPA and the [00:05:00] NSC, promoting existing resources to protect against cyberattacks on water systems. According to the letter from the White House, there have been an increased amount of attacks on water systems driven by both countries or nation state actors and run of the mill cyber criminals. So I'm glad to see our federal government stepping in and helping where they can. But we might be reaching the point where we need to take our own health and wellbeing into our own hands, stock up on water, buy a nice filter, maybe get a rain bucket for outside. Make sure that you and your family are taken care of in the event that the water does go down. [00:05:40] offsetkeyz: Recently we've been seeing a lot of ransomware as a service groups being shut down by the FBI and other three letter organizations, which is great. But the FBI can only do so much, and what they've been doing is trying to capture individuals who are responsible for running these ransomware as a service groups or developers, [00:06:00] but mostly they're just shutting down dark web websites. with big banners that say claimed by the FBI. So in most instances, the individuals behind these ransomware as a service groups are just moving and creating new ransomware as a service groups, or joining others, strengthening their staffing. But let's back up for a second. What is ransomware as a service? Well, this is the new hot thing in ransomware, where it's essentially Cloud as a service, or something that you would sign up to use not really knowing how to make it yourself, but you want to use the tools to conduct a ransomware. So a good example of something you might use as a service is something like Squarespace, where if you don't know how to do web development, but you want a website, you would then pay for Squarespace's services and they give you some features, right? Depending on how much you're willing to pay. So Squarespace specifically is considered software as a service. Now ransomware as a service does exactly [00:07:00] that. I would like to ransomware somebody. So I go sign up for an account at one of these places. Such as Medusa or Cloak, as referenced in the article by HelpNet Security that's linked in our show notes below. And depending on the amount you want to pay for this service, you can get perks. Thanks. The amounts are surprisingly low between 800 to 1, 000 a year to access this product and they're getting lower. They're being pushed harder onto end users and the perks are getting better too. One of the lowest tiers is once you reach a million dollars in ransom payments, you get access to dumped hashes, you get access to a bunch of tools that make it easier to do the initial compromise. There have also been a string of Exit scams across the dark web, which is essentially when a company like Medusa or any ransomware as a service will Receive the ransom that you [00:08:00] went out and earned and then just close down their site keeping all of the money most ransomware as a services Set up the platform to receive the money And then they pay you about 85 percent of the ransom, as agreed upon before using the service. But now these groups are starting to let you collect the ransom, and then allow you to pay that 15 percent usage fee. helping to encourage people to use their services and not be so afraid of exit scams or other scams on the dark web. But what's so crazy about this is that they're literally just posting ads on the dark web. They're in forums and they are offering these perks and security researchers are able to see them in real time and see who's interacting with them. And the beauty of the dark web is that. If you're doing it correctly, it can be completely anonymous. Now I don't encourage you to get on the dark web to see this type of activity, but it is available to you. And if you'd like more information about the dark web, I released a talk about a week ago, maybe two weeks ago at this point, outlining at a high level how the dark web [00:09:00] works. [00:09:12] offsetkeyz: And finally, researchers have developed or discovered a new denial of service or DOS attack. that relies on UDP based application level protocols. And if you're not familiar, there are two main protocols on the transport layer that you interact with on a daily basis. UDP and TCP. UDP is the faster of the two, and it doesn't require any sort of verification that the data has been received. And this is often used when gaming online with your friends or talking, or even streaming like YouTube videos. Those rely heavily on UDP because you need to get the data as quickly as possible when streaming videos. And it doesn't really matter if every single frame is accounted for, you can occasionally drop frames, which might result in a little skip, but [00:10:00] overall, most of them are going to get through kind of like a shotgun spray. Whereas TCP is more for like text based communications or things where data needs to be verified on both ends, and it's a little slower due to the verification. So, UDP inherently doesn't verify, which is important to understand this type of attack, because this loop denial of service exploits UDP's lack of source IP validation to create endless communication loops between servers, eventually overwhelming them. Additionally, protocols like DNS, NTP, and TFTP are among those vulnerable to these attacks, potentially affecting basic internet functionalities. So this does tie back into the attack on DNS, which is essentially like a lookup of what you're trying to navigate to. So, when you navigate to facebook.com it reaches out to a DNS server and says, Hey, what the heck is facebook. com? And it replies with an address. Without those [00:11:00] DNS servers, we actually can't move about the internet like we do on the day to day. So this attack is easily triggered by a single spoofed message and can stress entire networks with 300, 000 hosts already at risk. There's no evidence of this loop denial of service being used in the wild, but its exploitation is considered trivial, affecting major vendors like Cisco and Microsoft. Now, these are likely a little further down the pipeline than you're familiar with as a regular user or even as a cybersecurity analyst. but you might notice slower internet speeds, stuff like that, if this happens, with the potential for it to completely shut down your internet connection. And on that note, not much is to be done on the user level. Just letting you know what's possible and what the attackers are doing. Hitting you from all kinds of angles. All right, and that is all we've got for you today. A little bit longer of an episode because we missed yesterday due to technical [00:12:00] issues, but we're back and better than ever, and we will talk to you some more tomorrow.

On this week's show Patrick and Adam discuss the week's security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia's powershell, solving living off the land, And much, much more This week's show is brought to you by Material Security. In this week's sponsor interview we speak with Material's Rajan Kapoor, VP of Customer Experience at Material. We're also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic's CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit's takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk's SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

On this week's show Patrick and Adam discuss the week's security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia's powershell, solving living off the land, And much, much more This week's show is brought to you by Material Security. In this week's sponsor interview we speak with Material's Rajan Kapoor, VP of Customer Experience at Material. We're also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic's CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit's takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk's SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware

In this Hasty Treat, Scott and Wes talk about how you can intercept and debug traffic going out from your computer or other internet connected devices in your home, or your garage! Show Notes 00:25 Welcome 01:55 Syntax Brought to you by Sentry 02:17 Scott's story of wanting to intercept data Tonal 06:36 Other examples 08:38 Different types of traffic 14:52 TCP vs UDP 16:07 Why would you want to run a proxy? 24:20 Applications to use Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy Proxyman · Native, Modern Web Debugging Proxy · Inspect network traffic from Mac, iOS, Android devices with ease Intercept, debug & mock HTTP with HTTP Toolkit mitmproxy - an interactive HTTPS proxy Wireshark · Go Deep Little Snitch Capturing Modes - Fiddler Everywhere Hacksore on Twitter How I Hacked my Car :: Programming With Style Tweet us your tasty treats Scott's Instagram LevelUpTutorials Instagram Wes' Instagram Wes' Twitter Wes' Facebook Scott's Twitter Make sure to include @SyntaxFM in your tweets Wes Bos on Bluesky Scott on Bluesky Syntax on Bluesky

Our guest, Allen West from Akamai's SIRT team, joins Dave to discuss their research on "The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile." Akamai found this new botnet was targeting the gaming industry, modeled after Qbot, Mirai, and other malware strains. The botnet has expanded to encompass hundreds of compromised devices. The research states "through reverse engineering and patching the malware binary, our analysis determined the botnet's attack potential at approximately 629.28 Gbps with its UDP flood attacks." Akamai researchers do a deep dive into the motives behind the attacks, the effectiveness of the attack, and how the law has been handling similar cases. The research can be found here: The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile

Picture of the Week. The Encryption Debate. Age does matter... Age Verification. WhatsApp: Rather be blocked in UK than weaken security. Exposing Side-Channel Monitoring. Closing the Loop. A new UDP reflection attack vector. Google Authenticator Updated. Does Israel use NSO Group commercial spyware? A Russian OS? TP-Link routers compromised. A pre-release security audit. Another Intel side-channel attack. Windows users: Don't remove cURL! AI comes to VirusTotal.  Show Notes    https://www.grc.com/sn/SN-921-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twittv drata.com/twit