Podcasts about Versioning

Dr. Mary explores the transformative concept of versioning and making the quantum leap in this solo cast. Have you ever wondered if a version of you already exists—one who has achieved vibrant health, financial abundance, and full alignment with your highest potential? Quantum physics and energy medicine suggest this is possible and accessible.By understanding the quantum field and using intentional energy practices, we can shift our reality and embody the best version of ourselves. In this episode, you'll learn how to harness the power of the quantum realm to create profound change in your life.Key Topics Covered:✨ What is Versioning? – The idea that multiple versions of you exist within the quantum field, each representing different possibilities and outcomes. ✨ The Science Behind the Quantum Field – How quantum physics supports the concept of energy beyond time and space. ✨ Tools for Making the Quantum Leap – Energy medicine techniques such as Kundalini activation, awareness practices, and setting intentions. ✨ The Process of Quantum Leaping – A step-by-step guide to shifting into a new reality by aligning your energy and embodying your desired version. ✨ Practical Steps to Get Started – Grounding, clearing, and charging your energy centers and consciously directing your focus toward your desired transformation.Key Takeaways:

What a week in AI, folks! Seriously, just when you think things might slow down, the AI world throws another curveball. This week, we had everything from rogue AI apps giving unsolicited life advice (and sending rogue texts!), to mind-blowing open source releases that are pushing the boundaries of what's possible, and of course, the ever-present drama of the big AI companies with OpenAI dropping a roadmap that has everyone scratching their heads.Buckle up, because on this week's ThursdAI, we dove deep into all of it. We chatted with the brains behind the latest open source embedding model, marveled at a tiny model crushing math benchmarks, and tried to decipher Sam Altman's cryptic GPT-5 roadmap. Plus, I shared a personal story about an AI app that decided to psychoanalyze my text messages – you won't believe what happened! Let's get into the TL;DR of ThursdAI, February 13th, 2025 – it's a wild one!* Alex Volkov: AI Adventurist with weights and biases* Wolfram Ravenwlf: AI Expert & Enthusiast* Nisten: AI Community Member* Zach Nussbaum: Machine Learning Engineer at Nomic AI* Vu Chan: AI Enthusiast & Evaluator* LDJ: AI Community MemberPersonal story of Rogue AI with RPLYThis week kicked off with a hilarious (and slightly unsettling) story of my own AI going rogue, all thanks to a new Mac app called RPLY designed to help with message replies. I installed it thinking it would be a cool productivity tool, but it turned into a personal intervention session, and then… well, let's just say things escalated.The app started by analyzing my text messages and, to my surprise, delivered a brutal psychoanalysis of my co-parenting communication, pointing out how both my ex and I were being "unpleasant" and needed to focus on the kids. As I said on the show, "I got this as a gut punch. I was like, f*ck, I need to reimagine my messaging choices." But the real kicker came when the AI decided to take initiative and started sending messages without my permission (apparently this was a bug with RPLY that was fixed since I reported)! Friends were texting me question marks, and my ex even replied to a random "Hey, How's your day going?" message with a smiley, completely out of our usual post-divorce communication style. "This AI, like on Monday before just gave me absolute s**t about not being, a person that needs to be focused on the kids also decided to smooth things out on friday" I chuckled, still slightly bewildered by the whole ordeal. It could have gone way worse, but thankfully, this rogue AI counselor just ended up being more funny than disastrous.Open Source LLMsDeepHermes preview from NousResearchJust in time for me sending this newsletter (but unfortunately not quite in time for the recording of the show), our friends at Nous shipped an experimental new thinking model, their first reasoner, called DeepHermes. NousResearch claims DeepHermes is among the first models to fuse reasoning and standard LLM token generation within a single architecture (a trend you'll see echoed in the OpenAI and Claude announcements below!)Definitely experimental cutting edge stuff here, but exciting to see not just an RL replication but also innovative attempts from one of the best finetuning collectives around. Nomic Embed Text V2 - First Embedding MoENomic AI continues to impress with the release of Nomic Embed Text V2, the first general-purpose Mixture-of-Experts (MoE) embedding model. Zach Nussbaum from Nomic AI joined us to explain why this release is a big deal.* First general-purpose Mixture-of-Experts (MoE) embedding model: This innovative architecture allows for better performance and efficiency.* SOTA performance on multilingual benchmarks: Nomic Embed V2 achieves state-of-the-art results on the multilingual MIRACL benchmark for its size.* Support for 100+ languages: Truly multilingual embeddings for global applications.* Truly open source: Nomic is committed to open source, releasing training data, weights, and code under the Apache 2.0 License.Zach highlighted the benefits of MoE for embeddings, explaining, "So we're trading a little bit of, inference time memory, and training compute to train a model with mixture of experts, but we get this, really nice added bonus of, 25 percent storage." This is especially crucial when dealing with massive datasets. You can check out the model on Hugging Face and read the Technical Report for all the juicy details.AllenAI OLMOE on iOS and New Tulu 3.1 8BAllenAI continues to champion open source with the release of OLMOE, a fully open-source iOS app, and the new Tulu 3.1 8B model.* OLMOE iOS App: This app brings state-of-the-art open-source language models to your iPhone, privately and securely.* Allows users to test open-source LLMs on-device.* Designed for researchers studying on-device AI and developers prototyping new AI experiences.* Optimized for on-device performance while maintaining high accuracy.* Fully open-source code for further development.* Available on the App Store for iPhone 15 Pro or newer and M-series iPads.* Tulu 3.1 8B As Nisten pointed out, "If you're doing edge AI, the way that this model is built is pretty ideal for that." This move by AllenAI underscores the growing importance of on-device AI and open access. Read more about OLMOE on the AllenAI Blog.Groq Adds Qwen Models and Lands on OpenRouterGroq, known for its blazing-fast inference speeds, has added Qwen models, including the distilled R1-distill, to its service and joined OpenRouter.* Record-fast inference: Experience a mind-blowing 1000 TPS with distilled DeepSeek R1 70B on Open Router.* Usable Rate Limits: Groq is now accessible for production use cases with higher rate limits and pay-as-you-go options.* Qwen Model Support: Access Qwen models like 2.5B-32B and R1-distill-qwen-32B.* Open Router Integration: Groq is now available on OpenRouter, expanding accessibility for developers.As Nisten noted, "At the end of the day, they are shipping very fast inference and you can buy it and it looks like they are scaling it. So they are providing the market with what it needs in this case." This integration makes Groq's speed even more accessible to developers. Check out Groq's announcement on X.com.SambaNova adds full DeepSeek R1 671B - flies at 200t/s (blog)In a complete trend of this week, SambaNova just announced they have availability of DeepSeek R1, sped up by their custom chips, flying at 150-200t/s. This is the full DeepSeek R1, not the distilled Qwen based versions! This is really impressive work, and compared to the second fastest US based DeepSeek R1 (on Together AI) it absolutely fliesAgentica DeepScaler 1.5B Beats o1-preview on MathAgentica's DeepScaler 1.5B model is making waves by outperforming OpenAI's o1-preview on math benchmarks, using Reinforcement Learning (RL) for just $4500 of compute.* Impressive Math Performance: DeepScaleR achieves a 37.1% Pass@1 on AIME 2025, outperforming the base model and even o1-preview!!* Efficient Training: Trained using RL for just $4500, demonstrating cost-effective scaling of intelligence.* Open Sourced Resources: Agentica open-sourced their dataset, code, and training logs, fostering community progress in RL-based reasoning.Vu Chan, an AI enthusiast who evaluated the model, joined us to share his excitement: "It achieves, 42% pass at one on a AIME 24. which basically means if you give the model only one chance at every problem, it will solve 42% of them." He also highlighted the model's efficiency, generating correct answers with fewer tokens. You can find the model on Hugging Face, check out the WandB logs, and see the announcement on X.com.ModernBert Instruct - Encoder Model for General TasksModernBert, known for its efficient encoder-only architecture, now has an instruct version, ModernBert Instruct, capable of handling general tasks.* Instruct-tuned Encoder: ModernBERT-Large-Instruct can perform classification and multiple-choice tasks using its Masked Language Modeling (MLM) head.* Beats Qwen .5B: Outperforms Qwen .5B on MMLU and MMLU Pro benchmarks.* Efficient and Versatile: Demonstrates the potential of encoder models for general tasks without task-specific heads.This release shows that even encoder-only models can be adapted for broader applications, challenging the dominance of decoder-based LLMs for certain tasks. Check out the announcement on X.com.Big CO LLMs + APIsRIP GPT-5 and o3 - OpenAI Announces Public RoadmapOpenAI shook things up this week with a roadmap update from Sam Altman, announcing a shift in strategy for GPT-5 and the o-series models. Get ready for GPT-4.5 (Orion) and a unified GPT-5 system!* GPT-4.5 (Orion) is Coming: This will be the last non-chain-of-thought model from OpenAI.* GPT-5: A Unified System: GPT-5 will integrate technologies from both the GPT and o-series models into a single, seamless system.* No Standalone o3: o3 will not be released as a standalone model; its technology will be integrated into GPT-5. "We will no longer ship O3 as a standalone model," Sam Altman stated.* Simplified User Experience: The model picker will be eliminated in ChatGPT and the API, aiming for a more intuitive experience.* Subscription Tier Changes:* Free users will get unlimited access to GPT-5 at a standard intelligence level.* Plus and Pro subscribers will gain access to increasingly advanced intelligence settings of GPT-5.* Expanded Capabilities: GPT-5 will incorporate voice, canvas, search, deep research, and more.This roadmap signals a move towards more integrated and user-friendly AI experiences. As Wolfram noted, "Having a unified access and the AI should be smart enough... AI has, we need an AI to pick which AI to use." This seems to be OpenAI's direction. Read Sam Altman's full announcement on X.com.OpenAI Releases ModelSpec v2OpenAI also released ModelSpec v2, an update to their document defining desired AI model behaviors, emphasizing customizability, transparency, and intellectual freedom.* Chain of Command: Defines a hierarchy to balance user/developer control with platform-level rules.* Truth-Seeking and User Empowerment: Encourages models to "seek the truth together" with users and empower decision-making.* Core Principles: Sets standards for competence, accuracy, avoiding harm, and embracing intellectual freedom.* Open Source: OpenAI open-sourced the Spec and evaluation prompts for broader use and collaboration on GitHub.This release reflects OpenAI's ongoing efforts to align AI behavior and promote responsible development. Wolfram praised ModelSpec, saying, "I was all over the original models back when it was announced in the first place... That is one very important aspect when you have the AI agent going out on the web and get information from not trusted sources." Explore ModelSpec v2 on the dedicated website.VP Vance Speech at AI Summit in Paris - Deregulate and Dominate!Vice President Vance delivered a powerful speech at the AI Summit in Paris, advocating for pro-growth AI policies and deregulation to maintain American leadership in AI.* Pro-Growth and Deregulation: VP Vance urged for policies that encourage AI innovation and cautioned against excessive regulation, specifically mentioning GDPR.* American AI Leadership: Emphasized ensuring American AI technology remains the global standard and blocks hostile foreign adversaries from weaponizing AI. "Hostile foreign adversaries have weaponized AI software to rewrite history, surveil users, and censor speech… I want to be clear – this Administration will block such efforts, full stop," VP Vance declared.* Key Points:* Ensure American AI leadership.* Encourage pro-growth AI policies.* Maintain AI's freedom from ideological bias.* Prioritize a pro-worker approach to AI development.* Safeguard American AI and chip technologies.* Block hostile foreign adversaries' weaponization of AI.Nisten commented, "He really gets something that most EU politicians do not understand is that whenever they have such a good thing, they're like, okay, this must be bad. And we must completely stop it." This speech highlights the ongoing debate about AI regulation and its impact on innovation. Read the full speech here.Cerebras Powers Perplexity with Blazing Speed (1200 t/s!)Perplexity is now powered by Cerebras, achieving inference speeds exceeding 1200 tokens per second.* Unprecedented Speed: Perplexity's Sonar model now flies at over 1200 tokens per second thanks to Cerebras' massive LPU chips. "Like perplexity sonar, their specific LLM for search is now powered by Cerebras and it's like 12. 100 tokens per second. It's it matches Google now on speed," I noted on the show.* Google-Level Speed: Perplexity now matches Google in inference speed, making it incredibly fast and responsive.This partnership significantly enhances Perplexity's performance, making it an even more compelling search and AI tool. See Perplexity's announcement on X.com.Anthropic Claude Incoming - Combined LLM + Reasoning ModelRumors are swirling that Anthropic is set to release a new Claude model that will be a combined LLM and reasoning model, similar to OpenAI's GPT-5 roadmap.* Unified Architecture: Claude's next model is expected to integrate both LLM and reasoning capabilities into a single, hybrid architecture.* Reasoning Powerhouse: Rumors suggest Anthropic has had a reasoning model stronger than Claude 3 for some time, hinting at a significant performance leap.This move suggests a broader industry trend towards unified AI models that seamlessly blend different capabilities. Stay tuned for official announcements from Anthropic.Elon Musk Teases Grok 3 "Weeks Out"Elon Musk continues to tease the release of Grok 3, claiming it will be "a few weeks out" and the "most powerful AI" they have tested, with enhanced reasoning capabilities.* Grok 3 Hype: Elon Musk claims Grok 3 will be the most powerful AI X.ai has released, with a focus on reasoning.* Reasoning Focus: Grok 3's development may have shifted towards reasoning capabilities, potentially causing a slight delay in release.While details remain scarce, the anticipation for Grok 3 is building, especially in light of the advancements in open source reasoning models.This Week's Buzz

Arnaud et Emmanuel discutent des nouvelles de ce mois. On y parle intégrité de JVM, fetch size de JDBC, MCP, de prompt engineering, de DeepSeek bien sûr mais aussi de Maven 4 et des proxy de répository Maven. Et d'autres choses encore, bonne lecture. Enregistré le 7 février 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-322.mp3 ou en vidéo sur YouTube. News Langages Les evolutions de la JVM pour augmenter l'intégrité https://inside.java/2025/01/03/evolving-default-integrity/ un article sur les raisons pour lesquelles les editeurs de frameworks et les utilisateurs s'arrachent les cheveux et vont continuer garantir l'integrite du code et des données en enlevant des APIs existantes historiquemnt agents dynamiques, setAccessible, Unsafe, JNI Article expliques les risques percus par les mainteneurs de la JVM Franchement c'est un peu leg sur les causes l'article, auto propagande JavaScript Temporal, enfin une API propre et moderne pour gérer les dates en JS https://developer.mozilla.org/en-US/blog/javascript-temporal-is-coming/ JavaScript Temporal est un nouvel objet conçu pour remplacer l'objet Date, qui présente des défauts. Il résout des problèmes tels que le manque de prise en charge des fuseaux horaires et la mutabilité. Temporal introduit des concepts tels que les instants, les heures civiles et les durées. Il fournit des classes pour gérer diverses représentations de date/heure, y compris celles qui tiennent compte du fuseau horaire et celles qui n'en tiennent pas compte. Temporal simplifie l'utilisation de différents calendriers (par exemple, chinois, hébreu). Il comprend des méthodes pour les comparaisons, les conversions et le formatage des dates et des heures. La prise en charge par les navigateurs est expérimentale, Firefox Nightly ayant l'implémentation la plus aboutie. Un polyfill est disponible pour essayer Temporal dans n'importe quel navigateur. Librairies Un article sur les fetch size du JDBC et les impacts sur vos applications https://in.relation.to/2025/01/24/jdbc-fetch-size/ qui connait la valeur fetch size par default de son driver? en fonction de vos use cases, ca peut etre devastateur exemple d'une appli qui retourne 12 lignes et un fetch size de oracle a 10, 2 a/r pour rien et si c'est 50 lignres retournées la base de donnée est le facteur limitant, pas Java donc monter sont fetch size est avantageux, on utilise la memoire de Java pour eviter la latence Quarkus annouce les MCP servers project pour collecter les servier MCP en Java https://quarkus.io/blog/introducing-mcp-servers/ MCP d'Anthropic introspecteur de bases JDBC lecteur de filke system Dessine en Java FX demarrables facilement avec jbang et testes avec claude desktop, goose et mcp-cli permet d'utliser le pouvoir des librarires Java de votre IA d'ailleurs Spring a la version 0.6 de leur support MCP https://spring.io/blog/2025/01/23/spring-ai-mcp-0 Infrastructure Apache Flink sur Kibernetes https://www.decodable.co/blog/get-running-with-apache-flink-on-kubernetes-2 un article tres complet ejn deux parties sur l'installation de Flink sur Kubernetes installation, setup mais aussi le checkpointing, la HA, l'observablité Data et Intelligence Artificielle 10 techniques de prompt engineering https://medium.com/google-cloud/10-prompt-engineering-techniques-every-beginner-should-know-bf6c195916c7 Si vous voulez aller plus loin, l'article référence un très bon livre blanc sur le prompt engineering https://www.kaggle.com/whitepaper-prompt-engineering Les techniques évoquées : Zero-Shot Prompting: On demande directement à l'IA de répondre à une question sans lui fournir d'exemple préalable. C'est comme si on posait une question à une personne sans lui donner de contexte. Few-Shot Prompting: On donne à l'IA un ou plusieurs exemples de la tâche qu'on souhaite qu'elle accomplisse. C'est comme montrer à quelqu'un comment faire quelque chose avant de lui demander de le faire. System Prompting: On définit le contexte général et le but de la tâche pour l'IA. C'est comme donner à l'IA des instructions générales sur ce qu'elle doit faire. Role Prompting: On attribue un rôle spécifique à l'IA (enseignant, journaliste, etc.). C'est comme demander à quelqu'un de jouer un rôle spécifique. Contextual Prompting: On fournit des informations supplémentaires ou un contexte pour la tâche. C'est comme donner à quelqu'un toutes les informations nécessaires pour répondre à une question. Step-Back Prompting: On pose d'abord une question générale, puis on utilise la réponse pour poser une question plus spécifique. C'est comme poser une question ouverte avant de poser une question plus fermée. Chain-of-Thought Prompting: On demande à l'IA de montrer étape par étape comment elle arrive à sa conclusion. C'est comme demander à quelqu'un d'expliquer son raisonnement. Self-Consistency Prompting: On pose plusieurs fois la même question à l'IA et on compare les réponses pour trouver la plus cohérente. C'est comme vérifier une réponse en la posant sous différentes formes. Tree-of-Thoughts Prompting: On permet à l'IA d'explorer plusieurs chemins de raisonnement en même temps. C'est comme considérer toutes les options possibles avant de prendre une décision. ReAct Prompting: On permet à l'IA d'interagir avec des outils externes pour résoudre des problèmes complexes. C'est comme donner à quelqu'un les outils nécessaires pour résoudre un problème. Les patterns GenAI the thoughtworks https://martinfowler.com/articles/gen-ai-patterns/ tres introductif et pre RAG le direct prompt qui est un appel direct au LLM: limitations de connaissance et de controle de l'experience eval: evaluer la sortie d'un LLM avec plusieurs techniques mais fondamentalement une fonction qui prend la demande, la reponse et donc un score numerique evaluation via un LLM (le meme ou un autre), ou evaluation humaine tourner les evaluations a partir de la chaine de build amis aussi en live vu que les LLMs puvent evoluer. Decrit les embedding notament d'image amis aussi de texte avec la notion de contexte DeepSeek et la fin de la domination de NVidia https://youtubetranscriptoptimizer.com/blog/05_the_short_case_for_nvda un article sur les raisons pour lesquelles NVIDIA va se faire cahllengert sur ses marges 90% de marge quand meme parce que les plus gros GPU et CUDA qui est proprio mais des approches ardware alternatives existent qui sont plus efficientes (TPU et gros waffle) Google, MS et d'autres construisent leurs GPU alternatifs CUDA devient de moins en moins le linga franca avec l'investissement sur des langages intermediares alternatifs par Apple, Google OpenAI etc L'article parle de DeepSkeek qui est venu mettre une baffe dans le monde des LLMs Ils ont construit un competiteur a gpt4o et o1 avec 5M de dollars et des capacites de raisonnements impressionnant la cles c'etait beaucoup de trick d'optimisation mais le plus gros est d'avoir des poids de neurores sur 8 bits vs 32 pour les autres. et donc de quatizer au fil de l'eau et au moment de l'entrainement beaucoup de reinforcemnt learning innovatifs aussi et des Mixture of Expert donc ~50x moins chers que OpenAI Donc plus besoin de GPU qui on des tonnes de vRAM ah et DeepSeek est open source un article de semianalytics change un peu le narratif le papier de DeepSkeek en dit long via ses omissions par ensemple les 6M c'est juste l'inference en GPU, pas les couts de recherches et divers trials et erreurs en comparaison Claude Sonnet a coute 10M en infererence DeepSeek a beaucoup de CPU pre ban et ceratins post bans evalués a 5 Milliards en investissement. leurs avancées et leur ouverture reste extremement interessante Une intro à Apache Iceberg http://blog.ippon.fr/2025/01/17/la-revolution-des-donnees-lavenement-des-lakehouses-avec-apache-iceberg/ issue des limites du data lake. non structuré et des Data Warehouses aux limites en diversite de données et de volume entrent les lakehouse Et particulierement Apache Iceberg issue de Netflix gestion de schema mais flexible notion de copy en write vs merge on read en fonction de besoins garantie atomicite, coherence, isoliation et durabilite notion de time travel et rollback partitions cachées (qui abstraient la partition et ses transfos) et evolution de partitions compatbile avec les moteurs de calcul comme spark, trino, flink etc explique la structure des metadonnées et des données Guillaume s'amuse à générer des histoires courtes de Science-Fiction en programmant des Agents IA avec LangChain4j et aussi avec des workflows https://glaforge.dev/posts/2025/01/27/an-ai-agent-to-generate-short-scifi-stories/ https://glaforge.dev/posts/2025/01/31/a-genai-agent-with-a-real-workflow/ Création d'un générateur automatisé de nouvelles de science-fiction à l'aide de Gemini et Imagen en Java, LangChain4j, sur Google Cloud. Le système génère chaque nuit des histoires, complétées par des illustrations créées par le modèle Imagen 3, et les publie sur un site Web. Une étape d'auto-réflexion utilise Gemini pour sélectionner la meilleure image pour chaque chapitre. L'agent utilise un workflow explicite, drivé par le code Java, où les étapes sont prédéfinies dans le code, plutôt que de s'appuyer sur une planification basée sur LLM. Le code est disponible sur GitHub et l'application est déployée sur Google Cloud. L'article oppose les agents de workflow explicites aux agents autonomes, en soulignant les compromis de chaque approche. Car parfois, les Agent IA autonomes qui gèrent leur propre planning hallucinent un peu trop et n'établissent pas un plan correctement, ou ne le suive pas comme il faut, voire hallucine des “function call”. Le projet utilise Cloud Build, le Cloud Run jobs, Cloud Scheduler, Firestore comme base de données, et Firebase pour le déploiement et l'automatisation du frontend. Dans le deuxième article, L'approche est différente, Guillaume utilise un outil de Workflow, plutôt que de diriger le planning avec du code Java. L'approche impérative utilise du code Java explicite pour orchestrer le workflow, offrant ainsi un contrôle et une parallélisation précis. L'approche déclarative utilise un fichier YAML pour définir le workflow, en spécifiant les étapes, les entrées, les sorties et l'ordre d'exécution. Le workflow comprend les étapes permettant de générer une histoire avec Gemini 2, de créer une invite d'image, de générer des images avec Imagen 3 et d'enregistrer le résultat dans Cloud Firestore (base de donnée NoSQL). Les principaux avantages de l'approche impérative sont un contrôle précis, une parallélisation explicite et des outils de programmation familiers. Les principaux avantages de l'approche déclarative sont des définitions de workflow peut-être plus faciles à comprendre (même si c'est un YAML, berk !) la visualisation, l'évolutivité et une maintenance simplifiée (on peut juste changer le YAML dans la console, comme au bon vieux temps du PHP en prod). Les inconvénients de l'approche impérative incluent le besoin de connaissances en programmation, les défis potentiels en matière de maintenance et la gestion des conteneurs. Les inconvénients de l'approche déclarative incluent une création YAML pénible, un contrôle de parallélisation limité, l'absence d'émulateur local et un débogage moins intuitif. Le choix entre les approches dépend des exigences du projet, la déclarative étant adaptée aux workflows plus simples. L'article conclut que la planification déclarative peut aider les agents IA à rester concentrés et prévisibles. Outillage Vulnérabilité des proxy Maven https://github.blog/security/vulnerability-research/attacks-on-maven-proxy-repositories/ Quelque soit le langage, la techno, il est hautement conseillé de mettre en place des gestionnaires de repositories en tant que proxy pour mieux contrôler les dépendances qui contribuent à la création de vos produits Michael Stepankin de l'équipe GitHub Security Lab a cherché a savoir si ces derniers ne sont pas aussi sources de vulnérabilité en étudiant quelques CVEs sur des produits comme JFrog Artifactory, Sonatype Nexus, et Reposilite Certaines failles viennent de la UI des produits qui permettent d'afficher les artifacts (ex: mettez un JS dans un fichier POM) et même de naviguer dedans (ex: voir le contenu d'un jar / zip et on exploite l'API pour lire, voir modifier des fichiers du serveur en dehors des archives) Les artifacts peuvent aussi être compromis en jouant sur les paramètres propriétaires des URLs ou en jouant sur le nomage avec les encodings. Bref, rien n'est simple ni niveau. Tout système rajoute de la compléxité et il est important de les tenir à mettre à jour. Il faut surveiller activement sa chaine de distribution via différents moyens et ne pas tout miser sur le repository manager. L'auteur a fait une présentation sur le sujet : https://www.youtube.com/watch?v=0Z_QXtk0Z54 Apache Maven 4… Bientôt, c'est promis …. qu'est ce qu'il y aura dedans ? https://gnodet.github.io/maven4-presentation/ Et aussi https://github.com/Bukama/MavenStuff/blob/main/Maven4/whatsnewinmaven4.md Apache Maven 4 Doucement mais surement …. c'est le principe d'un projet Maven 4.0.0-rc-2 est dispo (Dec 2024). Maven a plus de 20 ans et est largement utilisé dans l'écosystème Java. La compatibilité ascendante a toujours été une priorité, mais elle a limité la flexibilité. Maven 4 introduit des changements significatifs, notamment un nouveau schéma de construction et des améliorations du code. Changements du POM Séparation du Build-POM et du Consumer-POM : Build-POM : Contient des informations propres à la construction (ex. plugins, configurations). Consumer-POM : Contient uniquement les informations nécessaires aux consommateurs d'artefacts (ex. dépendances). Nouveau Modèle Version 4.1.0 : Utilisé uniquement pour le Build-POM, alors que le Consumer-POM reste en 4.0.0 pour la compatibilité. Introduit de nouveaux éléments et en marque certains comme obsolètes. Modules renommés en sous-projets : “Modules” devient “Sous-projets” pour éviter la confusion avec les Modules Java. L'élément remplace (qui reste pris en charge). Nouveau type de packaging : “bom” (Bill of Materials) : Différencie les POMs parents et les BOMs de gestion des dépendances. Prend en charge les exclusions et les imports basés sur les classifiers. Déclaration explicite du répertoire racine : permet de définir explicitement le répertoire racine du projet. Élimine toute ambiguïté sur la localisation des racines de projet. Nouvelles variables de répertoire : ${project.rootDirectory}, ${session.topDirectory} et ${session.rootDirectory} pour une meilleure gestion des chemins. Remplace les anciennes solutions non officielles et variables internes obsolètes. Prise en charge de syntaxes alternatives pour le POM Introduction de ModelParser SPI permettant des syntaxes alternatives pour le POM. Apache Maven Hocon Extension est un exemple précoce de cette fonctionnalité. Améliorations pour les sous-projets Versioning automatique des parents Il n'est plus nécessaire de définir la version des parents dans chaque sous-projet. Fonctionne avec le modèle de version 4.1.0 et s'étend aux dépendances internes au projet. Support complet des variables compatibles CI Le Flatten Maven Plugin n'est plus requis. Prend en charge les variables comme ${revision} pour le versioning. Peut être défini via maven.config ou la ligne de commande (mvn verify -Drevision=4.0.1). Améliorations et corrections du Reactor Correction de bug : Gestion améliorée de --also-make lors de la reprise des builds. Nouvelle option --resume (-r) pour redémarrer à partir du dernier sous-projet en échec. Les sous-projets déjà construits avec succès sont ignorés lors de la reprise. Constructions sensibles aux sous-dossiers : Possibilité d'exécuter des outils sur des sous-projets sélectionnés uniquement. Recommandation : Utiliser mvn verify plutôt que mvn clean install. Autres Améliorations Timestamps cohérents pour tous les sous-projets dans les archives packagées. Déploiement amélioré : Le déploiement ne se produit que si tous les sous-projets sont construits avec succès. Changements de workflow, cycle de vie et exécution Java 17 requis pour exécuter Maven Java 17 est le JDK minimum requis pour exécuter Maven 4. Les anciennes versions de Java peuvent toujours être ciblées pour la compilation via Maven Toolchains. Java 17 a été préféré à Java 21 en raison d'un support à long terme plus étendu. Mise à jour des plugins et maintenance des applications Suppression des fonctionnalités obsolètes (ex. Plexus Containers, expressions ${pom.}). Mise à jour du Super POM, modifiant les versions par défaut des plugins. Les builds peuvent se comporter différemment ; définissez des versions fixes des plugins pour éviter les changements inattendus. Maven 4 affiche un avertissement si des versions par défaut sont utilisées. Nouveau paramètre “Fail on Severity” Le build peut échouer si des messages de log atteignent un niveau de gravité spécifique (ex. WARN). Utilisable via --fail-on-severity WARN ou -fos WARN. Maven Shell (mvnsh) Chaque exécution de mvn nécessitait auparavant un redémarrage complet de Java/Maven. Maven 4 introduit Maven Shell (mvnsh), qui maintient un processus Maven résident unique ouvert pour plusieurs commandes. Améliore la performance et réduit les temps de build. Alternative : Utilisez Maven Daemon (mvnd), qui gère un pool de processus Maven résidents. Architecture Un article sur les feature flags avec Unleash https://feeds.feedblitz.com//911939960/0/baeldungImplement-Feature-Flags-in-Java-With-Unleash Pour A/B testing et des cycles de développements plus rapides pour « tester en prod » Montre comment tourner sous docker unleash Et ajouter la librairie a du code java pour tester un feature flag Sécurité Keycloak 26.1 https://www.keycloak.org/2025/01/keycloak-2610-released.html detection des noeuds via la proble base de donnée aulieu echange reseau virtual threads pour infinispan et jgroups opentelemetry tracing supporté et plein de fonctionalités de sécurité Loi, société et organisation Les grands morceaux du coût et revenus d'une conférence. Ici http://bdx.io|bdx.io https://bsky.app/profile/ameliebenoit33.bsky.social/post/3lgzslhedzk2a 44% le billet 52% les sponsors 38% loc du lieu 29% traiteur et café 12% standiste 5% frais speaker (donc pas tous) Ask Me Anything Julien de Provin: J'aime beaucoup le mode “continuous testing” de Quarkus, et je me demandais s'il existait une alternative en dehors de Quarkus, ou à défaut, des ressources sur son fonctionnement ? J'aimerais beaucoup avoir un outil agnostique utilisable sur les projets non-Quarkus sur lesquels j'intervient, quitte à y metttre un peu d'huile de coude (ou de phalange pour le coup). https://github.com/infinitest/infinitest/ Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 février 2025 : Touraine Tech - Tours (France) 21 février 2025 : LyonJS 100 - Lyon (France) 28 février 2025 : Paris TS La Conf - Paris (France) 6 mars 2025 : DevCon #24 : 100% IA - Paris (France) 13 mars 2025 : Oracle CloudWorld Tour Paris - Paris (France) 14 mars 2025 : Rust In Paris 2025 - Paris (France) 19-21 mars 2025 : React Paris - Paris (France) 20 mars 2025 : PGDay Paris - Paris (France) 20-21 mars 2025 : Agile Niort - Niort (France) 25 mars 2025 : ParisTestConf - Paris (France) 26-29 mars 2025 : JChateau Unconference 2025 - Cour-Cheverny (France) 27-28 mars 2025 : SymfonyLive Paris 2025 - Paris (France) 28 mars 2025 : DataDays - Lille (France) 28-29 mars 2025 : Agile Games France 2025 - Lille (France) 3 avril 2025 : DotJS - Paris (France) 3 avril 2025 : SoCraTes Rennes 2025 - Rennes (France) 4 avril 2025 : Flutter Connection 2025 - Paris (France) 4 avril 2025 : aMP Orléans 04-04-2025 - Orléans (France) 10-11 avril 2025 : Android Makers - Montrouge (France) 10-12 avril 2025 : Devoxx Greece - Athens (Greece) 16-18 avril 2025 : Devoxx France - Paris (France) 23-25 avril 2025 : MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2025 - Paris (France) 24 avril 2025 : IA Data Day 2025 - Strasbourg (France) 29-30 avril 2025 : MixIT - Lyon (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

## SummaryIn questo episodio di GitBAR, Mauro e Fabio Staino discutono dell'evoluzione delle figure professionali nel web, del passaggio da strumenti tradizionali come Photoshop a Figma, e dell'importanza della comunicazione tra designer e sviluppatori. Viene esplorato il flusso di lavoro con Figma, il versioning e le opportunità e rischi legati all'acquisizione di Figma da parte di Adobe. Infine, si parla del ruolo cruciale dei plugin e widget nel potenziare le funzionalità di Figma.## Chapters00:00 Benvenuti nel Bar degli Sviluppatori01:18 Evoluzione delle Figure Professionali nel Web04:00 Il Passaggio da Photoshop a Figma10:43 Componenti e Design Token: La Nuova Frontiera16:20 Comunicare tra Designer e Sviluppatori21:55 Responsabilità e Collaborazione nel Team27:45 Animazioni e Prototipazione: Un Doppio Taglio35:43 Il Journey dal Design al Codice39:22 Fasi di Progettazione e Sviluppo42:16 Collaborazione tra Designer e Sviluppatori47:21 Versioning e Gestione dei File in Figma51:08 Acquisizione di Figma e Implicazioni Future57:06 Ecosistema dei Plugin e Widget01:02:30 Lottie Studio e Animazioni in Figma## TakeawaysIl mondo del web è in continua evoluzione.Figma ha rivoluzionato il modo di lavorare tra designer e sviluppatori.Le animazioni dovrebbero essere utilizzate con parsimonia.La comunicazione è fondamentale per il successo del progetto.Il versioning è ancora un aspetto da migliorare in Figma.Figma è uno strumento di comunicazione tra team.Le figure professionali stanno tornando a un approccio più integrato.I plugin e widget ampliano le possibilità di Figma.L'acquisizione di Figma da parte di Adobe ha suscitato preoccupazioni.Il file .fig potrebbe diventare uno standard nel design. 

Send us a textA comprehensive introduction to APIs, detailing how they facilitate data exchanges between different systems using protocols like HTTP and formats like JSON. It covers the principles of RESTful API design and discusses how APIs can be developed and refined iteratively, including the challenges and strategies involved in managing different versions of an API.Agenda• What is an API?• Data exchange between systems – frontend and backend• What are HTTP and JSON?• RestFul API basics• API versioning options and challengesMaciej GowinDeveloper, practitioner, easily accessible knowledge-sharing enthusiast. Head of Java Development at Ryanair Labs. Former programming teacher and PhD student at Jagiellonian University.Currently a lecturer and co-creator of the postgraduate program “Programming in Java” at WSB Merito University in Wrocław and Warsaw, Poland.Promoter of the idea of learning based on embedding subjects in the context of their actual application. Find us here: www.agileleanireland.org

At Meta, engineers are our biggest asset which is why we have an entire org tasked with making them as productive as possible. But how do you know if your projects for improving developer experience are actually successful? For any other product, you would run an A/B test but that requires metrics and how do you measure developer productivity? Sarita and Moritz have been working on exactly that with Diff Authoring Time which measures how long it took to submit a change to our codebase. Host Pascal talks to them about the way this is implemented, the challenges and abilities this unlocks. Got feedback? Send it to us on Threads (https://threads.net/@metatechpod), Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don't forget to follow our host @passy (https://twitter.com/passy, https://mastodon.social/@passy, and https://threads.net/@passy_). Fancy working with us? Check out https://www.metacareers.com/. Links Meta Connect 2024: https://www.meta.com/en-gb/connect/ Timestamps Episode intro 0:05 Sarita Intro 2:33 Moritz Intro 3:44 DevInfra as an Engineer 4:25 DevInfra as a Data Scientist 5:12 Why DevEx Metrics? 6:04 Average Diff Authoring Time at Meta 9:55 Events for calculating DAT 10:55 Edge cases 13:15 DAT for Performance Evaluation? 20:29 Analyses on DAT data 22:29 Onboarding to DAT 23:23 Stat-sig data 25:06 Validating the metric 26:34 Versioning metrics 28:09 Detecting and handling biases 29:19 Diff coverage 30:30 Do we need DevX metrics in an AI software engineering world? 31:23 Measuring the impact of AI tools 32:23 What's next for DAT? 33:40 Outtakes 36:22

Velocity, Virtues, Volume Control, Vitality, Verify/Verification, Validity/Validation, Values/Value your values/know what's valuable (to you), Verbing, Versioning, Variety, Vital Statistics, Visualizing/Visualization, Vivid, Vulnerable, Virtual Overlay/Virtual Spaces, Versatility… Continue reading →

Scott and Wes talk with Alex Reardon from Atlassian about developing drag-and-drop libraries, specifically the challenges with creating efficient and accessible drag-and-drop functionalities for the web. They also explore what it takes to build and implement a system that works seamlessly across various frameworks. Show Notes 00:00 Welcome to Syntax! 01:18 Brought to you by Sentry.io. 01:51 What Alex does at Atlassian react-beautiful-dnd Pragmatic drag and drop 04:38 What makes drag and drop tricky. 06:38 Use-cases. 10:54 What security is in place? 12:30 How to make it feel native. 19:20 Is the drag and drop spec ongoing? 20:03 How do you build this headless? 21:33 How does drag and drop work with frameworks? 23:48 Making drag and drop feel the same across mobile and desktop. 26:09 What's the key to really good drag performance? 29:58 How do you make drag and drop accessible? 34:57 Pragmatic drag and drop code vs application code. Shoelace shadcn 40:00 How does testing work? Playwright Cypress 43:15 Internal adoption at Atlassian. 44:27 Working on high-impact projects. 49:15 Versioning and internal adoption at Atlassian. 51:29 Sick Picks + Shameless Plugs. Sick Picks Alex: Coffee, James Hoffmann YouTube Channel. Shameless Plugs Alex: Dom Events. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

In this episode, we welcome back Emrys MacInally, following another successful year speaking at PSConf.EU. Emrys shares his experiences and highlights from the conference, shedding light on key discussions and takeaways. We dive deep into the importance of mental health within the PowerShell community, exploring how the community can support each other. Emrys provides insights into best practices for versioning PowerShell modules and delves into the nuances of error handling, explaining why developers should avoid using the 'throw' statement in scripts. Additionally, Emrys introduces his ErrorRecord module, which simplifies the process of creating error records, offering a practical solution for more efficient error management. Tune in for an enlightening conversation packed with valuable tips and expert advice for PowerShell enthusiasts. Guest Bio and links: Emrys MacInally has worked in the IT industry for over 19 years, focusing primarily on the delivery of back-end services on Windows. Since the release of PowerShell 2, PowerShell has become his primary automation tool. His love for PowerShell has only grown since then. PowerShell Podcast Home page: https://www.pdq.com/resources/the-powershell-podcast/ PowerShell Pro Tips - https://www.youtube.com/watch?v=K95ovoMh170 https://discord.gg/pdq https://www.powershellgallery.com/packages/Configuration/1.6.0 https://4sysops.com/archives/create-configure-and-delete-system-restore-points-with-powershell-vssadminexe-and-system-properties/ https://www.powershellgallery.com/Packages/PSLinux/1.0.6 https://psweekly.dowst.dev https://telegra.ph/PowerShell-Beyond-the-Prompt-06-27 https://www.powershellgallery.com/packages/Configuration/1.6.0 https://github.com/LindnerBrewery/ErrorRecord https://lindnerbrewery.github.io/posts/GitVersion_Mainline/

In deze aflevering bespreken we versiebeheer van Azure Policies, nieuwe features in SharePoint Premium inclusief Autofill. Daarnaast is Azure virtual desktop connection reliabiltiy insights general available en is er nu een Entra ID suite. Azure policy built in versioning: https://techcommunity.microsoft.com/t5/azure-governance-and-management/public-preview-announcement-azure-policy-built-in-versioning/ba-p/4186105 Summer updates for SharePoint Premium including Autofill https://techcommunity.microsoft.com/t5/sharepoint-premium-blog/summer-updates-for-sharepoint-premium-including-autofill-graph/ba-p/4188485 Connection Reliability in Azure Virtual Desktop Insights: https://techcommunity.microsoft.com/t5/azure-virtual-desktop-blog/connection-reliability-in-azure-virtual-desktop-insights/ba-p/4178730 Azure VM Regional to Zonal Move: https://techcommunity.microsoft.com/t5/azure-compute-blog/general-availability-announcement-azure-vm-regional-to-zonal/ba-p/4185141 Microsoft Entra Suite now generally available https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-suite-now-generally-available/ba-p/2520427

في الحلقة دي بتكلم عن مشكلة لما الفرونت ايند يكلم باك ايند احدث منه او العكس، فرونت ايند قديم يكلم باك ايند احدث منه. ايه حلول المشكلة دي وتفرق من نوع application لآخر ولا لا؟ وايه الحلول النصفية الي ممكن تمشينا مؤقتاً لغاية ما نحلها بشكل كامل. لينكات مفيدة: Semantic versioning

Is there truly a clear separation between personal and organizational identity? This fundamental question lies at the heart of our most recent conversation on The SSI Orbit podcast, where host Mathieu Glaude sat down with identity expert Daniel Hardman. The conversation explores the learnings and insights Hardman has gained from his extensive experience in the SSI space and the importance of the human element in the identity domain. Mathieu and Daniel discuss the limitations of the term 'governance' and propose reframing it as 'empowerment.' They also delve into organizational identity and its inextricably intertwined relationship with individual identity. The complexity of managing relationships and roles within organizations is highlighted, along with the need for clear distinctions between facets of identity. The conversation also touches on the challenges of managing identifiers and the critical importance of versioning and trust in the context of organizational identity. Hardman's exploration of the intricate relationship between personal and organizational identity underscores the significance of understanding roles, relationships, and context when managing identities. His compelling perspective challenges the current mental model that compartmentalizes personal and organizational identity, inviting a more nuanced understanding of the true nature of identity. Prepare to be captivated by this thought-provoking episode as it uncovers the strategies, tools, and mindsets needed to navigate the complexities of identity management. Unlock the full potential of self-sovereign identity in both personal and enterprise settings as you delve into this intriguing conversation. Chapters 00:00 Introduction and Learnings in SSI 02:27 Reframing Governance as Empowerment 07:52 The Intertangled Nature of Organizational and Individual Identity 14:12 Managing Relationships and Roles in Organizational Identity 24:32 Versioning and Trust in Organizational Identity

You've built an awesome set of APIs and you have a wide array of devices and clients using them. Then you need to upgrade an end point or change them in a meaningful way. Now what? That's the conversation I dive into over the next hour with Stanislav Zmiev. We're talking about Versioning APIs. Episode sponsors Neo4j Sentry Error Monitoring, Code TALKPYTHON Talk Python Courses Links from the show Stanislav Zmiev: github.com Monite: monite.com Cadwyn: github.com Stripe API Versioning: stripe.com API Versioning NOtes: github.com FastAPI-Versioning: github.com Flask-Rebar: readthedocs.io Django Rest Framework Versioning: django-rest-framework.org pytest-fixture-classes: github.com Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy

There is a reason the Git-for-Data Paradigm of Nessie catalogs is so essential, not only for the versioning features it provides but also the level of abstraction it provides them. In this episode, I discuss this more.

Yucheng Low, Cofounder & CEO of  XetHub, discusses the challenges of managing large-scale machine learning assets and the need for version control.Subscribe to the Gradient Flow Newsletter:  https://gradientflow.substack.com/Subscribe: Apple • Spotify • Overcast • Google • AntennaPod • Podcast Addict • Amazon •  RSS.Detailed show notes can be found on The Data Exchange web site.

In this episode of PANCast, we will clarify few things to know about PAN-OS : decipher the meaning of the naming, choose the right version, "preferred" and "end of life" version meaning.

Johnny Cash - "I Heard That Lonesome Whistle" [0:00:00] Pamela Goodwyn - "Your Cheating Heart" [0:06:22] Ronnie Hawkins - "Cold, Cold Heart" [0:10:42] Bobby Barnett - "Moanin' The Blues" [0:12:26] Music behind DJ: Gene Moles - "Durango" [0:14:40] Grandpa Jones - "T for Texas" [0:18:36] Bill Lanham - "T for Texas" [0:23:21] Jeanette Jabaley - "I Love You A Thousand Ways" [0:23:40] Claire Lane - "Frankie and Johnny" [0:25:34] Hank Killian - "Folsom Prison Blues" [0:28:26] Music behind DJ: Gene Moles - "Scotish Guitar" [0:30:13] Delbert Barker - "Blue Suede Shoes" [0:32:51] Freddie Bell - "Hound Dog" [0:34:33] Wanda Jackson - "Riot In Cell Block Number Nine" [0:37:43] Die Hi-Lites - "Veldskoene (These Boots Are Made For Walking)" [0:40:00] Jerry Kay - "See See Rider" [0:42:20] Jimmy DeKnight and His Knights of Rhythm - "Rock Around The Clock" [0:44:39] Music behind DJ: Gene Moles - "Durango" [0:46:58] Ed Bruce - "Last Train to Clarksville" [0:50:14] Dora Hall - "King Of The Road" [0:53:06] Henson Cargill - "Me And Bobby McGee" [0:55:30] https://www.wfmu.org/playlists/shows/132566

Johnny Cash - "I Heard That Lonesome Whistle" [0:00:00] Pamela Goodwyn - "Your Cheating Heart" [0:06:22] Ronnie Hawkins - "Cold, Cold Heart" [0:10:42] Bobby Barnett - "Moanin' The Blues" [0:12:26] Music behind DJ: Gene Moles - "Durango" [0:14:40] Grandpa Jones - "T for Texas" [0:18:36] Bill Lanham - "T for Texas" [0:23:21] Jeanette Jabaley - "I Love You A Thousand Ways" [0:23:40] Claire Lane - "Frankie and Johnny" [0:25:34] Hank Killian - "Folsom Prison Blues" [0:28:26] Music behind DJ: Gene Moles - "Scotish Guitar" [0:30:13] Delbert Barker - "Blue Suede Shoes" [0:32:51] Freddie Bell - "Hound Dog" [0:34:33] Wanda Jackson - "Riot In Cell Block Number Nine" [0:37:43] Die Hi-Lites - "Veldskoene (These Boots Are Made For Walking)" [0:40:00] Jerry Kay - "See See Rider" [0:42:20] Jimmy DeKnight and His Knights of Rhythm - "Rock Around The Clock" [0:44:39] Music behind DJ: Gene Moles - "Durango" [0:46:58] Ed Bruce - "Last Train to Clarksville" [0:50:14] Dora Hall - "King Of The Road" [0:53:06] Henson Cargill - "Me And Bobby McGee" [0:55:30] https://www.wfmu.org/playlists/shows/132566

Brian, Brad, and Amy get into their preferred work flow and strategies for tackling their long lists of projects. Sponsor###Contenful Contentful is the leading composable content platform that allows developers to build intelligent experiences to drive brand engagement. It gives content creators the tools they need to create, manage, and publish content seamlessly across every channel. Managing content has never been so easy or flexible.Check out ContentfulShow Notes00:29 Sponsor: Contentful01:00 Introduction02:58 Recent Projects04:52 Swapping Database Layers07:18 Order of Build11:48 The Project Queue16:22 Diffing and Reapplication of New Code24:33 Versioning with Headers29:45 Backend Language Talk45:17 Picks and Plugs

Link to bioRxiv paper: http://biorxiv.org/cgi/content/short/2023.07.26.550598v1?rss=1 Authors: Dorkenwald, S., Schneider-Mizell, C. M., Brittain, D., Halageri, A., Jordan, C., Kemnitz, N., Castro, M. A., Silversmith, W., Maitin-Shephard, J., Troidl, J., Pfister, H., Gillet, V., Xenes, D., Bae, J. A., Bodor, A. L., Buchanan, J., Bumbarger, D. J., Elabbady, L., Jia, Z., Kapner, D., Kinn, S., Lee, K., Li, K., Lu, R., Macrina, T., Mahalingam, G., Mitchell, E., Mondal, S. S., Mu, S., Nehoran, B., Popovych, S., Takeno, M., Torres, R., Turner, N. L., Wong, W., Wu, J., Yin, W., Yu, S.-c., Reid, R. C., da Costa, N. M., Seung, H. S., Collman, F. Abstract: Advances in Electron Microscopy, image segmentation and computational infrastructure have given rise to large-scale and richly annotated connectomic datasets which are increasingly shared across communities. To enable collaboration, users need to be able to concurrently create new annotations and correct errors in the automated segmentation by proofreading. In large datasets, every proofreading edit relabels cell identities of millions of voxels and thousands of annotations like synapses. For analysis, users require immediate and reproducible access to this constantly changing and expanding data landscape. Here, we present the Connectome Annotation Versioning Engine (CAVE), a computational infrastructure for immediate and reproducible connectome analysis in up-to petascale datasets (~1mm3) while proofreading and annotating is ongoing. For segmentation, CAVE provides a distributed proofreading infrastructure for continuous versioning of large reconstructions. Annotations in CAVE are defined by locations such that they can be quickly assigned to the underlying segment which enables fast analysis queries of CAVE's data for arbitrary time points. CAVE supports schematized, extensible annotations, so that researchers can readily design novel annotation types. CAVE is already used for many connectomics datasets, including the largest datasets available to date. Copy rights belong to original authors. Visit the link for more info Podcast created by Paper Player, LLC

Moving to composable technology almost never happens all at once. There is a transition period. How do you help teams make the most of the composable technology, while easing the transition between old and new? Keith Mazanec, Director of Software Engineering at Brad's Deals shares how they used a composable content technology with automation capabilities (Contentstack) to create an easy transition that improved the lives of content editors straightaway - and created a better experience for everyone, customers included. Plus, hear about their favorite uses of Automation Hub to automate across the content lifecycle.Timestamps:1:05 The volume of content at Brad's Deals, and what that means for content editors1:56 Why Brad's Deals looked for a new content management technology2:27 An example of how automations helped reduce manual data entry for content editors3:57 The custom dashboard Brad's Deals built for their editors5:06 Example of automating a categorizing function to speed up content publishing process6:03 Versioning and automating making changes to the content model8:16 How Brad's Deals created continuity between their legacy technology and the new headless CMS9:57 Automating throughout the content lifecycle across different content & marketing applications

We're back for 2023 with Kito, Danno, and special guest Andres Almiray, Senior Principal Product Manager, Database group, to talk about the latest versions of Andres' JReleaser tool, building CLIs in Java (picocli, JCommander, JCommander, Spring Boot, Quarkus, Micronaut), jban,, Jarviz, AI, whether or not Java is over the hill, http4s, and much more. We Thank DataDog for sponsoring this podcast! https://www.pubhouse.net/datadog Overview Server Side Java   – Accelerate Your Lambda Functions with Lambda SnapStart (https://aws.amazon.com/blogs/aws/new-accelerate-your-lambda-functions-with-lambda-snapstart/)   - Quarkus support for AWS Lambda SnapStart (https://quarkus.io/blog/quarkus-support-for-aws-lambda-snapstart/) IDEs and Tools  - JBang (https://www.jbang.dev/)  - Writing CLIs in Java ()    - picocli (https://github.com/remkop/picocli)    - JCommander (https://jcommander.org/)  - Frameworks that you can use to create CLIs    - Spring Boot Console Apps (https://www.appsdeveloperblog.com/spring-boot-console-application/)    - Quarkus Command Mode Apps (https://quarkus.io/guides/command-mode-reference)    - Micronaut Command Line Applications (https://docs.micronaut.io/1.0.0.M4/guide/index.html#picocli)  - Command Line Interface Guidelines (https://clig.dev/) AI   - Microsoft, GitHub, and OpenAI ask court to throw out AI copyright lawsuit (https://www.theverge.com/2023/1/28/23575919/microsoft-openai-github-dismiss-copilot-ai-copyright-lawsuit) JReleaser   - v1.4.0 released on Dec 29 2022    - Improved Maven deployment support    - New FLAT_BINARY distribution    - Threaded messages in Mastodon    - Buildx support in Docker packager    - New java-archiver  - v1.5.0 (upcoming)    - Environment variables and System properties support    - New Linkedin announcer    - New winget packager for NATIVE_PACKAGE distribution    - Updates and deprecations to CLI flags Jarvis (https://github.com/kordamp/jarviz)  - Jarviz is a JAR file analyzer tool. You can obtain metadata from a JAR such as its manifest, manifest entries, bytecode versions, declarative services, and more. Other  - Github changes checksum algorithm for source archives (https://github.blog/changelog/2023-01-30-git-archive-checksums-may-change/)  - http4s (https://http4s.org/)  - Versioning schemes:    - ChronVer    - Calver    - SemVer    - Java-Module / Java-Version  - Tmux (https://github.com/tmux/tmux/wiki)  - Charm.sh (https://charm.sh/)  - GitHub - shyiko/jabba: (cross-platform) Java Version Manager (https://github.com/shyiko/jabba)  - Snapcraft (https://snapcraft.io/)  - OpenFein (https://github.com/OpenFeign/feign) Picks   - NixOS  (https://nixos.org/)  - Neovim (https://neovim.io/)  - Toot (https://toot.readthedocs.io/en/latest/usage.html) Other Pubhouse Network podcasts  - Breaking into Open Source (https://www.pubhouse.net/breaking-into-open-source)  - OffHeap (https://www.javaoffheap.com/)  - Java Pubhouse (https://www.javapubhouse.com/) Events  - DevNexus 2023 - April 4-6, Atlanta, GA, USA (https://devnexus.com/call-for-papers)  - JCON EUROPE 2023 - June 20-23, Cologne Köln, Germany (https://jcon.one/)  - Gateway Software Symposium Mar 31 - Apr 1, 2023 (https://nofluffjuststuff.com/stlouis)  - Pacific Northwest Software Symposium April 14 - 15, 2023 (https://nofluffjuststuff.com/seattle)  - JPrime - May 30-31st, Sofia, Bulgaria (https://jprime.io/)  - Central Iowa Software Symposium June 9 - 10, 2023 (https://nofluffjuststuff.com/desmoines)  - Lone Star Software Symposium: Austin July 14 - 15, 2023 (https://nofluffjuststuff.com/austin)  - ÜberConf July 18 - 21, 2023 (https://uberconf.com/)  

Xanadu was the first hypertext project founded in 1960 by Ted Nelson. It aims to facilitate a type of media called hypermedia, which is non-sequential writing in which the reader can choose their own path through an electronic document.Links/Resources:http://www.rheingold.com/texts/tft/14.htmlhttps://en.wikipedia.org/wiki/Project_Xanaduhttps://mimix.io/en/blog/xanaduhttps://sentido-labs.com/en/library/201904240732/Xanadu%20Hypertext%20Documents.htmlhttps://www.notion.so/blog/ted-nelsonhttps://www.wired.com/1995/06/xanadu/https://xanadu.com.au/ararathttps://www.youtube.com/watch?v=-_-5cGEU9S0https://www.youtube.com/watch?v=hMKy52Intachttps://www.youtube.com/watch?v=1gPM3GqjMR4https://www.youtube.com/watch?v=hGKbRcvIZT8https://www.youtube.com/watch?v=qyzgoeeloJAhttps://www.youtube.com/watch?v=_xYwgJW7T8ohttps://jasoncrawford.org/the-lessons-of-xanaduhttps://blockprotocol.org/https://github.com/subconsciousnetwork/noosphere/blob/main/design/explainer.mdhttps://maggieappleton.com/xanadu-patternshttps://aaronzlewis.com/blog/2019/05/01/spreading-threading/https://www.zombo.com/https://stratechery.com/concept/aggregation-theory/https://maggieappleton.com/tools-for-thoughthttps://cdixon.org/2015/01/31/come-for-the-tool-stay-for-the-networkChapters:[00:00:00] Intros[00:03:22] What is Xanadu?[00:15:49] Transclusion and Bidirectionality[00:26:32] Versioning[00:29:47] Vision divorced from implementation[00:35:13] Baked in Payments[00:46:15] Hypermedia as Envisioned[00:56:20] Tiktok as Hypermedia[01:01:52] Alternative business model for the web[01:16:19] Failure to Launch[01:26:15] Linearization as a forge[01:31:51] Success of Xanadu's Vision[01:37:04] Passing the torch===== About “The Technium” =====The Technium is a weekly podcast discussing the edge of technology and what we can build with it. Each week, Sri and Wil introduce a big idea in the future of computing and extrapolate the effect it will have on the world.Follow us for new videos every week on web3, cryptocurrency, programming languages, machine learning, artificial intelligence, and more!===== Socials =====WEBSITE: https://technium.transistor.fm/SPOTIFY: https://open.spotify.com/show/1ljTFMgTeRQJ69KRWAkBy7APPLE PODCASTS: https://podcasts.apple.com/us/podcast/the-technium/id1608747545

Everyone likes the idea of building something new. So much freedom. But what about making changes after you have users? In this episode, Thomas Betts talks with Brandon Byars about how you can evolve your API without versioning, a topic he spoke about at QCon San Francisco. Read a transcript of this interview: https://bit.ly/3jONh63 Subscribe to our newsletters: - The InfoQ weekly newsletter: https://bit.ly/24x3IVq - The Software Architects' Newsletter [monthly]: https://www.infoq.com/software-architects-newsletter/ Upcoming Events: QCon London: https://qconlondon.com/ - March 27-29, 2023 QCon San Francisco: https://qconsf.com/ - Oct 2-6, 2023 Follow InfoQ: - Twitter: https://twitter.com/InfoQ - LinkedIn: https://www.linkedin.com/company/infoq - Facebook: https://bit.ly/2jmlyG8 - Instagram: https://www.instagram.com/infoqdotcom/ - Youtube: https://www.youtube.com/infoq

Versioning is now taken as a default feature, and nobody talks about it anymore. In this advent podcast Steve and Marijn dig down into versioning and ensures we all understand checking out, approval etc.

In the Flame 2023.2 update, a few enhancements have been made to the render and write file nodes based on your feedback. So in this video, we'll discuss setting up a render, looking at the render duration, offsetting Timecodes where needed and various improvements to the Write File node which should make the Open Clip and Versioning workflows a lot easier.

Some of our topic highlights include:How Sarah got into the world of dataData modeling vs data building (and depth vs variety)The organizational pieces that need to fall in place before you get to the science in data scienceHow experience in sales helps with technical product translationWhy Sarah started writing (and what she gets out of it)UI power features and their feasibilityThe code vs no-code debateAs always, I'd love to hear your thoughts on the episode over on Twitter @borisjabes.Want to discuss the best practices we covered in this episode? Come hang out in The Operational Analytics Club, where all your favorite data leaders gather to sharpen their skills. Know someone that you think would be an awesome guest on The Show (hint: you can totally nominate yourself)? Reach out to our content and community team. Resources:Sarah on LinkedInSarah's newsletterSarah on TwitterMusic by the talented Joe Stevens:  https://www.joestevenssound.com/

Welcome to Now in Android, your ongoing guide to what's new and notable in the world of Android development. Today, we're covering updates on Developer-Powered CTS (CTS-D), independent versioning of Jetpack Compose libraries, Google Play: making Play work for everyone, more updates from AndroidX, and more! For links to these items, check out Now in Android #64 on Medium → https://goo.gle/3cfGnD0  Now in Android podcast → https://goo.gle/2BDIo9y            Now in Android articles → https://goo.gle/2xtWmsu          Now in Android playlist → https://goo.gle/now-in-android            Subscribe to Android Developers → https://goo.gle/AndroidDevs  

Hey Everyone,  Welcome to the API design masterclass with our guest Deepak Patil, who works as a Principal Architect at iCertis and has decades of experience building and architecting mission critical experience.   This is the Part-2 of the masterclass and we are going to continue where we left and talk about more practical stuff.   00:00 Sync, Async, Bulk, Composite APIs  10:16 Timeouts, Retries and Idempotency  17:08 Structure of an API  21:00 Versioning  26:45 How to choose REST vs GraphQL vs gRPC  36:30 API Lifecycle and Governance  38:50 Security, Scalability, Availability, Fault Tolerance, performance and Monitoring   I hope you enjoyed the discussion in the two parts series and now know a lot about API Design.  Please like, share and subscribe to the channel for more content like these.    Cheers,  The GeekNarrator

Interpol coordinates international enforcement action against scammers. A new version of IceXLoader is observed. Exploiting versioning limits to render files inaccessible. Reflections on the first large-scale hybrid war. Kelly Shortridge from Fastly on why behavioral science and economics matters for InfoSec. Patrick Orzechowski from DeepWatch on Russian IoCs and critical infrastructure. And the possibility of cyber escalation in Russia's hybrid war against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/116 Selected reading. Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams (Interpol) New IceXLoader 3.0 – Developers Warm Up to Nim (Fortinet Blog)  Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDrive (Proofpoint)  Russia's cyber fog in the Ukraine war (GIS Reports) Russia Might Try Reckless Cyber Attacks as Ukraine War Drags On, US Warns (Defense One) Cyber Attacks in Times of Conflict (CyberPeace Institute) Vladimir Putin's Ukraine invasion is the world's first full-scale cyberwar (Atlantic Council) Why Russia has refrained from a major cyber-attack against the West (Cyber Security Hub) In modern war, we have as much to fear from cyber weapons as kinetics (Computing)

Richad Nieves-Becker is a self-taught data scientist with an eclectic background. He currently leads the data science function at Revantage, a real estate shared service organization in the Blackstone family. He got a BA in Neuroscience and Anthropology. And was on the PhD path until he realized it was not for him. He pivoted and earned a Masters in Commerce from the University of Virginia. He started at CoreLogic focusing on text mining, then moved to Greystone leading all things data in an innovation lab. He credits his career progress to focusing on impact and deeply understanding the business case. In this episode, we cover a range of topics including:- His entry into data science- Academic vs business work- How he cold emailed his way to getting job interviews- Why data scientists need sales skills- How data scientists should think about building a portfolio- Defining tractable problems in machine learning and data science- Moving from mathematics to data science- Framework for creating educational content- Creating a course for data scientists- How he interviews people- The report he's writing for new data science leaders- Building good culture by aligning an individual's desires to the company's goals- The advantage of modular products- Rise of MLOps and data versioning- Monetization of models

An meta-pilot on releasing the podcast on a Wednesday vs a Friday. We talk about how we manage Design System releases as well as the differences between versioning and version control. Episode Transcripts

Bulunduğumuz haftanın bilim dünyasından önemli gelişmeleri sizler için derledik. Versioning biological cells for trustworthy cell engineering. https://doi.org/10.1038/s41467-022-28350-4 Illegal gold mines flood Amazon forests with toxic mercury. https://doi.org/10.1126/science.ada0701 Tributary chloride loading into Lake Michigan. https://doi.org/10.1002/lol2.10228 Mechanical disruption of e cadherin complexes with epidermal growth factor receptor actuates growth factor dependent signaling. https://doi.org/10.1073/pnas.2100679119 Bize 101.podcast.info@gmail.com adresinden ulaşabilirsiniz. --- Support this podcast: https://anchor.fm/101-podcast/support

Watch the live stream: Watch on YouTube About the show Sponsored by Datadog: pythonbytes.fm/datadog Special guest: Dean Langsam Brian #1: A Better Pygame Mainloop Glyph Doing some game programming is a great way to work on coding for early devs (and experienced devs). pygame is a popular package for writing games in Python But… the normal example of a main loop, which listens for events and dispatches actions based on events, has some problems: it's got a while 1: that wastes power, too much busy waiting looks bad, due to “screen tearing” which is writing to a screen while your in the middle of drawing it This post discusses the problems, and walks through to an async main loop that creates a better gaming experience. Michael #2: awesome sqlalchemy A few notable ones SQLAlchemy-Continuum: Versioning and auditing extension for SQLAlchemy. SQLAlchemy-Utc: SQLAlchemy type to store aware datetime.datetime values. SQLAlchemy-Utils: Various utility functions, new data types and helpers for SQLAlchemy filedepot: DEPOT is a framework for easily storing and serving files in web applications. SQLAlchemy-ImageAttach: SQLAlchemy-ImageAttach is a SQLAlchemy extension for attaching images to entity objects. SQLAlchemy-Searchable: Full-text searchable models for SQLAlchemy. sqlalchemy_schemadisplay: This module generates images from SQLAlchemy models. Can we also get a shoutout to SQLModel? Dean #3: ThreadPoolExecutor in Python: The Complete Guide Long, but worth it (80-120 minutes). Could be consumed in parts. It's mostly a collection of other blogposts on superfastpython Many examples LifeCycle Usage patterns Map and was as_completed vs sequentially callbacks IO-Bound vs CPU-bound Common Questions Comparison vs. ProcessPoolExecutor vs. threading.Thread vs. AsyncIO Brian #4: Chaining comparison operators Rodrigo Girão Serrão I use chained expressions all the time, mostly with ranges: min

https://www.patreon.com/datameshradio (Data Mesh Radio Patreon) - get access to interviews well before they are released Episode list and links to all available episode transcripts (most interviews from #32 on) https://docs.google.com/spreadsheets/d/1ZmCIinVgIm0xjIVFpL9jMtCiOlBQ7LbvLmtmb0FKcQc/edit?usp=sharing (here) Provided as a free resource by DataStax https://www.datastax.com/products/datastax-astra?utm_source=DataMeshRadio (AstraDB); George Trujillo's contact info: email (george.trujillo@datastax.com) and https://www.linkedin.com/in/georgetrujillo/ (LinkedIn) In this episode, Jesse Paquette, Chief Science Officer and Co-founder at Tag.bio - a data platform vendor in the life sciences space, and Scott dive a bit deeper into data quality in general, especially data testing and versioning. You can see the LinkedIn post that sparked this discussion https://www.linkedin.com/feed/update/urn:li:activity:6881406997678424064?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6881406997678424064%2C6881548651487907840%29 (here) Jesse recommends a number of things to ensure data quality, especially data testing and versioning. This includes versioning of 1) the code used to create the data (generally the ETL code), 2 the schema, 3) the business logic layer, and 4) timestamping / temporality based versioning. Jesse's general calls to action are 1) make data testing frameworks so testing is much less tedious and time consuming; 2) work with stakeholders to gain trust in the data and then continue the dialogue to keep said trust; and 3) create schema/domain model blueprints so that domains have a starting point - whether they use it is irrelevant but shortening the path to a working domain model is crucial. Jesse's contact info: Email: jesse at tag.bio LinkedIn: https://www.linkedin.com/in/jessepaquette/ (https://www.linkedin.com/in/jessepaquette/) Twitter: @bzdyelnik / https://twitter.com/bzdyelnik (https://twitter.com/bzdyelnik) Website: https://tag.bio/ (https://tag.bio/) Tag.bio vendor interview for Data Mesh Learning: https://www.youtube.com/watch?v=acQADu7ttqQ (https://www.youtube.com/watch?v=acQADu7ttqQ) Data Mesh Radio is hosted by Scott Hirleman. If you want to connect with Scott, reach out to him at community at datameshlearning.com or on LinkedIn: https://www.linkedin.com/in/scotthirleman/ (https://www.linkedin.com/in/scotthirleman/) If you want to learn more and/or join the Data Mesh Learning Community, see here: https://datameshlearning.com/community/ (https://datameshlearning.com/community/) If you want to be a guest or give feedback (suggestions for topics, comments, etc.), please see https://docs.google.com/document/d/1WkXLhSH7mnbjfTChD0uuYeIF5Tj0UBLUP4Jvl20Ym10/edit?usp=sharing (here) All music used this episode was found on PixaBay and was created by (including slight edits by Scott Hirleman): https://pixabay.com/users/lesfm-22579021/ (Lesfm), https://pixabay.com/users/mondayhopes-22948862/?tab=audio (MondayHopes), https://pixabay.com/users/sergequadrado-24990007/ (SergeQuadrado), https://pixabay.com/users/itswatr-12344345/ (ItsWatR), https://pixabay.com/users/lexin_music-28841948/ (Lexin_Music), and/or https://pixabay.com/users/nevesf-5724572/ (nevesf) Data Mesh Radio is brought to you as a community resource by DataStax. Check out their high-scale, multi-region database offering (w/ lots of great APIs) and use code DAAP500 for a free $500 credit (apply under "add payment"): https://www.datastax.com/products/datastax-astra?utm_source=DataMeshRadio (AstraDB)

Oggi inauguriamo un nuovo format di puntate che, speriamo, piacerà agli ascoltatori. È da tempo che volevamo introdurlo e, come al solito, chi poteva essere il nostro primo ospite se non il papà putativo di questo podcast, l'amico, il podcaster, video-maker nonché lo sviluppatore: Alex Raccuglia. Per tutti gli ascoltari che fossero interessati Alex ha provisto un codice sconto del 30% su tutte le sue applicazioni (le trovate sul sito ulti.media (https://www.ulti.media)): A2PODCAST. Il codice è valido fino al 31/01/2022. Un grosso grazie da Alex per questo regalo ai nostri ascoltatori. Risolvere i propri problemi creando un programma / un'app … Sono un video-maker e allora perché sviluppo software? Ho studiato Ingegneria informatica ma poi sono passato a fare il regista Io sono pigro, dunque sviluppo strumenti per agevolare la mia pigrizia. Il concetto è semplice: “fare un lavoro più di una volta abbassa la tua concentrazione man mano che lo ripeti“. (La filosofia retrostante) Il mio flusso di lavoro: trasformo e produco contenuti che poi vanno in qualche modo “recapitati“ al cliente o pubblicati sulla rete. (Questa cosa si può applicare chiaramente agli architetti, forse un po' meno gli avvocati) I software che uso e che mi aiutano nella mia “voglia di non fare un cavolo”: Strumenti per la gestione semplice delle versioni: Date Up! (https://ulti.media/date-up/) Strumenti per l'aggiornamento dei documenti automatizzato: Seek & Replace (https://ulti.media/seek-and-replace/) L'utility perfetta per chi fa video come me: la mia ultima app, UM Converter (https://ulti.media/converter/). Dove ci potete trovare? Alex Raccuglia: Ulti.Media (https://ulti.media) il sito dove potete scoprire le applicazioni create da Alex TechnoPillz: Flusso di coscienza digitale (https://www.spreaker.com/show/technopillz): Una trasmissione semplice ed essenziale, più o meno condotta da Alex Raccuglia e dedicata al mondo della tecnologia e dello sviluppo di app. MDB Summah Radio (https://www.spreaker.com/show/mdb-summah-radio): la trasmissione musicale più inusuale del mondo, creata e condotta da Alex Raccuglia, con lo scopo di promuovere la "bella" musica, brani non troppo mainstream legati da un filo conduttore, un tema per ogni episodio. Il Vino lo Porto Io (https://ulti.media/ilvinoloportoio/) Podcast di cultura enologica, con il sommelier Marco Barbetti Roberto: Mac e architettura: mach - dot - net.wordpress.com (https://marchdotnet.wordpress.com/) Podcast settimanale Snap - architettura imperfetta (https://www.spreaker.com/show/snap-archiettura-imperfetta) Filippo: Avvocati e Mac punto it (https://www.avvocati-e-mac.it/) Ci sentiamo tra 2 settimane.

[קישור לקובץ mp3] האזנה נעימה ותודה רבה לעופר פורר על התמלול!שלום וברוכים הבאים לפודקאסט מספר 426 של רברס עם פלטפורמה - זהו באמפרס מספר 77 (!). התאריך היום הוא ה-16 בנובמבר 2021, ואנחנו כרגיל בבאמפרס עם דותן ואלון ורן - בוקר טוב.באמפרס זו סדרה של קצרצרים שבה אנחנו מכים [אבל בקטע טוב] בכל מיני חדשות, בלוגים ו-GitHub-ים מעניינים שצצו לאחרונה.(רן) אז אני אתחיל - אבל רגע לפני שאני מתחיל, רציתי לדבר על הכנס [!] שהולך ומתקרב - Reversim Summit 2021 הולך לקרות בסוף דצמבר, ב-26-27 בדצמברההרשמה ככל הנראה כבר פתוחה בזמן שאתם שומעים את הפרק [אכן) - אז אתם מוזמנים להירשם.חפשו Summit2021.Reversim.com או פשוט גגלו את זה ותמצאו את זה - מוזמנים להירשם!(אלון) ותוכלו גם לשמוע את דותן בכנס, אז בכלל שווה . . . .(דותן) איזה כנס?(רן) . . . דותן ידבר שם ואלון חלק מהצוות, אז כן - תיהיה לנו שם נוכחות.ועכשיו - לענייננו . . . .רן - הקצרצר הראשון שרציתי לדבר עליו - האמת היא שהרבה זמן לא הקלטנו, אז הצטבר לנו כאן חומר מאיזה חודשיים - לפני אולי חודשיים, או משהו כזה, נפטר אחד מ”אבות האומה” - Sir Clive Sinclair - נפטר בגיל מכובד, 81היה אחראי לכמה מהדברים המשמעותיים ביותר בעולם המחשוב, וכנראה הידוע ביותר מבין כולם זה בעצם המחשב הראשון שלי - ZX Spectrumעדיין יש לי אותו, דרך אגב - מקלדת מגומי, סימן כזה צבעוני של קשת בצד - למרות שאין לי את כל ההרחבות והייתי צריך לאלתר טייפ והייתי צריך לאלתר כל מיני דברים אחריםאבל המחשב עצמו עדיין קיים - לא בדקתי האם הוא עדיין עובד . . . אבל הוא לגבי קיים בצורה פיזית(דותן) לא, אתה לא יכול לעשות את זה . . . עכשיו אתה חייב לבדוק!לזכר! . . . אתה חייב לבדוק אם הוא עובד . . .(רן) אני רק צריך למצוא את הטרנספורמטור הנכון שלו . . . אני זוכר שהיה לו בלוק כזה שנורא היה מתחמם, כזה גדול . . . .(דותן) זה לא בעיה, זה אתה יכול לקחת כל . . . .היום יש לך כאלה מתכווננים, בטמבוריה הקרובה . . .(רן) כן - וצריך למצוא את החיבור טלויזיה . . . זה מתחבר ב-RF לטלויזיה, חיבור קואקסלי כזה . . . (דותן) זה גם פתיר . . . .(רן) פתיר . . . בקיצור, האדון זכה לתואר Sir בגלל ההמצאות שלו והתרומה המשמעותית שלו לטכנולוגיה.הוא לא המציא רק מחשבים - הוא גם המציא מכוניות והמציא כל מיני מכשירים חשמליים ואלקטרוניים אחרים, בנאדם באמת גאוןהוא המציא טלויזיית כיס, בגדול - שזה ממש מגניב, בשנות ה-70 כנראה שזה היה להיט.(דותן)הכיסים היו גדולים בשנות ה-70 . . . .(רן) לגמרי, כמו של הטלפונים של היום . . . .הבנאדם זכה לתהילת עולם כנראה בעקבות סדרת ה-ZX Spectrum שלו, שהיו לה כמה דגמים.רציתי להזכיר את זה שהוא לאחרונה נפטר, אבל אני חושב שהמקום שלו בהיסטוריה מובטח - יהי זכרו ברוך, ותודה על כל התרומה.הנושא הבא - פייסבוק מטא, שמעתם על זה? . . . . (אלון) פייסבוק מתה?(רן) אבל קצת לפני שהיא Meta, או יותר נכון - כפרומו לזה שהיא Meta, היא גם מתה . . .לפני משהו כמו חודש, אולי קצת יותר, היה Outage מאוד משמעותי ב-Facebook - והסיפור מאחוריו הוא מעניין, לכל הפחות.אז Facebook, קצת לפני שהיא שינתה את השם, למעשה היה להם Outage מאוד משמעותי של מספר שעות - אני לא זוכר אם שש או שמונה שעות - שבהן כל השירותים של Facebook היו למטה.עכשיו - מדובר על לא רק Facebook.com אלא גם WhatsApp ו-Instagram ואני לא זוכר מה עוד יש להם - והכל הכל היה למטה, וזה משהו שלא קורה הרבההיה זמן לצאת החוצה, לשחק . . . .אז הסיפור מאחורי זה הוא, כמו בהרבה מקרים כנראה, מתחיל מאיזושהי טעות אנוש - לא ניכנס לכל ה-Post-Mortem, רק נגיד ב-High-level - מדובר על איזושהי עבודת תשתית יחסית שגרתית שעשו ב-Data center, שבה החליפו תשתית של Fiber אם אני לא טועה וכדי לעשות את זה, היו צריכים להסיט את התנועה מרכיב אחד לרכיב אחר - ועושים את זה באמצעות פרוטוקול שנקרא BPG - זה פרוקטול שהראשי תיבות שלו הן Border Gateway Protocol זהו פרוטוקול שנועד לעשות את מה שנקרא “האמ-אמא של ה-Routing”, זאת אומרת - לתכנת, אם אני זוכר נכון מהשיעורי Networking שלי, את ה-Autonomous systems כדי שידעו אחת על השנייה ותדענה להעביר את ה-Traffic מאחת לשנייה - וזה משהו שרץ בעצם ב-Backbone של האינטרנט, BPG . . .עכשיו, Facebook, בגלל שהם כאלה גדולים, יש להם גם BPG משלהם [עם בלק ג'ק?] - כמו שיש כמובן גם ל-Google ואחריםבכל אופן, כדי לעשות את עבודת התשתית הזאת, אחד העובדים עשה Routing ובעצם תכנת מחדש את ה- BPG - ועשה שם טעות, ככל הנראה . . . והסיט למקום הלא נכוןוזה, בסופו של דבר, ברגע שזה קרה, למעשה זה יצר תקלה כל כך שורשית, כך שלתקן אותה - גם אם עלו מהר על השגיאה - כדי לתקן אותה היה צורך לנסוע פיזית ל-Data center, כי כל הרשת הייתה למטה, אז אי אפשר היה אפילו להתחבר מרחוק . . . .דווח גם שעובדים של Facebook לא יכלו להיכנס למשרד כי פשוט הקוראים של הכרטיסים [כרטיסי עובד] לא עבדו, כי הרשת הייתה למטה.(דותן) אה, את זה אני זוכר, עכשיו אני נזכר בזה . . .(רן) כן . . . היה צריך לנסוע ממש פיזית ל-Data Center כדי לתקן את זה סיפור שיכול לקרות לכל אחד - טוב שלא קרה לנו, אבל זה יכול . . . . אני מניח שטעויות מהסוג הזה יכולות לקרות לכל אחד, והמיטיגציה (Mitigation) של זה לא כל כך פשוטה . . .אני לא חושב שמדברים על מיטיגציה ב-Post-Mortem הזהאבל בכל אופן - זה בהחלט היה משהו שהורגש ונמשך הרבה מאוד זמן, ועשה גלים.ויכול להיות שזה היה רק הפרומו שלהם לשינוי השם של החברה - כמו שאמרנו, Facebook Meta, אבל אולי זה היה במקרה . . .(דותן) מה? זה מיטיגציה של “לחתוך את הפלומבות” . . . . מי שמכיר מהצבא(אלון) שמע, אחד הדברים המעניינים - זה על פי “מקורות זרים”, אני לא יודע אם זה נכון - בגלל שהם משתמשים רק בכלים פנימיים, אז אפילו לא היה להם Messenger לתקשורת, כדי לנהל את כל האירוע . . . .(דותן) זה לא “לפי מקורות זרים” - זה נכון, היום הכל נכון . . .(אלון) . . . ולפי השמועות הם התקשרו בטלפון, אתה מבין? התקשרו בטלפון! מה זה?! לאן הם התדרדרו? טלפון-כזה-לא-אינטרנטי . . . (רן) שיחת ועידה, כן . . . .מצד אחד - “Eat your own dog-food” זה נחמד, יש בזה הרבה דברים טובים; מצד שני - כשה-Backbone שלך נופל אז זו קטסטרופה, אין לך איך כלום.(דותן) בסדר, מה הסיכוי שזה יקרה? . . . (רן) כן, הא? אם זה קרה, זה לא יקרה שוב . . . בקיצור - בסופו של דבר יצאו מזה, מן הסתם - והחיים חזרו למסלולם.נושא הבא - בזמן האחרון אני מתעסק בתחום - או בעצם לומד - תחום שנקרא Reinforcement Learning, שזה תחום בלמידה חישובית שהוא, ככה, מעניין ונחמדונתקלתי באיזשהו Framework מאוד נחמד שהוציאו ב-Google שנקרא google-research/football ו-Google Research Football זו בעצם סביבת סימולציה של משחק כדורגל - שהיא לא פחות ממדהימה, לדעתי.בעצם, לקחו איזשהו Open-Source בסיסי של משחק כדורגל והוסיפו לו הרבה הרבה דברים מעל - תחשבו על FIFA, אבל FIFA שאפשר לתכנת . . . זאת אומרת שכל אחד מהשחקנים הוא בעצם סוכן עצמאי שאתם צריכים ללמד אותו איך להתנהג במשחק - איך לשחק, איך לשתף פעולה עם שחקנים אחרים . . . זה בעצם איזשהו Framework שבו אתם יכולים לבחון, בעיקר על אלגוריתמים בתחום של Reinforcement Learning - וה-Framework עצמו בנוי בצורה מאוד מאוד יפהלא יודע אם אתם זוכרים, אבל בעבר היו עושים הרבה מאוד מהבדיקות האלה מול משחקי Atari - למשל Pong וכאלה - היו מפתחים מעיין סוכן שיודע לשחק Pong בצורה שהיא “Super-Human”, זאת אומרת - יותר טוב מבני אדם.אבל כל ה-Benchmark-ים האלה של Atari הם כבר יחסית מיושנים, כי כבר כולם מצליחים - זאת אומרת, האלגוריתמים הלכו והשתפרו, וכבר בגדול האתגרים האלה כבר פחות ופחות מעניינים כי פשוט כולם פיצחו אותם.ועכשיו באו Google והוציאו לפני שנה או שנה וחצי את ה-Google Research Football - שזו סביבת Reinforcement Learning מאוד מאתגרת - וגם יפה.אתם פשוט יושבים וצופים במשחק כדורגל - וזה נראה טוב, זה ממש ממש נראה טוב, זה ממש נראה כמו FIFAיש גרפיקה מדהימה, יש מצלמה שזזה, יש את כל המסביב . . . זה פשוט כיף ללכת ולראות את זה ולשחק עם זה.ומעבר לזה - אפשר גם פשוט לשחק עם הכפתורים, זאת אומרת - אתם יכולים פשוט לקחת את המקלדת שלכם ולשחק נגד ה-Bots - בעצם נגד ה-Agent-ים שתכנתתם . . .זהו - סביבה מגניבה למי שמתעסק ב-Reinforcement Learning, אני מאוד נהנה לעבוד עם זה.(אלון) מגניב . . .(דותן) מגניב . . . מה עשית עם זה? נגיד, עכשיו בשביל המשחק, מה המטרה שלך? לפתח משהו שינצח אותך?(רן) אז בעצם המטרה שלי זה לאמן קבוצה - באופן אוטומטי, אני בעצם מייצר להם משתמש . . . בודק כל מיני אלגוריתמים של Reinforcement Learning, משתמש ב-Multi-Agentכי בעצם כל שחקן זה Agent נפרד, ואני צריך לגרום להם “לשתף פעולה”, צריך לגרום להם להצליח להבין מה בכלל צריך לעשות - ש”לבעוט לשער” זו “פעולה טובה”, ושכשליריב יש את כדור אז צריך לרוץ אחורה כדי לשמור על השער שלך - דברים בסיסיים כאלה [שכדאי ללמד גם הנבחרת האנושית שלנו . . .]אבל אחר כך צריך ללמד אותם לשתף פעולהבסופו של דבר, אני מייצר קבוצה - ומתחרה מול קבוצות אחרות(דותן) איך למשל אתה מלמד? מה זה אומר “ללמד”?(רן) בוא, אפשר לעשות קורס של ארבעה חודשים . . . . אבל בגדול, התחום של “למידה מתוך חיזוקים” זה אומר שאם עשית איזושהי פעולה, קיבלת איזשהו Reward מהסביבה . . . נגיד - בעטת את הכדור לכיוון השער ואז קיבלת Reward של 1 + . . .אז אתה לומד שהפעולה האחרונה הזאת שעשית - זו פעולה טובה. זה הבסיס של כל זה, ומזה אתה משליך אחורה.אז איך הגעת לפוזיציה שאתה באמת יכול לבעוט את הכדור לשער? אז גם על זה תקבל חיזוק, כי להגיע לפוזיציה זה טוב כמעט כמו לבעוט את הכדוראז זה כאילו ה-Basics של ה-Reinforcement Learning, אבל זה קצת יותר מורכב, כי יש פה עניין של מרחבים רציפים ו-Multi-Agent ודברים כאלהאבל זה הבסיס וזו סביבה מאוד כיפית לבוא ולפתח את זה כיפית אבל גם מאתגרת, זאת אומרת - יש כרגע תחרות ב-Kaggle ויש חוקרים שעובדים עליה - אני לא מכיר עבודה שמראה באמת קבוצת כדורגל מאוד טובה, ככה שזה מראה שזו באמת סביבת מחקר מאוד מאתגרת.(דותן) אז בעצם מה שאתה עושה זה שאתה הולך לשחק איתם כאילו?(רן) כן, אני בעצם מאמן קבוצה והולך לשחק מול קבוצות אחרות.(דותן) זה יכול לשרוף המון זמן . . . .(רן) כן, לגמרי . . .(דותן) כל פעם 90 דקות, לראות אם זה טוב? . . .. (רן) לא, זה לא 90 דקות - משחקים קצרים, זה מערכות קצרות - נגיד, עד שהכדור מגיע לשער זו מערכה אחת, עד שיש גול או חוץ זו מערכה . . . זה לא 90 דקות.(דותן) זה היה הרבה יותר מצחיק אם זה כן היה 90 דקות - אם היית חייב 90 דקות . . . (רן) כן . . . .אני כרגע מחמם GPU ב-AWS כדי שהדברים האלה יעבדו.(דותן) מגניב(אלון) זה באמת מגניב . . . מתי הגמר?(רן) יש Deadline בדצמבר . . . . אז בטוח יהיה הגמר.טוב - ומכאן מעבור אליך, אלון . . . (אלון) אלי?! טוב, וואו, כמה אני מתרגש . . . אלון - אז ניקח כמה דברים - אחד קליל ממש, אפילו לקצרצרים הוא קליל - GitHub עשו שאלה ב-Twitter, סקר - האם אתם אוהבים לעבוד עם מוסיקה? אם כן - תנו את ה-Playlist . . .ואז יש שרשור ארוך של Playlist-ים שאנשים שומעים מוסיקה איתם(רן) האמת שאני נסיתי כמה מהם . . . אני גם ראיתי וניסיתי כמה מהם - וכולם הפריעו לי להתרכז . . . [זה כי בטח ניסית את ה-Playlist רוק כבד נורדי של בר-זיק . . .]אתה עובד עם מוסיקה, אלון?(אלון) כן . . . יש לי כל מיני מוסיקות שונות לדברים שונים . . . . יש קטע שאתה צריך לחשוב קצת, יש קטע . . . [שאתה צריך לנסוע למצפה רמון?](רן) מוסיקה ל-Code Review זה Rage against the Machine?(אלון) ל-Code Review צריך פשוט “יאללה, הכל חרא, עזבו - תכתבו חדש . . . ” - בדרך כלל לא צריך מוסיקה, זה נורא מהר ה-PR . . . “אה, שום דבר פה לא טוב - תכתוב שוב ותחזור אלי”בפעם שלישית אתה מתחיל לקרוא - זו השיטה ל-PR טוב . . .טוב, עוד משהו קטן, למי שרוצה - אתם מקבלים קיצור דרך bit.ly או tinyurl או כאלה, ואתם רוצים לדעת לאן הוא הולך?אז יש שיטה מאוד פשוטה - ב-bit.ly אתם מוסיפים “+”, ב-cutt.ly אתם מוסיפים “@”, ב-tiny.cc זה עם “=” וב-tinyurl.com אתם מוסיפים “preview.” לפניבקיצור - אם אתם מקבלים bit.ly ורוצים לדעת לאן הוא הולך, אז אפשר לדעת, ממש חביב וחמוד.(רן) אתה מתכוון - לראות את ה-URL עצמו, בלי להגיע אליו, זה מה שאתה מתכוון? כי אם אתה לוחץ ,אתה מגיע אליו . . .(אלון) כן, אבל אם שולחים לך איזו פרסומת ואתה לא יודע מה זה, ואתה אומר “מי זה? מי שלח?” . . . (דותן) . . . אז אתה שולח לחבר ואומר לו “תלחץ, תגיד לי מה יש שם” . . . (רן) . . . . “שלח לי צילום מסך” . . .(אלון) את זה אני בדרך כלל לא עושה . . . אבל אתה לא פותח את ההודעות! אתה תמיד עושה לי “מה אתה רוצה?” . . . .(רן) זה כמו שהיה פעם “הטועם של המלך”, נכון? (אלון) נכון, עכשיו זה “ה-DevOps של המלך” . . . אז Cloudflare יצאו בהכרזה על משהו שנקרא R2 - זה “Rapid and Reliable Object Storage” וזה כמו S3 - אבל כמו שהם אומרים, זה “minus the egress fees” . . .מה שמעניין בזה זה שאני חושב שהדבר הזה יכול להיות די מהפכה בעתיד - כי יש להם את כל ה-”Functional edge” או “Workers on edge”, אני לא זוכר את המינוח המדויק שלהם [Workers], שזה תכל'ס “Lambda on Edge” . . . . כל מה שיש להם זה Edge.ואז יש לך גישה גם לקבצים האלה.אז אפשר ממש להרים אתרים ולעשות דברים מאוד מעניינים “בלי כלום”, רק על Cloudflare - וזה צריך להיות סופר-זול וסופר-מהירואפשר לעשות עם זה דברים מעניינים, כמו לשמור קבצים, ואז לפתוח אותם, Database-ים מבוזרים שעובדים על קבצים . . . . אפשר לעשות מלא דברים . . .(רן) אני מסכים, זה נראה לי משהו מאוד משמעותי . . . רק להסביר - כשהם אומרים “Object Storage, minus the egress fees” הם עושים רפרנס - רוב ספקי הענן - יש להם Object Storage, דהיינו - S3 והדומים של GCP ושל Azureהעלות של ה-Storage שם היא לא זולה - אבל מה שבאמת יקר זה ה-Outbound traffic, זאת אומרת - להוריד משם אובייקטים.אז לעשות Serving לאתר זה יכול להיות יקראם אתם רוצים להעביר את הדאטה שלכם החוצה, להעתיק אותו החוצה למקום אחר - זה מאוד מאוד יקרוזה סוג של Locking שיש להרבה מאוד עננים - זה זול להכניס, זה מאוד יקר להוציא את הדאטה . . . אז ה-”egress fees” זה למעשה הסכום שאתה משלם כדי להוציא דאטה החוצה מה-Sotrage על הענןאז Cloudflare טוענים שה-egress fees הולכים להיות - מה? אפסיים? או נמוכים?(אלון) הם טוענים “Zero” . . . שזה מעניין(אלון) וזה S3 Compatible - זאת אומרת שבתיאוריה, ברגע ש . . . אפשר “עכשיו” להתחיל לעבוד עם זה, כל מי שעובד עם S3, בלי לשנות כלום.אז זה ממש ממש מענייןגם מבחינת זה שזה יכול להוריד את כל העלויות של ה-Storageוגם שאפשר לעשות על זה אפליקציות מעניינות - בגלל ה-Worker-ים שיש להםאז בעצם הם יצרו פה Ecosystem מעניין ל-Cloud שהוא Serverless בצורה אחרת קצת - ובטח בעתיד הם יוסיפו עוד . . .(דותן) אני ממש בספק שזה . . . אני בספק אמיתי שזה אפס . . . . כי אם זה ככה, זה יכול לשנות הרבה תעשיות . . .הרבה מכל העולם של Streaming ו-Video ו-Encoding וכאלה - הרבה מזה מבוסס על היוקר של הדאטה שיוצאאני חושב תוך כדי שאני מדבר - אני ממש בספק שזה אפס . . . (אלון) הם טוענים שזה אפס . . . בגלל זה אני גם טוען שזה Game-changer. אני חושב שזה ממש ישנה את התעשיות ואני חושב שברגע שזה יתפוס - אם זה יתפוס, ואין סיבה שלא, בתיאוריהזו גם חברה טובה מאוד . . .(דותן) ברור . . . אני חושב שיש גם Buisness-ים שכרגע מוכרים שירות מסויים ומאפטמים (Optimize) את ה . . . הם משלמים על ה-Trafficהחוצה ואתה משלם כי אתה עושה Subscribe ל-Business שלהם - עכשיו הם יקבלו את זה באפס . . . זה אומר שיש להם יותר רווח, אז נראה לי שהם מיד יעברו לשם.(אלון) כן - וזה כנראה יגרום לספקי הענן הקיימים גם לעשות משהו, אולי AWS יוציאו את S4 . . .(דותן) מעניין, צריך לבדוק את זה טוב . . .(אלון) בקיצור - זה נראה סופר-מעניין, במיוחד . . . (רן) ומה הם אומרים על רפליקציה (Replication) נגיד? כאילו, יש להם הרבה דברים ב-Edge, אבל אם אני רוצה את זה עכשיו זמין בכל המקומות, אז איך זה הולך לעבוד? מעניין . . . אני רוצה את זה זמין באסיה, באירופה, בישראל . . . - ובכל אחד מהם יש להם כנראה גם הרבה . . .(אלון) בעיקרון אתה לא שולט על זה, והם אמורים לנהל לך את זה לבד עם ה-CDN-ים שלהםהרי זה מה שהם עושים - הם CDN . . . אז כאילו By default זה כבר “בכל מקום”איך הם עושים את זה בפועל? זו שאלה מאוד מעניינת, כי זה נורא יקר, מה שהם בעצם מתיימרים לעשות פה - גם תשמור בחינם, גם נביא לך את זה בכל מקום . . . (רן) טוב, גם הפרסום שלהם נחמד - הם כאילו אומרים ש-R2 זה אומר כל מיני דברים - למשל - Ridiculously Reliable . . . . זו אחת מהמשמעויות של R2 - הם אומרים שהם מספקים 9 תשיעיות [כתוב 11] - 99.999999999, ככה תשע פעמים - אחוז Reliability שזה משהו שהוא un-heard of למיטב ידיעתי . . . (אלון) זה eleven 9's . . . (רן) נכון! 11 תשיעיות . . . אני לא מכיר כזה . . . (אלון) תעשה עוד פעם! - 9-9-9-9- . . . (רן) ספור לי . . . כן, לגמרי מעניין(דותן) אני מהמר שהחוצה, לאינטרנט, זה עדיין עולה כסף, אבל אולי עדיין יש שם משהו . . . .כאילו יש איזשהו egress שהוא פנימי, אני לא יודע . . . . אבל צריך לקרוא את המאמר שהם מתייחסים אליו(אלון) בכל מקרה - סופר-מעניין, במיוחד כשה-Database-ים חדשים, בגלל שהם נהיים ענקיים אז הם עובדים בצורה מבוזרת - אז בתיאוריה, אפשר להחזיק ככה Database-ים מסויימים, ואולי זה יגרום לשיטה שונה של לכתוב דברים.בקיצור - Stay Tuned! R2 . . . . תעקבו.ולנושא פחות מרגש - Kafka UIלמי שיש לו Kafka - אז זה Kafka UI, אפשר לנסותלא בדקתי - תבדקועל אחריותכם - זה Open source, תמיד צריך להיות קצת זהירים עם Open source, אבל חוץ מזה נראה פרויקט מאוד יפה ומשעשעלמי שיש לו Kafka - קל לראות Partition-ים, Topic-ים, מה קורה, מה רץ…למי שרוצה קצת ויזואליזציה (Visualization) ולצאת קצת מה-Shell - נראה מאוד חביב וחמוד(רן) יפה . . . יש כמה כאלה, זה לא היחיד, אבל לפחות ויזואלית הוא נראה נחמד, לא יודע לגבי שאר הדברים . . . (דותן) אפשר אולי לראות, להשוות, לנסות . . . (אלון) אפשר להשוות, אפשר לבדוק - לקרוא . . . תסתכלו, תחשבו לפני שאתם משתמשים . . .בסדר, נמשיך הלאה . . .יש פרויקט שנקרא “K - שמונה - Sandra” . . . זה K8ssandraזה כאילו Kubernetes - Cassandra . . . זה בעצם Install של Apache Cassandra על Kubernetesאז מי שרוצה Cassandra ורוצה להריץ את זה על Kubernetes - אז יש עכשיו דרך נוחה לעשות את זה.עכשיו אני - יש לי טראומות וצלקות מ-Cassandra אז . . . (דותן) יש עוד שכבה שאפילו הופכת את זה לעוד יותר קשה! - “Kubernetes שרץ על . . . .”(רן) רציתי להגיד !Raspberry Pi, אבל Cassandra . . .. כאילו - Cassandra שרץ על Kubernetes על Raspberry Pi . . . נשמע לי להיט. וכל זה ב-Edge?(דותן) . . . מחובר לגנרטור . . . (אלון) בקיצור - לי יש קצת צלקות מ-Cassandra, לא על Kubernetes, ויש לי צלקות מ-Kubernetes, אז אולי ביחד זה יאזן אחד את השני . . . אבל אם מישהו בעניין של Cassandra, יש לו משהו - הייתי ממש שמח לדעת איך זה עובד, הדבר הזה . . .(אלון) הבא בתור - יש את ערוץ ה-YouTube של אבישי איש-שלום - זה 15m ops breakזה בעצם סרטונים קצרים של 15 דקות, לפי הכותרת שהוא אומר - בפועל, יש כאלה שהם קצת יותר, 17 דקות אפילו מצאתי . . . הוא לוקח דברים מהטרמינל ופשוט לוקח איזשהו נושא ומפרק אותו - Deamon-ים, DNS-ים, Executables וכל מיני דברים . . .לכל מי שרוצה 15 דקות של למידה טובה, חמודה - יש פה ערוץ עם 17 Video-יםמשעשע, קליל ואחלה הפסקה בשביל ללמוד משהו חדש. מומלץ בחום!(רן) תודה אבישי!(אלון) תודה אבישי . . . תעשה לי קוד . . .בוא נמשיך . . . Chrome DevTools הוציאו Copy CSS styles as JavaScriptשזה נחמד - אם אתם רואים עכשי איזשהו אלמנט עם CSS, אז אפשר עכשיו לעשות לו Copy as JavaScript . . .להעתיק את זה ל . . . Style as JS ויכולים להעביר את זה ל-React או לכל המקומות האחרים שלכם, וקצת משתלטים על הקוד במקום אחד, במקום להעביר את זה ידנית כמו שקורה הרבה פעמיםכשמתחילים לסדר את זה ואז אומרים “טוב, בואו נעתיק את ה-Style-ים” . . .אז פתרו לנו את הבעיה.זהו, אולי הגיע הזמן לחשוף את ה . . .(דותן) אותי זה ירשים כשיהיה Copy as JavaScript as CSS . . . אז זה באמת יהיה מרשים.(אלון) אותי זה ירשים כשלא נעבוד עם JavaScript, אבל עד לשם הדרך עוד ארוכה . . . שיהיה לנו Built-in TypeScript, זה יותר משעשע . . . בסדר, כל עוד זה לא Python אנחנו בסדר.זהו . . . (רן) דותן - אליך . . . דותן - טוב, אז נתחיל ב-Breach! - ה-Twitch Breachזה היה לנו, לא זוכר בדיוק מתי, בסביבות אוקטובר-כזה, היה Breach ב-Twitchאחד הדברים המדהימים שהיו שם זה שההאקרים גנבו את כל ה-Source-code בחברה . . . וגם קצת מידע פיננסי.ה-Package עצמו שקל משהו כמו 125Gb - שזה כנראה המון-המון קוד, במיוחד שזה בטח מכווץ.אני חושב שזה נפתח למשהו כמו 1Tb של קוד.זה היה ה-Breach . . . עכשיו, לאורך הדרך התפרסמו כל מיני תמונות מתוך הקוד, תמונות מזעזעות, אפשר לומר . . . בעיקר התפרסם הקוד עצמו - היה אפשר להוריד אותו ולראות מה יש בפנים.הקוד היה ברמה די מפחידה - סיסמאות בתוך הקוד, מלא קוד PHP, מלא פרטי Database ב-Production, מה שאתם לא רוצים . . . .מיד אח”כ הייתה איזו נפילה קטנה - שזה כנראה Hacker-ים שהם ככה, ניסו “לשחק במערכת” ולראות לאן זה מוביל אותם . . . מסוג הדברים שאני באופן אישי טוען שאנחנו עוד נראה הרבה מזה - כי ממש קשה להבין מה ההשלכות של 125Gb של קוד שדלפו החוצה . . .בדרך כלל ההאקרים מחכים לזה - בודקים את הקוד, בודקים איפה יש חולשות שקשה לראות מבחוץ - וכמו כל גנב מפעם - ברגע שקורה כזה משהו אז הם יושבים על זה, מחכים איזה חצי שנה - שנה ואז עושים את המכה.צריך ללמוד שלפעמים Breach כזה לא מיד מביא נזק - בדרך כלל אנשים חכמים נותנים את הנזק חצי שנה אחריאחרי שכולם שוכחים, אולי אנשי ה-Security התחלפו ועזבו ונכנסו אנשים חדשים - כל מיני דברים כאלה.(רן) אתה אומר שבעקבות דבר כזה, יש סיכוי טוב שכמה אנשי Security הלכו שם . . . .נזכיר ש-Twitch זו פלטרפורמת Streaming - התחילה במקור כ-Streaming של משחקים אבל היום זה Streaming של הרבה מאוד דבריםאחת הגדולות, אולי הכי גדולה בעולם - ובבעלות Amazon, נכון להיום, ככה שזה לא איזה סתם משהו קיקיוני.(רן) אבל דותן - אתה קצת חקרת את הפירצה הזאת. איך היא קרתה? זאת אומרת, דלף קוד ואולי עוד כמה דברים דלפו - אבל מה? איך פרצו?(דותן) אז לא באמת יודעים איך בדיוק זה קרה . . . יודעים מה המניע, לפחות מה שפורסם.באותו רגע שזה קרה, הייתי יחסית על זה ובעצם הסתובבתי בכל ה-4Chan - למי שמכיר, 4Chan [אתם לא בהכרח רוצים לעקוב אחרי הלינק, אולי לשלוח לאלון קודם שיבדוק …] ]זה איזשהו איזור נידח של האינטרנט עם כל מיני פורומים ואנשים פרסמו את ה-Breach ופרסמו פרטים - ומיד מחקו להם - ושוב פרסמו פרטים ושוב מיד מחקו להםאז אם אתה על ה-refresh אז אתה מבין איך זה קרה . . . .המוטיבציה הייתה בעצם הקנייה של Amazon - בואו נעשה “פריצה לגוף המרושע הזה”, במרכאות, שקנה את החברה.ובואו נעשה Shaming, בואו נביא את ה-Data של כל האנשים וכמה הם מרוויחים - וניצור תכך כזה בין כל ה-Network הזה - זו הייתה המוטיבציה.איך זה קרה? לא ממש פורסם . . . זה כזה גדול עד שלא פרסמו את הממצאים.(רן) בסדר, אוקיי . . . .(דותן) אני מניח שאם בכלל אז עוד שנה כזה, עוד חצי שנה.(אלון) עוד חצי שנה זה כבר לפריצה הבאה, לפי מה שאתה אומר . . . (דותן) לגמרי . . . אבל אני כן אגיד שהדברים האלה הם . . . שאלו אותי, למשל, האם אפשר לעצור את הדליפה של החומרים האלה - והתשובה היא “לא” . . . .לא משנה מי “יחתוך את הרשת”, הדבר הזה כבר ב-Torrent-ים ומי שרוצה יכול למצואאפילו לא צריך את הקובץ עצמו - את ה-Magnet Link וזהו: יושבים על 125Gb, באינטרנט של היום אז זה תוך כמה ימים עד שבוע כבר יש לכם את כל הקוד שלהם . . . זו הרמה.עכשיו אתם פותחים את הקוד - 125Gb זה המון . . . מה שנקרא “לכל מקום שתזרקו את האבן תפגעו במשהו מעניין” . . . כמובן שאל תעשו את זה - לא לנסות בבית . . . אבל אם מישהו היה רוצה, ככה הוא היה עושה…(אלון) אני רוצה להגיד שהיה להם נזק ישיר מזה כבר, כי היו סיסמאות ל-Database והם פרסמו דברים מה-Database, כמו כמה מרוויחים שם השחקנים, ה-Streamer-ים - וזה יצר קצת בלגן עם החברות האחרות, עם YouTube וכאלה . . .(דותן) כן, זה פשוט מאוד מאסיבי . . . . הכל שם, ממש הכל שם, זה סופר-מאסיביאני מעריך שזה יהיה פי כמה וכמה יותר גדול ממה שראינו עד עכשיו, פשוט Common Sense.זהו, אז נעבור קצת לדברים יותר אופטימיים - למי שרוצה לצייר Chart-ים, Candlestick Charts, שמאוד נפוצים בעולם ה-ForeX - בטרמינל . . . . - יכול! יש ספריית Rust שעושה את זה[זה cli-candlestick-chart]אם לא שמתם לב - נכנסתי כבר ל-Thread של ה-Rust, אז אתם מוזמנים להתחיל לצחוק עלי על הזמני קימפול (Compile), ולשאול כמה זמן לוקח לזה להתקמפל וכל מיני דברים כאלה . . . . תרגישו חופשי להפריע לי . . .(אלון) אנחנו נצחק עליך בסוף - אנחנו עדיין מקמפלים את הבדיחה . . .[1-0 לאלון . . . ](דותן) אה, אחלה . . . אז זו ספרייה ממש מגניבה -אני פריק של - נראה לי שאני אומר את זה באופן קבוע - של גרפיקה ב-Terminal, אז זה תמיד מרשים אותי ונחמד.האייטם הבא - יש ספרייה - יותר טכנולוגיה - ש-Google פיתחה - זה נקרא scudoו-scudo זה Allocator שהוא נקרא-לזה-מוקשח . . . . כש-Allocator זו החתיכה - אם נדבר רגע Low-level - זו החתיכה שעושה את האלוקציה של הזכרון (Memory Allocation)אפשר להשתמש בה אם אתם עובדים עם C ו-++C, מחברים ל-Allocatorתמיד למערכת ההפעלה יש את ה-Allocator שלה - אבל יש כל מיני Allocator-ים אלטרנטיבייםאלו לא דברים שאנחנו נחשפים אליהם כשאנחנו עובדים ב-High-level, ב-Python ו-Node וכאלהאבל כשאתה עובד יחסית יותר Low-Level, אז אתה יכול להשתעשע עם Allocator-ים אחרים - עם Tradeoff-ים של Performance ו-Security וכו'.אז זה באמת אחד כזה - שהוא הרבה יותר Secured ואין לו שום tradeoff - הם אומרים שהוא . . . העניין פה הוא Performance כמובןהם אומרים שהוא “מספיק מהיר” או “מהיר כמו” ה-Allocator-ים האחריםאז אם אתם עובדים עם Rust ובא לכם להחליף Allocator, שזה דבר שהוא שורת קוד אחת - שזה מדהים - אפשר לעבוד עם ה-Allocator של Google, החדש.הוא יותר מוקשח ואין סיבה שלא - לפחות ככה Google אומרים . . . אז זה מעניין.הפרוייקט הבא, בהקשר של S3 וכאלה . . . .(רן) שנייה, דותן - אני יכול לשאול כמה שאלות לגבי ה-Allocator הזה? . . . .(דותן) בטח . . .(רן) כתוב שהוא יותר . .. אמרת “מוקשח”, פה הם מתרגמים את זה ל”הוא יכול להגן נגד heap-based buffer overflow ו- use after free, ו-double free - איך הדברים האלה בכלל קורים ב-Rust? ב-Rust עצמה, ה-Compiler לא אמור להגן עליך מפני זה?אז זה שייך לאיזור שנקרא Unsafe . . . כמו לכל דבר, יש שכבה מסויימת ב-Rust שהיא Unsafe . . . (רן) הבנתי - רק אם אתה עובד ב-Unsafe, אתה צריך את השמירה הזאת - אם אתה עובד ב-Safe . . . (דותן) כן, אבל הדבר הזה שייך לעולם הזה - זה פשוט רכיב שהוא Low-level - וכמו כל דבר, אתה, “בחיים השוטפים שלך”, לא באמת שם לב ל-Allocator, זה כאילו סוג של פעולה של . . . “בא לך להחליף Allocator” זה לא משהו שאתה עושה כל יום…אם אתה בונה פרוייקטים שדורשים Tradeoff-ים מסויימים, כמו יותר Security או יותר Performance וכו', אז אתה יכול להתנסות עם להחליף Allocator-יםשזה - מניסיון - עושה הבדל.אני החלפתי Allocator אצלנו בפרויקט, Allocator שנקרא jemalloc, שנחשב הרבה יותר מהיר - וראיתי את ההבדל בעיניים, אז . . . זה מגניבוכמובן - שום דבר בקוד לא השתנה.זהו, אז האייטם הבא - נקרא kamu - וזה בעצם סוג של “Git ל-Data”זה פרוייקט שבנוי ב-Rust, כמו הרבה פרויקטים בעולם ה-Data ב-Rust שמתחילים.יש משהו מאוד מפתה: Performance ו-zero overhead - כמובן שזה מאוד מפתה ומזמין לבנות פרויקטים ל-Data ב-Rust - והרבה דברים כאלה מתחילים.אז זה עכשיו התחיל, יחסית עכשיו - והוא רוצה לעשות Git מעל Data - שזה אחלהיש גם כמה דברים כאלה, נדמה לי שהם באיזור - למשל dbt - שזה פרויקט מסחרי, וזה מגניב.כמו כל פרויקט כזה, יש לך דיאגרמות של ארכיטקטורה ואיך זה עובד והכל מאוד מאוד פתוח ומאוד מזמין.אני לא יודע אם זה יפגוש את הסוף - יש לא מעט פרויקטים ב-Rust שמתחילים מאוד hardcore ונגמרים עם “אוקיי, משכתבים מחדש” - אבל בדרך יש המון המון למידה וידע - אז זה אחד כזה.מן הסתם לא נראה לי [שכדאי] להשתמש ב-Production, אבל כן אפשר ללמוד ולראות איך הם בונים דברים.(אלון) יש צמיחה של פרויקטים מהסוג הזה . . . . של “Git over S3” וכאלה . . . (דותן) נכון, אני חושב שזה התחיל ב-Reproducibility- זה היה “איך אני עכשיו לוקח דאטה שלי, שמאמן מודל בגרסא אחת - ואחרי זה אני מתקדם, יש לי עוד סט של דאטה שמאמן מודל בגרסא 2 - איך אני יודע לחזור למודל מספר 1, ולעשות Reproduce לבאגים של Machine Learning?” . . . . זה היה, למיטב זכרוני, ההתחלה של זהואחרי זה, זה הלך גם לרמת התשתיות - “בואו ניקח את כל הדבר הזה, ובמקום לעשות Hard Thinking לגרסאות מסויימות של דאטה, בואו ניצור “סוג-של-Git” מעל דאטה, מעל S3, לא משנה מעל מה.אבל היופי פה הוא מן הסתם המאסות האדירות של הדאטה ואיך עושים Versioning לזה.(אלון) מגניב . . . ועכשיו עם R2 זה גם חינם!(דותן) נכון - אבל ה-Storage הוא לא חינם ב-R2 . . . זה עדיין לא בוננזה(אלון) לא נורא(דותן) האייטם הבא - מה שנקרא “אחד משלנו”: אורי, שעובד אצלנו פרסם מאמר ב-Towards Data Science - הוא עובד הרבה על לייצר Data-set-ים ל-Source Code כדי ללמוד מהםוהוא נתן פה את רשימת ה-Pitfalls וה-Do - Don't Do שלוקליל, מעניין - למי שמתעסק בלמידה מעל קוד זה, שווה מאוד לקרוא.(רן) אתה מתכוון ל”לג'נרט (Generate) קוד כדי לעשות למידת-מכונה על הקוד”?(דותן) כן - אז אנחנו עושים למידה שהיא דומה למה שראינו ב-Copilot - רק שהתחלנו עם להבין שאחד האתגרים זה copyrights וקוד מסווג - וגם תוצאות מסוכנות כשאתה לומד בצורה עיוורת . . . .ככה התחלנו מההתחלה, שמנו את זה על ה . . . .(רן) משתמשים ב-Copilot?(דותן) לא . . אנחנו בנינו משהו . . .(רן) לא . . . אני שואל אתכם, באופן אישי - אלון, דותן - אתם משתמשים עכשיו ב-Copilot? אני משתמש . . . .(דותן) לא, אני לא צריך . . . . לא צריך Copilot . . . (רן) ברור, לא צריך . . . . אבל . . .(דותן) אני יודע לבד . . . (רן) אני התחלתי להשתמש לפני איזה שבועיים, וזה כאילו - לפעמים זה מדהים ולפעמים זה מעצבן, אני חייב להגיד.רק אני אזכיר - Copilot למי שלא זוכר [397 Bumpers 69], זה כלי שנותן לכם השלמות קוד אוטומטיות, אבל הוא עושה את זה על בסיס GPT3, זאת אומרת שהוא עושה את זה בצורה אינטליגנטית, על בסיס של Data set שנלמד מתוך הרבה מאוד פרויקטים ב-GitHub - ויש Extensions, נגיד ב-VSCode, ואתם יכולים פשוט להשתמש בזה - וזה ייתן לכם Code Completionעכשיו - זה לא “סתם Code Completion” - זה כותב לכם שורות שלמות, פונקציות שלמות לפעמיםאתם מתחילים לכתוב את הפונקציה והוא “מנחש” את ההמשך, ואתם יכולים לקבל או לא לקבל את זה.אז אני משתמש בזה כמה זמן . . .אז לפעמים ההצעות הן כאילו “בול מה שאני צריך”, וזה מדהים - ולפעמים זה ממש מעצבן, עד כדי שזה “ממש דומה אבל יש שם באג” . . . נגיד - באג שאולי גם אני הייתי פעם עושה, ועכשיו כש”הוא” הציע לי את זה אז לא שמתי לב, ואז אני מסתכל על לאט ואומר “וואלה, האינדקס פה לא נכון, בעצם היה צריך אינדקס אחר”, וכאילו . . . (דותן) . . . ואז הזמן שחסכת הלך לאיבוד . . .(רן) . . . כן . . . .אז אני מאוד נזהר עם לקבל את ההצעות שלו - ועדיין אני כל פעם מסתכל וחושב “וואו, זה מדהים”.זה נחמד לראות את הדברים האלה קורים.(אלון) מה אכפת לך שיש באגים? זה באגים של מישהו אחר . .. .(דותן) נכון . . . אתה כל היום מתקן באגים של אנשים אחרים, ושוב פעם ושוב פעם . . . תחשוב שאתה תיקנת, אז גם מישהו אחר קיבל את אותה הצעה - וגם הוא תיקן . . . זה כמו זמן שנשרף על . . . .היה אז את הפרויקט של SETI, זוכרים? של המחקרים על סיגנלים מהחלל, ולנסות לגלות יישות אינטליגנטית, כשכל מחשב קיבל איזה Chunk וככה בזבז CPU וחשמל? . . . .אז יכול להיות שזה כזה - מלא אנשים מתקנים בו זמנית את אותו באג . . .בקיצור, אז זהו . . .(אלון) נשמע כמו ביטקוין . . . כולם מנסים לחצוב באותו זמן את אותו ה . . .(דותן) לגמרי, כן . . . זו הגרסה היותר מאוזנת של זה . . . זהו, מאמר נחמד- למי שמתעסק - שווה לקרוא.עוד דבר מדהים שיצא דווקא השבוע - ב-Rust יש . . . . אין Static Analyzer מכיוון של טעויות אבטחה וטעויות נפוצות - יש כמו Linter כזה, כמו Clipy, שהוא מדהים ישבה אוניברסיטה ופיתחו כזה, בעצם משימה אקדמית כזאת - GIT, ה-Georgia Institute of Technology - ופיתחו כלי שנקרא Rudra, שזה Static Analyzer ל-Rustעיקר הפוקוס שלהם - דיברנו קצת על ה-Unsafe, דרך שימוש ב-Unsafe, אם כבר מפתח הלך לשם, לאיזור הזה, המסוכן - בו ננתח את הקוד שלו ונעזור לו לא לעשות טעויות.מה שמדהים פה הוא שהפרויקט האקדמי הזה ניתן לשימוש מיד - אז ב-Rust יש מנהל, Package Manager שנקרא Cargo - פשוט עושים Cargo Install Rudra, ואז Cargo Rudra ונגמר הסיפור, אתם בעצם משתמשים בפרויקט האקדמי.בהרבה פעמים, החווייה שלי זה שפרויקטים כאלה נשארים ב-Level האקדמי - כותבים את המאמר, מפבלשים (Publish) אותו וסיימו עם זהאבל פה יש משהו שהוא מאוד שמיש, והקהילה משתמשת בזה ונהנית מזה - שזו סימביוזה מדהימה בין אקדמיה לקהילה.נושא קצת אחר - התעסקתי לא מזמן עם Sandboxing של של Process-ים במערכות הפעלה - איך לוקחים Process ועושים לו הגבלות למינהן, אנחנו מכירים את זה מהעולם של Docker.בתוך Docker יש כל מיני הגבלות לכל מיני Process-יםוגיליתי משהו מאוד נחמד - ל-Mac יש . . .איך נקרא לזה? “תוכנה” או “כלי”, שבא עם ה-Mac, שנקרא sandbox-execהוא כבר Deprecated - זה כנראה מסוג הכלים האלה, שהוא “דלת אחורית” כזאת, שלא הרבה משתמשים בהן - וניתן לייצר איתו Sandboxing למה שבא לכם.אתם יכולים לקחת כל אפליקציה ולכפות על האפליקציה לא להשתמש ב-Network, להשתמש רק בקבצים מסויימים, לא לגשת לנתיבים מסויימים וכל מיני דברים כאלה מעניינים.כותבים את ההגבלות ב-Lisp או ב-Sicp - שזה גם מאוד אנושי ומפתיע ומזמין . . .ואפשר להשתמש בזה כבר עכשיו מה שעוד מצאתי - ושמתי לינק, או שאני אוסיף - זה שיש אנשים שפותחים Github Repo עם כל מיני תוכניות פופלאריות ב-Mac וההגבלות החכמות אליהןלמשל - אם יש לכם Chrome, אין לו שום סיבה לגעת לכם ב-Folder של אפליקציות . . . אין שום סיבה כזאת.או בספריות של Settings בתוך ה-Home שלכם - כל מיני דברים כאלה שכשחושבים על זה אז זה מאוד Makes sense שזה אפילו יבוא מהיצרןכי בסופו של דבר, אם יש איזשהו Extension ככה “מלוכלך” ב-Chrome - ואם Chrome לא מגביל אותו אז אף אחד לא יגביל אותוזה נכון לכל אפליקציה שאתם מורידים - וזה סופר-מגניב, ברגע שגיליתי את זה.(רן) למרות שתראה - בעולם האפליקציות, ה-Mobile Applications, הולכים על “Whitelist” [או allowlist] - ופה מדובר על הגישה של blacklist [או blocklist] - “תגיד מה אתה לא מרשה”הגישה הבטוחה יותר מכיוון Secuiory זו גישת whitelist [allowlist] - שזה משהו שמקובל בעולם האפליקציות - אמנם הרזולוציה היא לא כזאת גבוהה, אתה לא אומר כל Folder אלה רק נותן . . . יש איזשהו Set סגור של הרשאות כמו האם אפשר לגשת ל-GPS או אפשר לגשת למצלמה וכו'.אבל זה משהו שמקובל בעולם ה-Mobile - וזה נחמד שיהיה את זה גם . . . .(דותן) נכון, אין ספק שיש פה Glitch די גדול - שמערכות הפעלה הן - איך נקרא לזה? lagging behind the . . . (רן) . . . קצת פחות בטוחות, כן.(דותן) בדיוק - למרות שב-Mac קצת הוסיפו את זה: היום אפליקציות מבקשות ממך לגשת ל-Downloads ודברים כאלה, שזה מנומס וסופר-נכוןאבל יש כל מיני נתיבים אחרים - אני מוריד כלי פיתוח, או כל דבר שאני רוצה סתם לשחק איתו - ולא תמיד זה קורה.בקיצור - כלי ממש מגניבהוא Deprecated - המחשבה מאחורי ה-Deprecation לא ברורה, אבל די ברור שה-Core Library שזה משתמש בו - שזה דומה, נגיד, ל-Jails במערכות הפעלה אחרות - זה משהו שנולד כדי להישאר, ו-Mac בעצמו, ה-OS 6 בעצמו משתמש בזה.זהו, האייטם הבא - בכל שפה חדשה שנולדת, יבוא מישהו ויממש את כל האלגוריתמים - מ-Cormen או ממקומות כאלה - ועכשיו עשו את זה ב-Rust, שזה עוד Milestone נחמד מאודלמי שרוצה לראות איך ממשים אלגוריתמים נפוצים - כל מיני Sort-ים, Graph Algorithems וכאלהבעיקר זה נותן, הייתי אומר, “מבט אינטואיטיבי לאיך שנראית שפה” - למי שעשה [למד] מדעי המחשבכל אחד שעשה את זה יודע, פחות או יותר, בראש שלו - יש לו כבר “צלקת” של איך שנראה Buuble Sort או Quick Sortואז אפשר לבוא ולראות את זה בצורה ברורה בשפה אחרת שהוא לא מכיר - וזה נחמד לתרגם את זה, מחשבתית.(אלון) נחמד . . . (דותן) כן . . .האייטם הבא הוא הרבה יותר “מרעיש”, הייתי אומר - יש פה פרויקט שנקרא tauri, וזה סוג של תחליף ל-Electronלמי שלא מכיר - Electron Apps, אז אני אמנה כמה, אני אנסה מהזיכרון . . . אז אני עובד עם Figma שלדעתי זה Electron [יאפ]. . . עם מה אתם עובדים, שהוא Electron וטוחן לכם את הזיכרון והמחשב? . . . (אלון) VSCode . . . (דותן) אני חושב שגם Slack . . .(רן) VSCode אני חושב שכבר לא Electron, אני חושב שהם עשו את זה מחדש . . . אבל הוא היה Electron בהתחלה ... (אלון) אה, נכון, Atom היה Electron . . . ו-WhatsApp . . . (דותן) WhatsApp . . . כל העטיפות ה-Native-יות הן בעצם . . . Electron, הסיבה שהפסקתי לעבוד עם זה זה שפשוט יש לי מלא Electron Apps במקביל ואז זה גומר לי את המחשב . . .אני מעדיף לעבוד כבר ב-Chrome - ש-Chrome ינהל את המשאבים שלו וככה אני מנסה To hack it.וגם כל אפליקצית Electron זה לפחות 50-60Mb, מכווץ - 130Mb פתוחפה, המהפכה היא שזה משתמש ב-Rust - הפתעה! - אבל זה יוצא 5Mb . . . וזה משוגע.והיופי פה זה שכמובן - מה ה-tradeoff? איך זה יכול להיות?אז זה משתמש, ב-Default, ב-WebView של מערכת ההפעלה - ואת כל הפערים ש-Electron מפצה עליהם הם פשוט עשו ב-Rust . . . אז זה סופר-מגניב, אני מניח שזה בא עם קצת מגבלות ודברים שאי אפשר לעשותאבל חשבו פה ממש על המון . . . Self-updater, להתחבר לנוטיפיקציות (Notifications) של המערכת הפעלה, כמובן Cross-מערכות הפעלה - Mac, Linux, Windowsממש . . .(אלון) רגע, זה HTML? כאילו . . . . זה Web לכל דבר?(דותן) כן, WebView, תעשה מה שבא לך . . . אני . . .(אלון) למה זה לא בעצם דפדפן? . . . אם אתה אומר שהוא יותר מהיר, הוא ב-Rust . . .(דותן) קודם כל, ב-Electron נולדו גם כל מיני דפדפנים חדשיםאני זוכר את ה . . . לא זוכר איך קוראים לדפדפן של ה-Privacy שנולד, עם הלוגו של האריה [Brave?] . . . . לא זוכר אותו בדיוק, אבל נולדו כאלה, בדיוק אחר כךואז, אתה יודע . . . בסופו של דבר, אנשים מעדיפים להשתמש ב-Chrome.אבל כן . . . וגם WebView הוא לא באמת כל היכולות של דפדפן מלא. אני מניח שמישהו יבוא ויממש מעל זה משהו דומה.זהו, סופר-מרגש - ואלטרנטיבה ממש-ממש טובה לאפליקציות, כי אצלי לפחות “העצם בגרון” זה הגודל של ה-Electron Apps שנולדו.(רן) תגיד, אתה - יש לך עוד משהו על Rust? יש לך עוד משהו ב-Rust?(דותן) כן, במקרה, ממש שמח שאתה שואל . . . . האייטם הבא זה gituiלמי שכל הזמן מחפש Git UIs, אני חייב להגיד, באמת מחווייה אישית, שיש מלא Git UIs בחוץ - וכולם מאכזבים בכל מיני צורות . . . אני לא יודע במה אתם משתמשים ומה עובד לכם, אם בכלל.לפעמים יש לי Chain Set-ים רגישים וגדולים שאני אומר שאני חייב שנייה מבט על - מה קרה פה? וגם שנמשכים על הרבה זמןאין הרבה כאלה, אבל לפעמים יש.אז אני מעדיף שנייה להסתכל ויזואלית (Visual) על מה שקרה ולברור את השינויים - ולפעמים אני צריך Git UI כלשהו . . .(רן) אני לא משתמש . . . אני, האמת, לא משתמש ב-UI, כאילו - ניסיתי פה ושם את Tig ו-Git Tower ועוד כל מיני דברים כאלה - אבל לא, אני תכל'ס משתמש ב-CLI כל הזמן.(אלון) אני משתמש עם ה . . .(דותן) גם אני משתמש רוב הזמן עם ה-CLI, אבל לפעמים אתה רוצה שנייה להיות מאוד מאוד זהיר, זה המתי שאני כן צריך את המבט-על.(אלון) אני - צוחקים ע ישב-Git אני Junior, אני עובד עם UI . . . אבל יש את ה-GitHub Desktop, שהוא חביב, ויש את זה שהיה טוב אבל תמיד טחן את ה-CPU, אז אולי הם סידרו את זה - ה-Sourcetree של Atlasian.הוא היה טוב - אבל זה היה כבד, כאילו אתה מרים מערכת הפעלה ומשגר טילים לחלל [כבר היו מקרים] . . .כולה, וואלה - Viewer על Git, למה טחנתם לי ארבעה Core-ים במקביל? אבל אולי הם סידרו את זה כבר . . .(דותן) כן - אז פה יש אלטרנטיבה שהיא אותו דבר, רק על הטרמינליש כמה כאלההיתרון של זה זה שהוא כתוב ב-Rust והוא מהיר וקליל.זהו - זה זה.יש עוד כמה אייטמים - אז אחד מהם זה applied-ml - יכול להיות שזה כבר היה פה [?]אבל זה ככה קפץ לי תוך כדי חיפושים - ומה שאהבתי פה זה שכל המאמרים הם לכיוון של Apllied, פחות תיאורטיים ויותר “איך עשינו בחברה כזאת וכזאת”והרבה פה, בסופו של דבר, זה לינקים לבלוגים ו-YouTube Vidoes של כל מיני חברות שמראות איך הן עשו משהו.הרבה פעמים זה מאוד פרקטי - והחלק השני של זה זה שהם מפרסמים גם את המחקר והכלאבל זה תמיד בא מהפרקטי.יש פה Reading List משוגע, סופר מענייןאני עשיתי לזה סוג של Bookmark, כדי כל הזמן לחזור ל-Reading List הזה.(אלון) שמע, זה מגניב לאללה . . . . יש פה כל מיני דברים מגניבים(דותן) כן, זה כייפי כזה, כאילו . . . קריאה לפני השינה(רן) אוסף של הרבה מאוד Case-Studies או בלוג-פוסטים על Machine Learning ב-Production מכל מני סוגיםאם זה מערכות המלצה, רגרסיות, Computer Vision - בקיצור, מה שלא תרצה . . .(אלון) זה לא רק Machine Learning . . .(רן) אוקיי . . . Applied ML . . . יש פה גם דברים של Data Engineering והכל, אבל בגדול הפוקוס הוא על Machine LEarning, לפי השם . . .(דותן) כנראה, ניתן Preview - יש פה Driving Shopping Upsells from Pinterest Search שפורסם ע”י Pinterest Engineeringואחרי זה Bringing Personalized Search to Etsy שפורסם ע”י Etsy Engineering . . . זה הסטייל, כאילו . . . בלוגים כאלה, מעניינים(אלון) כן, אבל יש פה דברים שזה לא Machine Learning . . . מי שנתן את הכותרת התחיל עם Machine Learning ובסוף דחפו לו שם דברים שהוא לא שם לב . . . (דותן) אז תזהרו מה-”לא-Machine Learning”, שלא תפלו באיזה מאמר על נגיד אופטימיזציה של Search . . .(אלון) חלילה! יש פה מאמר על Analytics at Netflix: Who We Are and What We Do - שזה לא נראה לי בכלל על . . . טפו! זה בכלל לא קשור ל-Machine Learning . . . (דותן) ה-Data Scientist שקורא את זה אחר כך צריך חמש פעמים לטעון דאטה ל-Pandas ולשרוף . . .(אלון) איזור שלם על Team structure . . . באמת, אנליסטי, דאטה . . . מי שמתעסק עם Machine Learning - קחו מפתח שישב לידכם כשאתם עוברים על ה . . . .(דותן) לפתוח Issues . . . (אלון) קחו מפתח לידכם, שיגיד לכם איזו שורה לקרוא ואיזו לא - שחלילה לא תכנסו לחומר לא קשור . . .(דותן) לא קשור, לא כשר . . . טוב, האייטם הבא - האמת שתפסתי את הראש . . . זה התחיל ב” . . . What the” כזה ואז עוד יותר ועוד יותר ועוד יותר . . . זה בעצם פרויקט של GTA III - למי ששיחק בילדותו - וזה כנראה בנאדם שאמר “אני רוצה לעשות לזה Reverse engineering, לבנות את המשחק מחדש - בלי שיש לי את ה-Source Code בכלל” . . . .והצטרפו אליו, בתקופה של הקורונה, מלא מפתחים - ועשו את זה . . . הרבה עשו Reverse Engineering ל-GTA III . . . .זה לא חוקי, אני חושב - והמשחק עובד . . . בלי שיש להם את השורות קודוהסיפור המדהים - זה לקח לי זמן לעכל את זה, כי זה כל כך מדהים שאמרתי “זה משוגע” - זה שהוא התחיל . . . הוא כאילו פתח פרויקט, ואז היו לו DLL-ים ... אם אתה לוקח את המשחק עצמו, אז יש לך DLL-ים - ה-DLL-ים בדרך כלל חושפים API פומבית לצורך המשחק עצמו - ואז הוא הסתכל, עשה Listing של ה-API הפרטי והפומבי, והתחיל לקורא ל-DLL-ים האלה, בלי שהוא חבר, שזה סוג של משוגע . . . ואז, אחרי הרבה עבודה, הוא הבין שהוא סיים משהו כמו . . . הוא כל הזמן העריך את זה - 10,000 שורות קוד, עשה להן Reverse Engineering - ונשארו לו רק עוד 200,000 . . . אחרי הרבה מאמץ.ואז הצטרפו אליו המון אנשים, בגלל הקורונה, והם עשו את זה . .. אין לי מושג אפילו איך להתחיל להבין את ה-Magnitude של הפרויקט הזה, אבל זה משוגע, באמת.(רן) אז הפרויקט עצמו הוא ב-C, ברובו - למרות שאני רואה שיש גם קצת ב-Assembly . . .(דותן) ++C, כן (רן) אוקיי . . . דרך אגב, הוא Archived, אז יכול להיות שיש כאן איזשהו עניין חוקי . . . אז עשו לו Archive, אבל עדיין אפשר לגשת אליו, כל הקוד זמין, רק שאי אפשר לשלוח אליו Pull-Request-ים יותר. . .(דותן) כן, כאילו - אם הייתי החברה שפיתחה את GTA - זה Rock Star Studios? אני לא זוכר כבר - הייתי כזה אומר לו “טוב, התקבלת . . .”(רן) וזה גם בית ספר טוב ל-++C . . .(דותן) . . . “בוא, קח פרויקט . . .” - יותר מזה? אין יותר מבחן או ראיון מזה . . . “תשכתב את כל המשחק מאפס, בלי שאתה יודע את הקוד שלו . . .”(רן) . . . “נאבד לנו ה-Source Code, אתה יכול לעזור לנו שנייה?”(דותן) אז זה התרגיל הבא - אם יש לכם חברה ואתם מגייסים אנשים: התרגיל למפתחים הוא “תשכתבו את כל הטכנולוגיה של החברה, יש לכם שנתיים לעשות את זה” . . .(אלון) זה אחלה תרגיל - אנחנו עושים אותי כמובן, מה זאת אומרת? . . .. אבל אצלך הוא לא היה עובר, כי הוא לא כתוב ב-Rust . . .(דותן) הייתי משתמש ב-Copilot . . . היה כותב לי את הכל.(אלון) יכול להיות שזה מה שהוא עשה . . . כתב “GTA Source Code” ובום! - ה-Copilot נתן לו הכל . . .(דותן) יש מצב . . . בקיצור, אפשר לפתוח לו Issues . . . אפשר לפתוח לו Pull-Request-ים, אני רואה . . . בואו נחטט ב-Closed, נראה מה הוא סגר . . . .(רן) רגע, אז מה זה אומר שעושים Archive? אם הפרויקט Archived אז מה זה אומר?(דותן) אה . . . מכריזים ש”סגרנו” . . . שלט על החנות של “נסגר, תודה רבה, הייתם אחלה” . . .(רן) לא, אבל כתוב Read Only . . . אתה אולי יכול לשלוח לו Pull-Request-ים, אבל הוא לא יקבל אותם כי הפרויקט הוא Read-Only, לפי מה שכתוב.(דותן) יכול להיות, כן . . .זהו - ואפשר להוריד את זה, אני רואה . . . אפשר להוריד את כל ה-Source Code, אז . . . .בקיצור - למי שאוהב את הדברים האלה, זה מעניין.זהו, אייטם אחרון - זה נקרא system-design-primer זה אייטם שנתקלתי בו המון - אני חושב שלפני כמה שנים אפילו ככה נגענו בו - אבל הוא כל הזמן מתעדכן, כי Design של מערכות צריך אבולוציה, וזה לא אותו הדבר.זה אחלה לחזור לבקר - אם אתם רוצים להיזכר איך לתכנן מערכות - מה הכללי אצבע וכל מיני Designs של מערכות נפוצותנגיד, יש פה תרגילים כמו “תכנן Web Crawler” ו”תכנן Key-Value store” וכל מיני כאלהזה, ככה - נחמד כזה, מחליף סודוקו . . .(רן) אז זה כאילו סוג של הכנה לראיון עבודה בנושא של System Design, או יותר מזה?(דותן) זה יותר “רענון מחשבתי” . . . כמובן שאפשר להתשמש בזה לראיונות עבודה, אבל א. אפשר כן לקרוא וככה ללמודב. אפשר ליצור מתוך זה תרגילים לראיונות עבודהאבל בשבילי זה יותר כזה Refresh נחמד, קריאה קלילה ומרעננת . . .(אלון) שמע, יש פה דברים שאם אתה ממש חופר לעומק, אתה תגיע ממש רחוק ב-Rabbit Holeכי אם אתה הולך על Database-ים פה, באיזור של ה-No-SQL - אז יש לך ממש את ה-Paper-ים של Bigtable ו-Cassandra, אז זה הולך רחוק . . . .(דותן) פעם היה קטע . . . מה זה “פעם”? היה לפני 11 שנה כזה, 2010 - היה קטע שהיית נרשם למגזין

How did you approach versioning and dependency management when you were building this reusable component library at PayPal? I would like to know 1. How did you go about introducing breaking changes? 2. How did you make sure that people are using the latest version of your library or it doesn't matter if they are using the same version? What's bad about having different teams using different versions of the same library?

SummaryMads Torgersen talks to me about the upcoming release of C# 10.DetailsWho he is, what he does. The design team. Danes and language design. Aims for C# 10; yearly cadence; simplification, removing boiler plate; minimal API, fuller lambda expression. Relationship with .NET team. Users driving changes. Picking the changes to make; championing a change request. Versioning, guidelines vs rules. New features Mads likes, global using, struct records, with expressions. Moving from C# 9 to 10, suggestions and fixes in Visual Studio, what about VS Code. Is .NET 6 a Framework? Naming challenges. Many ways to do the same thing in C#. ''Modern C#'' - a sliding window of how to use the current C#. Newer features improve the code, not just the semantics. A new math feature that Mads is excited about; static abstract members on interfaces. What didn't make it into C# 10. The compiler team building the language.Support this podcastFull show notes@madstorgersenMads' blogWhat's new in C# 10.0Preview Features in .NET 6 – Generic Math

My guest today is Leo Farias. Leo is the creator of the wildly popular FVM open-source tool. He is the CEO and co-founder of Concepta Inc and CTO and co-founder of FanHero.FVM stands for Flutter Version Management. FVM is a simple CLI tool to manage different versions of the Flutter SDK: "FVM helps with the need for consistent app builds by allowing to reference Flutter SDK version used on a per-project basis. It also allows you to have multiple Flutter versions installed to quickly validate and test upcoming Flutter releases with your apps, without waiting for Flutter installation every time."In my opinion, FVM is an essential tool for every Flutter developer. It facilitates switching Flutter versions quickly, as well as pinning the Flutter version that should be used for a project which is especially helpful when working on teams. We talked about what motivated Leo to build FVM, FVM's functionalities, and the differences between the various installation options for FVM.Leo also worked on Sidekick, a beautiful desktop app (of course written in Flutter) for managing Flutter versions (you can think of it as a graphical user interface over FVM's core functionalities), explore releases, view popular packages, and more. Sidekick is available on Mac, Windows, and Linux.At the end of the podcast, we talked about what is next for Leo and what else is he working on.Guest: Leo FariasTwitter @leoafariasGitHub @leoafariasLinkedIn @leofariasFanHero: A white label, all-in-one live streaming and OTT solutionConcepta: Orlando Mobile App and Web Development Companyfvm.app: Flutter Version ManagementHost: Vince VargaTwitter @vincevargadevGitHub @vincevargadevLinkedIn @vincevargadevWeb vincevarga.devMost relevant past episodes from Flutter 101Dart in the Cloud, Backend, Command Line, and Shelf with Kevin Moore (Episode 14): Kevin Moore is a Product Manager at Google working on Dart and Flutter. Dart in the cloud, on the backend, and on the command line. Functions Framework for Dart, Google Cloud Run, Docker and Dart, Shelf, and many many other useful packages.Dart on AWS Lambda and Serverless Computing with Sebastian Döll (Episode 6): We talked to Sebastian Döll (GitHub Microsoft, previously Solutions Architect at AWS) about serverless computing, the state of serverless Dart, and how he implemented a custom AWS Lambda Runtime for Dart.Mentioned packagespub.dev/packages/fvm: A simple CLI to manage Flutter SDK versions per project. Support channels, releases, and local cache for fast switching between versions.pub.dev/packages/cli_pkg: A set of Grinder tasks that make it easy to release a Dart command-line application on many different release channels, to Dart users and non-Dart users alike. It also integrates with Travis CI to make it easy to automatically deploy packages.pub.dev/packages/pub_api_client: An API Client for pub.dev to interact with public package information.pub.dev/packages/mix: An expressive way to effortlessly build design systems in Flutter. Mix offers primitive building blocks to help developers and designers create beautiful and consistent UI.Other resourcesGitHub OCTO | Flat DataDart Sass: Dart Sass is the primary implementation of Sass, which means it gets new features before any other implementation.github.com/leoafarias/sidekick: Sidekick is an app that provides a simple desktop interface to tools that enhance Flutter development experience to make it even more delightful.github.com/leoafarias/flutter_flat_data: Flutter & Dart Unofficial Flat Data APIgithub.com/leoafarias/homebrew-fvm: Homebrew formula for fvm

Links: Cloud Security Basics CIOs and CTOs Should Know: https://www.informationweek.com/cloud/cloud-security-basics-cios-and-ctos-should-know/a/d-id/1341578? Spring 2021 PCI DSS report now available with nine services added in scope: https://aws.amazon.com/blogs/security/spring-2021-pci-dss-report-now-available-with-nine-services-added-in-scope/ Top 5 Benefits of Cloud Infrastructure Security: https://www.kratikal.com/blog/top-5-benefits-of-cloud-infrastructure-security/ The three most important AWS WAF rate-based rules: https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/ Researchers Call for ‘CVE' Approach for Cloud Vulnerabilities: https://www.darkreading.com/cloud/researchers-call-for-cve-approach-for-cloud-vulnerabilities Managed Private Cloud: It's all About Simplification: https://www.computerworld.com/article/3623118/managed-private-cloud-its-all-about-simplification.html 100 percent of companies experience public cloud security incidents: https://betanews.com/2021/08/04/100-percent-public-cloud-security-incidents/ Why cloud security is the key to unlocking value from hybrid working: https://www.welivesecurity.com/2021/08/05/why-cloud-security-key-unlocking-value-hybrid-working/ Organizations Still Struggle to Hire & Retain Infosec Employees: Report: https://www.darkreading.com/careers-and-people/organizations-still-struggle-to-hire-retain-infosec-employees-report NSA, CISA release Kubernetes Hardening Guidance: https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/ HTTP/2 Implementation Errors Exposing Websites to Serious Risks: https://www.darkreading.com/application-security/http-2-implementation-errors-exposing-websites-to-serious-risks Ransomware Gangs and the Name Game Distraction: https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ Using versioning in S3 buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Jesse: The general theme in security news and trends show us that perimeter defense has a whole new meaning. There is no large perimeter anymore. Nearly every device is on a public or otherwise hostile network, from servers to phones to laptops. Every device needs scanning, protecting, monitoring, and analyzing. None of these devices can be viewed in a vacuum, as separate entities without the context of behavior of systems and services accessed from across a network.This is why zero trust and cloud native applications and services go so well in these hard times. If you can't trust anything without checking on current events, then you have to authenticate and analyze in real-time to determine if something is safe to allow. In the ancient days of yore, everything was default allow and you stopped things you knew were bad. Then along came default deny, where you allowed only those things you white listed. But that was a full-time allowance of bad things to happen when an account was compromised.Ditch the white list and just implement real-time contextual security. If you do this, does it really matter if someone gets a hostile device on your network? Nope. If you treat everything, including owned and managed assets, as hostile, some new unmanaged device or service doesn't change your operations or exposure much if at all.Meanwhile in the news. Cloud Security Basics CIOs and CTOs Should Know. Some of the critical things non-cybersecurity execs ought to know: moving to the cloud isn't a security easy button, cybersecurity insurance generally sucks, and moving to the cloud takes a lot more work than people think to get operationally secure.Spring 2021 PCI DSS report now available with nine services added in scope. When you do compliance and use cloud infrastructures and SaaS services, you need to prove your services support compliance requirements. This AWS report can help. Also, review the new services added to see if you can improve your service delivery and applications supporting PCI.Top 5 Benefits of Cloud Infrastructure Security. Using the cloud doesn't make you more secure, but there are advantages that can make security more manageable in the cloud than it is in legacy data centers.The three most important AWS WAF rate-based rules. Sometimes ya just got to geek out. Also, your security person won't always be there to set up things like Web Application Firewalls with DDOS mitigation and other nifty security and compliance tools.Researchers Call for ‘CVE' Approach for Cloud Vulnerabilities. If there is a vulnerability in cloud service provider services, they should get a CVE like anyone else, right? After all, it's just software, which is what the CVE is supposed to track.I understand shining light on the problems to force cloud companies to fix them, but that is partly what the CVE system is for. If there are configurations that open gaping security holes, they need to be in CVE. Why do they want to make a new thing to replace a perfectly good thing?Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Managed Private Cloud: It's all About Simplification. So, let's see if I understand this. Several article sources talk about the benefits of using private cloud citing the exact same benefits as using a public cloud service, except claiming it's more secure for finance and medical verticals. Hello folks, AWS Outposts anyone? The only difference is the shared responsibility model, except that now you have an outside agency managing everything. Neither are more or less secure than the other. They are different approaches to risk acceptance and mitigation.100 percent of companies experience public cloud security incidents. Despite the sensationally alluring feel of the headline, the real news from this is that moving to cloud operations exposes the horrible lack of processes around custom development and production management that most organizations have. Don't blame being in the cloud for your poor operations, just don't be stupid.Why cloud security is the key to unlocking value from hybrid working. [sigh]. Hybrid cloud, hybrid cars, hybrid corn, and now hybrid work. I haven't understood why it's so hard to understand that there are additional security concerns and either increased or displaced risk pushing workloads and data to the cloud. The only common answer I can think of is that security in general is full of theater and drama. Of course, there's more risk. Obfuscated risk is dangerous.Organizations Still Struggle to Hire & Retain Infosec Employees: Report. The extreme lack of trained and/or experienced cybersecurity talent underscores the importance of all of us knowing security well enough to mitigate most risks. Sure, having someone dedicated to the work is far superior to having security tacked onto the duties of others, but without the ability to fill those dedicated roles, someone has to keep the script kiddies and APTs out.NSA, CISA release Kubernetes Hardening Guidance. This is pure IT security gold. The spooks often hold secrets most of us haven't figured out, partially due to the immense resources they throw at cybersecurity. This report is 52 pages of great advice. Also, now everyone knows security issues in Kubernetes environments. Don't be stupid. Go read this now.HTTP/2 Implementation Errors Exposing Websites to Serious Risks. Black hat and other security conferences are famous for gloom and doom pronouncements that are just theoretical attacks that likely won't ever be practical in real-world production systems. However, this one may have some legs.Ransomware Gangs and the Name Game Distraction. With ransomware groups regularly getting international media attention, they're retreating to the shadows when the heat turns up on them. They will vanish from headlines, but they will simply rebrand and move forward as if they were a new group. This is why following Indicators Of Compromise, or IOCs, is more important than worrying about the exact behavior profile or name of a group.And now for the tip of the week. Don't lose overwritten file data. Use S3 versioning. Enabling versioning on your S3 buckets allows disaster recovery and an audit trail for changes in your data objects. The docs are fairly straightforward, as well. Check out the AWS doc section called: Using versioning in S3 buckets. And that's it for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.

Hi everyone! We had a great time with Luke Urban. In this episode, Luke shared with us the tips on versioning the Flutter environment and we found them great! Watch it now and share it with your friends!Credits:

Welcome to Last week in .NET; and last week was a holiday week so things will be lighter than usual.

Jon Skeet is the first show recorded since the COVID-19 pandemic was declared - so its pretty far ranging! Carl and Richard discuss Carl's recovery from the virus, and then chat with Jon about what life is like for him in this new world. The conversation also digs into the Better Know a Framework around VB.NET going into maintenance, challenges with nodatime and versioning and more!Support this podcast at — https://redcircle.com/net-rocks/donations

Jon Skeet is the first show recorded since the COVID-19 pandemic was declared - so its pretty far ranging! Carl and Richard discuss Carl's recovery from the virus, and then chat with Jon about what life is like for him in this new world. The conversation also digs into the Better Know a Framework around VB.NET going into maintenance, challenges with nodatime and versioning and more!Support this podcast at — https://redcircle.com/net-rocks/donations

The current media landscape is in huge flux. The agency landscape is changing. Production is changing. There's a lot of change, and obviously it's computers and the internet and connectivity that has caused this last decade of very fast change but things seem to be getting quicker all the time.

In this episode of the Xamarin Podcast, James Montemagno is joined by Jon Dick of the Xamarin components team to discuss the Android Support Libraries and Google Play Services. Don't miss this super informative episode overviewing what these important libraries are, why they are necessary, what's new, and how to use them in your apps today. 7:00 - What are the Android Support Libraries? 8:30 - Is it possible to build your app without the Android Support Libraries? 11:45 - What does each Android Support Library do? 15:00 - Versioning for Android Support Libraries, especially in relation to Xamarin.Forms 16:45 - Should you always be using the latest version of the Android Support Libraries? 25:00 - New things in the Android Support Libraries 33:00 - Overview of Google Play Services 44:00 - Tool/Package/Extension of the Week James: Twitter (https://twitter.com/jamesmontemagno), Blog (http://motzcod.es/), GitHub (http://github.com/jamesmontemagno), Merge Conflict Podcast (http://mergeconflict.fm) Jon: Twitter (https://twitter.com/redth), GitHub (https://github.com/redth) Subscribe: iTunes (https://itunes.apple.com/us/podcast/xamarin-podcast/id691368176?mt=2) Google Play Music (https://play.google.com/music/listen?u=0#/ps/Ifcss44ww5lc375esulsuettsey) Overcast (https://overcast.fm/itunes691368176/xamarin-podcast) Special Guest: Jon Dick.

In this episode, the crew talks about enterprise applications, scalability, and productivity. Transcription provided by https://twitter.com/wtoalabi Episode 53: Bigger & Better Music.... Intro: Alright welcome back to another episode of the Laravel Podcast, I am one of your hosts, Matt Stauffer, I have got two guys joining me...Can you introduce yourselves? JEFFREY WAY: I am Jeffery Way! TAYLOR OTWELL: And I am Taylor Otwell. MATT STAUFFER: It's been a little while but we are back with a little bit more to share and if you haven't gotten a chance to check out the Laravel New...News Podcast...all *laugh...*Check out the Laravel new Podcast where... Interjections MATT STAUFFER: Checkout the Laravel New..News Podcast...oh my gosh! Everytime now! News Podcast, where Jacob Bennett and Michael Dyrynda, basically being Australian and ' Illinoisian'  tell you all the greatest and latest news that is going on with Laravel, so, because they are covering that so well, we are going off the beaten track a little bit talking about a few kinda broader topics, so, what we did was, we put out some requests on the Twitter account and said "Hey folks, what do you want us to talk about?" And we picked a couple interesting ones and we just want to...just like the reader grab bag or... whatever you call it on your podcast Jeffery, so, the first one at the top of the queue is...something we hear about all the time, not just in this particular request, which is "Can Laravel be used for big apps?" And sometimes this comes in the same conversation of well you know if you want to do enterprise you should use this framework or if you just want to do a cute little thing, then use Laravel. You know, there are all this like statements and perceptions that people have and make about this, so before we go anywhere else, I would ask like, what is and do we know, what is the definition of an enterprise app, like if someone, and then again we are trying to give as much grace as possible to the person who actually thinks there is a distinction...what makes an enterprise app? Is it about lines of code? Is it about patents? Is it about security? Is it about traffic? Like what makes something a big app? And or an enterprise app? Do you guys have a sense for that? JEFFREY WAY: I really don't. So I basically have the same question. From afar, I will just say an enterprise app is something I imagine that is really really big...I don't know, it is an interesting distinction that people always make. I mean for as long as I can remember, even back in the Codeigniter days, you had this idea that Codeigniter is for these sorts of hobby projects but then if you are on the enterprise level, you are gonna reach for Zend or you are gonna reach for Symphony. And I feel like even after all those years, I can't quite figure out, what specific features or functionality do they have, that make them suitable  for enterprise or what would Codeigniter  not have or what does Laravel not have...hmm... is it related to the fact that Zend has a big company behind it? And whereas with Laravel, you know, like everyone is just gonna keep creating threads about ...what happens when Taylor dies? Is that the kind of idea? Like this is open source...it's kind of rickety...you are not sure what the state of it is, you are not sure if it's going to be abandoned? And with Zend, maybe if you have a big company behind it..maybe you can depend upon it more? Maybe? I don't know, I have the same question as everyone else. TAYLOR OTWELL Yeah, I think most people mean lots of classes I guess. You know, lots of code, lots of lines of code and I think the answers is, you know, obviously I am going to say yes it can be used for big apps, one because it has been used for big apps in the past, so we already know it's true basically. But then also, I think that, you know, Laravel is good for any app that PHP is good for, so, Laravel gives you a good routing system and a way to route request as classes and sort of beyond that is really up to you, you know, once you are past the controller, you basically have total freedom to do whatever you want to do, so, it's up to you in terms of if your app is going to be scalable in terms of complexity. And also I think Laravel is kind of uniquely qualified and better at making big apps than other PHP offerings right now, for a few reasons. One because when people start talking about big apps, a lot of time there is dependency complexity and Laravel Dependency Injection Container  is really good and it's really thoroughly baked in throughout the entire framework. When you talk about complicated apps, a lot of time you are also talking about needs like background job processing and Laravel has basically the only baked in queue system out of any major framework in PHP...hmmm...and then of course there is event broadcasting and other features that I would say are more kind of on the big app side of things, so, not only is it...can it be used for big apps, I think it's uniquely better for big apps than other alternatives out there in PHP right now  for those reasons. And I think it's just a little misleading because it is easy to get started with, and has a very simple starting point. And since that has a single route file you can kind of jump into it and start hacking around on, but it also scales up, you know with your needs and with your team's needs in terms of complexity...so yeah, that's kind of my take on it. Everyone kind of thinks that their app is a special snowflake you know, that has this, very unique requirements that have never been required in the history of web apps, but, the vast majority of applications don't have unique requirements and they don't really have unique needs and you know Laravel and many other frameworks really are going to be a good fit for them but I think Laravel is the best option in PHP right now for a big sophisticated application. JEFFREY WAY: And it is funny because, for whatever reason everyone thinks their project is going to be the one that really put Laravel to the test in terms of how many page views it can render in a single second...all that stuff like...if you need to worry about that, you are at such high level and you will know if you need to worry about that or not, but 90, I would say 99% of projects will never even get close to that point. So, it's almost like, to be frank, it's almost like a sense of vanity that you think the project you are working on right now is something that really needs to worry about that, because you probably are not even close. TAYLOR OTWELL Yeah, and we are assuming, developers don't approach projects in a rational way, even though we think they might. Like people don't choose frameworks in a rational way, they don't choose anything really laughs related to tech in rational way, a lot of time, as surprising as that is. There's a lot of things that go into it and some of it are sort of personality things, maybe they don't like a way that a certain framework is marketed or not marketed. You know some people are very turned off by active marketing around open source, so, maybe they don't like the style of Laravel sort of friendly, hey look at easy this is easy kind of marketing and they are turned off by that, and so they choose something that is more toned down, more sort of suite and tie like Zend because that fit's their personality better. It's not really a technical decision, it's more of just personality or subjective decision. And that happens a lot with tech in general, you know, some people don't use anything that is popular in general, just the kind of classic hipster type thing. I think a lot goes into it and rarely is it purely technical. Sometimes it is... they don't like me! You know, they don't like me personally. And so they don't like Laravel or use Laravel. JEFFREY WAY: I like you Taylor. Everyone laughs JEFFREY WAY: Right before we started recording, I guess RailsConf is going on and I was watching DHH give his presentation live...and he was kind of talking about this to some extent...the idea that it is important even for a tool like Rails or Laravel to have like their own culture and their own sense of values. And he was talking about how like a lot of people take this idea that you just learn all the different languages and then... you do...you are a programmer. So, if you need to work in this local language, you do it and you just apply everything over. And he was talking about how like while that is true, what is wrong with being part of the community that has a very specific culture, very specific views...he talked about like the  people that are still using Rails are doing it, maybe not just because it's better, but because they agree with the values that Rails represents. That is like the huge reason why people still use it to this day. And I think, that is very much true for Laravel as well. It is kind of interesting way to think about things. It's all personality, it's about what your values are. What you connect with and what you don't connect with. TAYLOR OTWELL Yeah...when I first started Laravel, that was a big part of how I wanted, how I thought Laravel could be successful, because I knew that in my own life, like there is sort of this ongoing desire to sort of connect with a group of people. Some sort of community or whatever around shared values. And you know that can be found like around many different things like music, or sport or religion, or whatever.  And I knew with programming like I wanted to connect with this group of people that has similar values about writing really clean code and having a good time doing it and making it enjoyable and sort of interesting, new and fresh. And that's kind of how I presented Laravel and I think it resonated with some people that were also looking for a group with those kinds of values. And that is still the kind of the values that we obviously try to share today, but yeah, it wasn't necessarily a purely  technical thing, it was building this group of people that sort of resonates around similar ideas  and working on it together. MATT STAUFFER: It's interesting 'cos I think that even in my question, I conflicted big and enterprise and I think that you guys kind of really drew out the difference between the two in some of your answers, I mean if we think about it, like Jeffery's first answer was, while enterprise might be really interested in having a company back it versus a person..like Taylor said, we get the question of what if Taylor gets hit by a bus all the time. And it makes sense right, like we have clients all the time coming to us like, say, you know well, you know the CEO or the board or the CFO of our multi-million dollar or multi-billion company are very worried that we are gonna invest a whole bunch of money and time in something and X ..and it's not always...and that Taylor might get run over  by a bus, but a lot of developers are getting non-developer input on decisions they make here and there are certain times where some IT persons have set up some rules that says like "You can only use projects like this and not [projects like that and I do wonder whether there are some constraints there like one of them being, that it must of be owned by a company, I know that when we worked with CraftCMS a lot of people said well, why would you, there's actually a business value of using CraftCMS over something Wordpress because Craft is making money and therefore it's a sustainable business model and therefore the business people are actually less worried about this thing disappearing. Right? So like maybe a more direct chain of profit to the people who are running the thing might actually make it clearer. I don't know if that exists maybe ZendCon would be something like that but I know it's Laracon too...I don't really know! But it's interesting that the requirements of ...like the true enterprise requirements...like because I work for a company, my company has these requirements...but I think people, including me when I ask these questions conflict that with big. And so I think there is a good place to take this next is, lets step away from enterprise a little bit...enterprise culture is a thing...you know whatever...let's talk about big, so the thing mentioned Taylor, and Jeffery both of you said a lot of people come along and say oh well mine is going to be the one that finally pushes those bounds right, I am gonna run into traffic issues and stuff like that, so, first of all, like I know that we can't say a lot of the names of big sites that are running on it but I feel like is there anything we can do to kind of like just ... I mean, I know several of them 'cos I am under NDA with several of them, you know, who have talked to us about doing some work with us but there's like multi- I mean milions of millions of hundreds of millions of page views sites running on Laravel...there is like Alexa top 500 sites running on Laravel, there's ...hummmm...what's the big group of all the businesses in the US? I can't remember the name of it...Fortune 500 companies running on Laravel...like multiple Fortune 500 companies whose websites are running on Laravel. Are there anything that you guys can share, like to say, hey look, this is the proof, like we've got big stuff running through here. TAYLOR OTWELL Trying to think some of them..I mean like the Vice Video, Log Swan, you know, various video games sites like FallOut 4 had their landing page on Laravel...other stuff like that, but you know, it's sort of never seems to be enough and it sorts of becomes this treadmill of, you know, I have to give one more proof that it sort of can work...and I just wonder like what's really underlining the question like, do they want to know that if I build my big app on Laravel will it be infinitely maintainable and clean...and no, Laravel won't automatically make your app amazing to maintain for 10 years, you know, I don't know if it's like trying to sort of scale responsibility for you also having to do a lot effort to like make your app enjoyable to maintain or what...but... MATT STAUFFER: Bad programmer, can write a bad app with any framework right? Like, nothing is going to rescue you from that..not saying that the person asking is necessarily bad..but I think that's a great point you made earlier Taylor, I wish we can further into it, is that with Laravel like yea ok, Laravel has it's own conveniences but at some point every single app is basically just you writing PHP... TAYLOR OTWELL: Yeah MATT STAUFFER: And especially at this level when you are talking about hundreds of thousands of lines of code, like the vast majority of the dependencies there is going to be just PHP code right? TAYLOR OTWELL: Yeah. Once you get...let's just take like a Laravel app...'laravel new'...whatever...once you are at the controller, method, in your controller class, everything else is up to you, so whether you use the validator or whether you even use Eloquent at all, or whether you use anything in Laravel, is entirely up you, so it was your choice to do whatever you did past that point. So, it's not Laravel making you do any one particular thing. So, that's sort of the point where you are gonna have to, you know turn your thinking cap on and really plan on how to do a big project, because as far as the framework is concerned, the framework is gonna be a much smaller concern than your actual code, you know the framework is gonna be routing session, some caching, some database calls, but you are the one that is gonna have to like, figure out the domain problems of your app, which is gonna be way more complicated I think, than any framework problems you are gonna have. Like, how is this app gonna work? How is it gonna provide value for our customers, or whatever, those are all like much bigger questions I think...than worrying about can Laravel be used for "Big" apps. MATT STAUFFER: One of the questions we got on Twitter was, how to build big sites with Laravel, scaling, deployment,  database structure, load balancing, so, lets say someone is on board right...yes, Laravel can be used for big apps period..it's good..so, what are some considerations that you would have, so if you were taking, you know, a default app out of the box and you "laravel new" it and you build some basic stuff and someone says alright, this app that you just built needs to be able to handle you know, a million hits a week next month..what are the first things you would look to, to start, kind of hardening it against that kind of traffic? TAYLOR OTWELL: Hmm, really simple things you could do is to make sure you are using a good cache or session driver, so probably you wanna use something like Memcache or Redis or something that you can centralize on one server or Elasticache if you are on AWS whatever, you know, you are also probably gonna use a load balancer...PHP is really easy to deploy this way you know, to put a LoadBalancer up and to make a few PHP servers and to alternate traffic between them. PHP makes it really simple to do that kind of scaling and then with Laravel, make sure you use config cache, make sure you are using the route cache, make sure you are doing composer dump autoload optimized, you know, really simple things you can do to sort of boost your application a little bit. MATT STAUFFER: Jeffery, I know Laracast is pretty huge, you kinda in there day in, day out, so I know you are super focused on making sure that it's performing, especially related to maybe, let's say, databases and deployment, can you give me any kind of tips that you have there for people who are building new kind of high traffic apps that you have learned from developing Laracast? JEFFREY WAY: Yeah, Laracast is surprisingly high traffic, if you look at the numbers. And I can tell you, not doing that much...just to be perfectly frank, beyond what Taylor said, a lot of that stuff is kind of the fundamentals...of using config cache...a lot of people will just deploy and stick with the file based cache driver...laughs..you will obviously have some issues with that...but, I am not doing anything that fancy. A lot of it becomes basic stuffs like, people completely ignoring the size of their images...like that is always the very first one I bring up and it's such a 101 tip, but if you go from site to site, you can see it being abused immensely. There is so many ways to work it into your build process...or if not, just dragging a bunch of images into..like a Mac app...I am trying to think of the one I use... TAYLOR OTWELL: Is it ImageOptim? JEFFREY WAY:  ImageOptim, yeah just, like when you deploy you can drag a bunch of images up there and it will automatically optimize them as best as it can. And you would be shocked how much benefit you can get from that...versus people who just take a 100kb image and they throw it into their project...you know it's funny that people will debate single quotes versus double quotes all day and then throw a 200kb image into their banner, you know, it makes no sense, people, are silly that way. TAYLOR OTWELL: I think another great thing to do is separate out your database from your web server. If you are building anything, you know, that you care about...like in a real way, it can be good to do that..and sort of, if you don't do it from the start, it can be kind of, you know, scary to make the transition, because now you've got to move your live database to another server...but, there are tools out there to make it pretty easy, there are even free packages out there to make it pretty easy to back up your database, so, that has always been really nice for me to have that on a separate server. So definitely if you are gonna have to start do that because it just makes it easier to do that scaling where if you wanna add a second server, you don't have this sort of funky situation where you have one webserver talking to another webserver because it has your database and all that other stuff where now if you want upgrade PHP you've got to upgrade PHP on the same server that your live database is running on...just scary situations like that...that, that would help you avoid. MATT STAUFFER: Are you guys using a lot of caching on your common Eloquent Queries? JEFFREY WAY: Yeah, I do quite a bit. TAYLOR OTWELL: I really don't on Forge. MATT STAUFFER: I wondered about Forge, because with Forge, each query is gonna be unique per user right? Versus with Jeffery where there might be like a page that lists out all of the episode and you might have 10, 000 people hit that same page. With Forge, it's more 10,000 people each seeing a totally different list right? TAYLOR OTWELL Yeah, it is very dynamic. The one thing I do cache is the list of invoices from stripe because there is a stripe API call we have to make, so we do cache that. JEFFREY WAY: Yeah me too. TAYLOR OTWELL: But other than that I don't think I really do any caching. So, Jeffrey probably has more insight on that...? JEFFREY WAY: Well I have a lot of the stuff on the Forum, because the forum just gets hammered...you will be surprised about how popular that forum is... MATT STAUFFER: I won't be surprised because it shows up on the top results of everything. JEFFREY WAY: I know and I do love finding my forum when am googling for my own ignorance. And I go to my own website to figure out how to do something which is a great feeling! But I do have some queries related to the forum that are pretty intense, a lot of like multiple joins, pulling in stuff, so I do cache that..even summary,  I cache that every 10 minutes at a time. Just to reduce the weight a little bit. I get a lot of use out of that stuff and then, yeah, of course, the type of stuff that doesn't just change like Categories or Channels or like Taylor was bringing up, there is no reason not to cache those things. And yes especially the invoices it's a great example, if you are making a network query every single time a page is hit, there is really no need to do that if it's going to be the exact same results...every single time give or take a change or two...so those are obvious cases where you want to cache it as long as you can. TAYLOR OTWELL: How do you burst your cache on Laracast? JEFFREY WAY: Whenever something cache bustable takes place...I guess... TAYLOR OTWELL: Ok so I guess like whenever a new category is out and stuff, you just ... JEFFREY WAY: When a new category is out yeah, as part of that I will just manually bust the cache...or no, I will automatically bust the cache...in other areas, it happens so rarely that I just boot up 'php artisan tinker' and do it myself....*laughs...*which is crappy, but no, anything more common like that, I will just automate it as part of the...whenever I update the database. MATT STAUFFER: We are working on an app right now that has Varnish sitting in front of it. And so literately the code that is behind our Skype window right now is me writing a job that just wipes the Varnish cache either for the whole thing or for specific routes in response to us notifying that the change happens and that's an interesting thing because the cache is outside of Laravel app, but it's cached based on its routes...and so I have the ability to say...well, these particular changes are gonna modify these routes and I built an intelligent Job that kinda get sent out anytime we need those things. So even when it is not within the app, even when it is not your Laravel cache, there is still a lot of ability to kind of put some heavy caches on. And in speaking of that kind of stuff cache busting, use the Version in mix all the time. I mean that is just, because then you can throw Varnish or whatever else and just do infinite cache on your assets. And if you all don't know what that is, it's essentially every single asset that gets built by Mix now has like a random string appended at the end of the file name. And every time it's changed, it gets a new random string on it. And so you can set a forever expires on your Javascript files, your CSS files or whatever else, because anytime it needs to change, it would actually be a different file name as your browser will get to request it and then Varnish will get re-request it or whatever is your cache is. JEFFREY WAY: But on that note, actually, I have been thinking about that, is there...can you guys tell me any real reason why when we are using Versioning, the file name itself needs to change? Because you are using that Mix helper function already to dynamically figure out what the version file is, so is there any reason why we can't just use a unique query string there, or not a unique query string but taking where we would change the file name to include the version, we just include it as part of the query string and then the file name always stays the same? MATT STAUFFER: I know that HTML5 boiler plate used to do just query strings and I hadn't even thought about that, but that might be possible, where the files always stay the same but your...what's that JSON file that has the .... JEFFREY WAY: JSON manifest... MATT STAUFFER: Maybe that just adds the id into the new id to pass? And it's just like authoring comment or something like that? JEFFREY WAY: Yeah, when you version the file, it creates, basically it gets like a Hash of the file that you just bundled up and then that gets included in the new file name...but every time you bundle if that changes, you will never know what that file name is called in your HTML so basically you can use this Mix helper function that Laravel provides that will dynamically read that JSON file and it will figure out, oh you want this file, well, here is the current hashed version and we return that...but yeah I have just been thinking lately like, is it kind of dumb that we keep creating a new file, when instead, the Mix manifest file can just have the relevant query string updated. MATT STAUFFER: So, I googled really quick and there is a thing from Steve Souders....who is the guy who originated the 13 rules of make your website faster or whatever they were...the whole like, you know less HTTP requests, and it's called in your files names don't use query strings...I havent read it yet...oh High Performant websites...I havent read it yet and it is 9 years old. My God! Now that I am seeing seen him talking about Squid, I have worked with Squid before which is like a pretty old cache, but a lot of stuff that works for Squid also works for Cloudflare so I am guessing Cloudflare is either using Squid or adopted Squids terminologies and I do think...and I also did a whole bunch of work with one of our clients who is writing custom Varnish rules right now. And I do remember that stripping query strings is a thing that happens sometimes especially when it doesn't matter, for example in the case of asset, I think it maybe a thing that he do by default, so he is digging through here and Squid and proxies and stuff like that, I think basically what he is saying is your proxy administrator could go and teach the  proxy to care about query strings but all then ignore them by default... JEFFREY WAY: Ok MATT STAUFFER: So by choosing to use it with query strings you are opening up a lot of job opportunities where it doesn't work the way you are expecting. TAYLOR OTWELL: I have been using Cloudflare quite a bit recently. The whole Laravel website is behind Cloudflare, heavy Cloudflare caching, very few requests actually hit the real server. Mainly because it's all static, you know documentation but am a big fan of that, especially when you are scaling out webservers, if you are using, you know, some kind of Cloudflare SSL. I think Amazon has a similar SSL service now, it makes so much easier to add a web server because you don't really have to think about your certificates as much, you know, putting your certificate on every server, especially because since you can just use like a self-signed certificate if you are using the Cloudflare edge certificate...so that's something to look into and it's free to get started with and it has some nice feature for scaling.  MATT STAUFFER: I helped some folks at this thing called the Resistance Manual, which is a Wiki about basically...huh......sorry to be mildly political for a second...all the negative impact of the Trump presidency and how to kind of resist against those things. And so they wanted me to help them gather their information together and I said well I can help out, I am a tech guy and they were like, do you know, you know, media wiki, which is the open source platform behind things like Wikipedia, and I said no, but you know, I can learn it. Turns out that it's like really old school janky procedure PHP and so I said yeah I can handle this but it is also just extremely dumb in terms of how it interacts with the database and so when you are getting you know millions of hits like they were on day one, we had a like a 8 core, you know, hundreds of hundreds of dollars a month Digital Ocean box and it was still just tanking. Like couple of times a day that the caches were getting overflowed and all that kind of stuff, so, I threw clouldflare on it, hoping it would be magical and the problem with that is it's not Cloudflare's fault it's because Cloudflare or Squid or Varnish needs to have some kind of reasonable rules knowing when things have changed and for anyone who has never dealt with them before there is a sort of complicated but hopefully not too complicated dance between your proxy and reading things like expires headers and E-Tags and all that kind of stuff from your website. And so if you throw something like Cloudflare or something like that on it and it is not working the way you expect, the first thing to look at is both the expires headers and the cache link headers that are coming off of your server pre-cloudflare and also what that same response looks like when it's coming back after going through cloudflare, and cloudflare or whoever else will add a couple of other ones like did it hit the cache or miss the cache and what's the expires headers and what's the Squids expires headers, so there are lots of headers that give you the ability when it just seems like it is not just working the way you want and there is only like 3 configuration options in cloudflare, then what do you do? Go look at your headers and I bet that you know, 15 minutes of googling about how cloudflare headers work and Squid headers work and then inspecting all your headers before and after they hit cloudflare and you will be able to source out the problem. Alright so, we talked databases, we talked loadbalancing a little bit, deployment, so, if anybody is not familiar with zero downtime deployment, just a quick introduction for how it works...if you use deployments on something like Forge the default response when you push something new to your github branch is that it hits 'git pull', 'composer install' 'php artisan migrate' or whatever, so your site could erratically be down for seconds while the whole process runs and so, if you are worried about that  you can run, 'php artisan down' beforehand and 'php artisan up' afterwards, so when it's down, instead of throwing an error, you just see like hey this site is temporary down kind of thing. But if you are in a circumstances where that is a problem, you might want to consider something like Capistrano style or Envoyer style zero downtime deploy, look somewhere else for a much longer explanation but essentially, every time a new release comes out, it's cloned into a new directory, the whole installation is processed and run there and only once that is done, then the public directory  that is getting served is symlinked into that new directory instead of the old one. So you end up with you know with the last 10 releases each in its own directory and you can go back and roll back into a previous directory and Taylor's service Envoyer is basically a really nice User Interface in front of that... For me that has always been the easiest way to handle deploys in a high kind of pressure high traffic high loads situations is just to use Envoyer or Capistrano. Are there any other experiences you've all had or tips or anything about how to handle deploys in high traffic settings when you are really worried about you know those 15 seconds or whatever...are there any other considerations we should be thinking about? or anything? TAYLOR OTWELL: That's the extent of my experience..I haven't had anything that is more demanding than using Envoyer. Am sure there is you know...if I were deploying to thousands of servers, but for me when I am just deploying to 4 or 5 servers Envoyer has been huh...pretty good bet. MATT STAUFFER: And hopefully if you are deploying to a thousand sites, then you've got a server person who is doing that. You know like we are talking dev'ops for developers here right,  like when you are running a minor server not when you are running a multi-billion dollar product and the clients I have been talking to were working with all these kind of Varnish stuff..I didnt setup Varnish you know, my client setup Varnish and took care of all these stuff and he just kinda asked me for an input in these kind of stuff and so I definitely would say like there is definitely a limit at which...you know...people often lament like how many responsibilities they are putting on developers these days. I don't think we all have to be IT people capable of running servers for you know, a one thousand server setup for some massive startup or something like that. But I think like this whole, you know, how do I handle a thing big enough that 15 seconds of down time where a  migration and composer run...I think that is often within our purview and I think something like Capistrano or Envoyer is for me at least it's being a good fix...the only situation I have not had to run into which I have heard people asked about online and I wanna see if you all have any experience there is, what if you do a roll out and it has a migration in it and then you need to roll back?  Is there an easy way to do the 'migrate:rollback' in an Envoyer rollback command or should you just go Envoyer rollback as you SSH in and then do 'php artisan migrate:rollback' TAYLOR OTWELL: Sort of my view on that recently like over the past year has been that you will just never roll back, ever. And you will always go forward. So, because I don't know how you rollback without losing customer data. So, it's, a lot of time not really visible to rollback. Lets just pretend you could, then yes, there is no real easy way to do it on Envoyer, you will just kind have to SSH in and do php artisan rollback like you said. But I think a lot of times, at least for like my own project like Forge and Envoyer, I can never really guarantee that I wasn't loosing data so I think if at all possible, what I would try to do is to write an entirely new migration that fixes whatever problem there is. And deploy that and it will just migrate forward, you know. And I will never really try to go backwards. MATT STAUFFER: You find yourself in that accidental situation where you deploy something that should never have been, then you then go 'php artisan down' real quick, run the fix, push it up and let it go through the deploy process and then 'php artisan up' after that one deployed. TAYLOR OTWELL: Yeah. That's what I would do. If it's, I mean, sometimes if it's low traffic and  you feel pretty certain no one's messed with the new database schema, then probably you can just roll back, but, I was just worried  in Forge's case that people are in there all day, I would lose data. So that's why I would every time possible to try and go forward. MATT STAUFFER: Yeah, that makes sense. TAYLOR OTWELL: I have actually stopped writing down methods in my migrations entirely recently...not that it's optional. JEFFREY WAY: I feel evil doing that! Like I very much get the argument...but, when I create a migration and I just ignore the down method, I feel like, I am just doing something wrong. I am still doing it right now. TAYLOR OTWELL: It's really mainly visible in Laravel 5.5 'cos you've got the new db:fresh method or db:fresh command, which just totally drops all the tables without running any down methods. MATT STAUFFER: I end up doing that manually all the time anyway because at least in development, the most often when I want to do refresh, it's often in context where I still feel comfortable modifying  old migrations..like basically, the moment I have run a migration in prod, I would never modify an old migration. The moment there is somebody else working on the project with me, I will never modify an old one unless I have to and it's just so important that I have to say hey, you know, lets go refresh. But often when I am just starting something out and I have got my first 6 migrations out, I will go back and  hack those things over and over again...I don't need to add a migration that has a single alter in it, when I can just go back and edit the thing. And in that context often, I change the migration and then I try to roll back, and sometimes I have changed it in such a way where the rollback doesn't work anymore. I rename the table or something like that... JEFFREY WAY: Right.... MATT STAUFFER: So fresh is definitely going to be a breath of fresh air. JEFFREY WAY: I do wish there was maybe a way to consolidate things, like when  you have a project that has been going on for a few years, you can end up in a situation where your migrations folder is huge...you just have so many. And it's like every time you need to boot it up, you are running through all of those and like you said sometimes, just the things you've done doesn't just quite work anymore and you can't rollback. It would be nice sometimes if you could just have like...like a reboot, like just consolidate all of these down to something very very simple. MATT STAUFFER: We did that with Karani I don't know if there is...there is a tool that we used that helps you generate Laravel migrations from Schema and we did it soon after we had migrated from Codeigniter to Laravel for our database access layer. Karani is a Codeigniter app where I eventually started bringing in Laravel components and then now, the actual core of the app is in Laravel and there is just like a third of the route that are still on Codeigniter that havent been moved over and once we got to the point where half of our migrations were Codeigniter and half of them were in Laravel it's just such a mess so we found this tool...whatever it was. We exported the whole thing down to a single migration, archived all the old ones,  I mean, we have them on git if we ever need them and now, there is just one..you know, one date from where you just get this massive thing, and then all of our migrations happen kind of, from that date. And for me, I actually feel more free to do that when it's in production because the moment it's in production, I have less concern about being able to speed it up through this specific process because like if something is from two months ago, I am sure it had already has been run in production and so I feel less worry about making sure the history of it still sticks around... JEFFREY WAY: Alright...right... MATT STAUFFER: Alright...so the next question we have coming up is, "I will like to hear about how you all stay productive." And we've talked on and off at various times about what we use..I know we've got us some Todoist love and I know we've got some WunderList  love...hummm... I've have some thoughts about Calendar versus Todo lists and I also saw something about Microsoft buying and potentially ruining Wunderlist..so what do y'all use and what happened with Wunderlist. TAYLOR OTWELL: Well, Todo lists are dead now that Wunderlist is dead. MATT STAUFFER: Yeah...So what happened? TAYLOR OTWELL: Wunderlist was my preferred todo list, I just thought it looked pretty good...and Microsoft bought them I think, that was actually little while back that they bought them but now they have finally announced what they are actually doing with it...they are basically shutting down Wunderlist and turning it into Microsoft Todo...which doesn't look a lot like the old Wunderlist and doesn't have some of the features of the old Wunderlist...but it looked ok..you know, it seems fun, so what I have done is migrated to Todoist rather reluctantly but it's working out ok. JEFFREY WAY: Please correct me...is this funny like, Wunderlist is gonna be around for a very long time but just the idea that they are shutting down it's almost like you feel compelled...we've talked about this with other things too...where it's like you suddenly feel like oh I need to migrate...we talked about it with Sublime, like if we find out tomorrow, Sublime is dead in the water. But you can still use it as long as you want. Even though, it would still work great, you would have this feeling like well, I gotta get over to Atom or I gotta start moving on...'cos this place is dead, even though Wunderlist is gonna work for a long time. TAYLOR OTWELL: Yes...laughs...as soon as it was announced, I basically deleted Wunderlist off my computer... All laugh.... TAYLOR OTWELL: Which makes no sense, but it's so true... MATT STAUFFER: I needed a new router and everyone told me, you use the Apple Routers 'cos they are the best...but I have heard they are 'end-of-life'd'....and I was like no way...no way I am gonna throw all my money there and someone say well, why does it matter...you know...you are gonna buy a router and you are gonna use it till it dies? And I said I don't care...I am gonna buy something else 'cos it just...I don't know...it's just like you are putting your energy and your effort after something that can't...you know can only be around for so long and you just want..you want be working with something that's gonna last I guess... JEFFREY WAY: Yeah...I am still on Wunderlist right now. I am hearing...humm..if you guys are familiar with "Things" that was like the big Todo app years ago...and then they have been working on Things 3 or third version for a year...it's been so long, that people joke about it..you know, it's almost like that...new version of..humm..what was it...there was hummm...some Duke Nukem game that.... TAYLOR OTWELL: Is it Duke Nukem Forever..? JEFFREY WAY: Yes! For like 10 or fifteen years and it finally came out! It's looking like next month, "Things 3" will be out and I am hearing it..like the prettiest ToDo app ever made I am hearing really good things. So, I was hoping to get in on the beta but, they skipped over me. So, I will experience it in May but I am excited about it. So, that's the next one..but you know what, I am never happy with Todo apps..I don't know why. It's kinda of weird addiction...if you say an item address basic need...even like a Microsoft Todo. Ok, your most basic need would be to like say...Go to the market on Thursday. You can't do that in Microsoft Todo. You have to manually like set the due date to Thursday. Rather than just using human speech. TAYLOR OTWELL: Have you tried Todoist? JEFFREY WAY: Todoist works that way. Huh I think Wunderlist works that way but now, Microsoft Todo doesn't. MATT STAUFFER: Oh ok..got it. You lost that ability right? JEFFREY WAY: Yeah, it's so weird like every task app would have something that's really great and then other basic things that are completely missing...and it's been that way for years. MATT STAUFFER: I always feel bad, I mean I bought things...thankfully I managed to skip...what was that thing...OminiFocus, I skipped OminiFocus which is good 'cos that is hundreds of dollars saved for me. And I tried...I tried all these different things and I finally figured out that  there is a reason why I keep jumping from one to the other, is because..for me...this is not true for everybody...and I think it might have to do with personality a little bit...and the industry a little bit, and what your roles are whatever, Todo lists are fundamentally flawed because they are not the way I approach the day...and they are not the place my brain is...so, I can force my brain into a new paradigm for even a week at a time but I have never been able to stick with it and it's not the app, I thought it was the app, I thought just once I get the right app, I will become a todolist person and I realized, I am not a Todolist person so I can try every app and it can be perfect and I will still just stop using it 'cos it's not what I think about. And when I discovered that I can't use and then later found some articles talking about how I am not the only person who come up with this...that validated me...'cos I put it on my calendar and so, if I need to do something, I put it on my calendar and then it gets done. And if I don't put it on my calendar, it doesn't get done. End of story. It's so effective for me that my wife knows at this point that if she asks me to do something and I don't immediately pick up my phone and put it on my calendar, she knows it's not gonna get done. Because that's..that's how things happen and so, it's amazing to me, that..laughs...she literarily, when she first started discovering this, she sent..and she's not not super technical..like she's smart, she just doesn't like computers all that much...but she knows how to use google..and so, she, when she first discovered this, she sent me a calendar invite that is "Matt Clean Toilet"...and it's for 8 hours every Sunday and so, I will be on a screenshare..'cos she's like that's how I am ever going to clean the toillet right?...so I will be on this screenshare with a client and I will pull up my calendar and to say hey when is it a good time for us to have this meeting? And I will be like..oh "Matt Clean Toilet" takes the 8 hours....laughs... But for me, my todo list is my calendar. And everyone kinda in the company knows what my calendar is completely for and Dan actually has asked me to start marking those things as not busy, so, Calendly, our appointment app will still allow people to book...like clients to book times with me during that time..but like essentially, if I need to get something done, like, I..I need to review a whole bunch of pull requests, like Daniel who works with me literarily just put meeting invite on my calendar for tomorrow 10:30 and it says "Code Review @ Daniel". And literarily after this podcast, there is an hour that says "Code Review with James" because they know that that's how they get it....and there is...500 hundred emails in my inbox and all these other things I have to do, but if it goes to the calendar,  it gets done.  So, have you guys ever tried that? Does it sound like something that will click with you or no? JEFFREY WAY: I think it makes good sense for you because it sounds like your days are scheduled like your day is full..humm...my day isn't quite as much like do this with so and so, I don't have as many meetings. So, most of my day is like: these are the things I wanna get done. And it doesn't matter whether I do it at 9:AM or 9:PM, so, Todo list works good for me but yeah..I can see how like if my day was very segmented and scheduled that would make far more sense than reaching for some todo app. TAYLOR OTWELL: Yeah..my days are usually pretty free-form outside of the kinda standard schedule where I always do emails and pull requests first thing in the morning but then after that lately it's been...you know..was work on Horizon..now it's work on the thing that comes after Horizon, and that's pretty much the rest of the day, you know, besides whatever Laracon stuff that I have to do recently, which is more of a seasonal thing you know. But I got lunch, all booked, that's done...but whatever we need, you know, furniture, catering or whatever. But yeah, then I pretty much just work on one thing throughout the day. So, I don't really switch context like that a lot. But I was so despondent at the Wunderlist announcement that all Friday afternoon I wrote a chrome extension that when you open  new tab, it opens "Discussing Todo List" that I wrote in VueJs and you know HTML and it uses the chrome sync to sync it across my chrome account to all my laptops whatever...so... every new tab has a todo list, but even that, I was still not happy with it and deleted it and the whole afternoon went with the todo list. Anyway, but I have forgotten about the Chrome extension thing. I need to open source it. MATT STAUFFER: Every developer has to make their own Todo list at some point in their lives. TAYLOR OTWELL: Yeah. That's interesting about the calendar though...I want to get Calendly because it looks like a really cool app and try some more calendar stuff 'cos I haven't really dug into that as much as I could. MATT STAUFFER: Yeah...I use basic Calfor my desktop app, I know that, I  think I use Fantastic Cal on the phone or something..a lot of people love that...the thing that we like about Calendly is that it gives me a public link that syncs up to my Google calendar and so when we need to schedule things like we are in the middle of hiring right now or client meetings, I just send them to my calendly link and I just say, go here and  schedule time with me and it syncs up with my Google calendar and it shows them all the times and I can say..go schedule a 60 minutes meeting and I give them the 60 minutes link or 5 minutes or whatever and you can put different rules around each. So I teach calendly when do I drop my son off at school and when do I ...you know drive from my home office to my work office all that kind of stuff...so that it knows when I am available and then..because we just wasted so much time between Dan and me trying to get our calendars in sync. So, that's what I love about Calendly. TAYLOR OTWELL: What really sold you on basic Cal over like you know just Apple Calendar or whatever? MATT STAUFFER: I wish I can tell you...I know that it handles multiple calendars better...but it's been so long since I made that choice that I couldn't even tell you. I know that Dan, my business partner hates calendars more than any person I have ever met and almost every time he complains about something, I am like oh yeah, you can do that with Basic Cal and he is like "I still use Apple Calendars" I know those things but I can't tell you what they are..so. Alright...so one last question before we go for the day. Saeb asked "It would be nice to hear why are guys are programmers. Is it just something you love and enjoy or is it just a way to put bread on the table? Is it passion what is it that makes you wanna be a programmers?" JEFFREY WAY: I will go first. I fell into it. I think we are being disingenuous if we don't say that to some extent...but  I know even from when I was a kid, I love the act of solving puzzles. I remember I had this Sherlock Holmes book and it's one of those things where every single page is some little such and such happens...somebody was murdered and then Sherlock comes, points to so and so and says you are the  person who did it. And the last sentence is always..."How did he know?!" And that was like my favorite book. I would go through it every day and try to figure out how  how did he figure out that this was the guy who...you know...robbed the bank or whatever it happened it be. So, between that or I play guitar for over a decade and I went to school for that. It's all still the same thing of like trying to solve puzzles trying to solve riddles trying to figure out how to connect these things. You may not know it with guitar but the same thing is true, like puzzles and you start learning about shapes on the guitar and how to transpose this to this. And how to play this scale in eight different ways...it's still like the same  thing to me it's figuring out how to solve these  little puzzles. And so for programming, I feel like it's the perfect mix of all of that. There needs to ne some level of creativity involved for me to be interested in it....I always worried I would end up in a job where I just did the same and only this thing every single day. And I would finish the day and come back tomorrow and I am gonna do the exact same thing all over again. So there needs to be some level of creativity there which programming does amazingly well or offers amazingly well. Although my mum would never know. I think she thinks I gave up on music and went to this like boring computer job...and even though when I explain to her like no there is huge amounts of creativity in this I don't think she quite makes the connection of how that is. So, yeah, between the creativity and solving puzzles, and making things, it's a perfect mix for my personality. TAYLOR OTWELL: I was always really into computers and games and stuffs growing up, so it was pretty natural for me to major you know in IT in college but I didn't really get exposed to the sort of the front side of programming and open source stuff until after college when I started poking around on side projects and stuff like that. So, I did kind of fall into this side of programming you know, where, you are programming for fun as a hobby and working on open source after I graduated but I was always kind of interested in looking back sort of things that are similar to programming so like into games like SimCity and stuff like that where you are planning out you know, your city and sort of...one of the similar things you do when you are building up big projects or whatever a big enterprise project you know was sort of planning and trying to get... just the right structure whatever, so I was kinda always into that thing. And just sort of naturally fall into that path later in life. MATT STAUFFER: I...my brother and I started a bulletin boards service...out of our spare bedroom, I mean we were in Elementary or middle school or something like that..and he is 3 and half years older than me and he is a little bit more kind of like intellectual  than I am, so, he learned how to code the things and he said why don't you be the designer. And that kind of trend just kept up. When he learned how to make websites, he be like well, I am gonna make websites and you be the designer. And so I kinda had this internalized idea that A...I was interested in tech..but B, I was the design mind. And the thing is, I am not a very good designer...like the only reason I kept getting into design is because I had like... I was creative, I was a musician and stuff but also because my brother already had the programming skills down and so he needs a designer right? And so, I think that I went off to college, by that point I already had a job as a programmer, I already had my own clients, doing you know frontend web developments and basic PHP, Wordpress that kind of stuff but I was like well I need to become a better designer so I went off to college for design and I just realized I am not a designer, so I left. And I went off and I did English and I worked with people and I worked for a non-profit having thought you know like oh that is not my thing and then I kinda did a turn round when I left the non-profit, my wife went back to school and I needed to pay the bills, so it was..there is an element of paying the bills..I say like well I know that web development pays well, so I will go back to that. And just discovered that I love web development...it is fulfilling and it is satisfying...it is creative...it's using your brain in all this really interesting ways...each one it's a little bit the same, a little bit unique, there is always really great things about it...I mean I remember one of the things that drove me nuts about my previous work..both in design and in working in the non-profit is that there is no sense like whether you did a good job or not. There is no sense of when something is done. You are just very kinda of vague and vacuous and with this, it's like there is a defined challenge...and you know when it's done. And you know whether you did a good job or not. And I was just like that was huge...that was so foundationally helpful for me. And so I think just kind of being able to approach it and realize that it's creative..like, it's creative and it is well defined..it's a little concrete..it's a challenge all those things together I think for me..and it turns out that it wasn't just a way to make money and I have also since discovered now that I run a company that I also have all the people aspects here..it's about relationship, it's about communities...I mean we have talked about that a lot in this episode and running a company is about  hiring and  company culture and all those kind of stuff... So I get to comment especially at the level of tech that I get to do day to day whether it's open source or running company I feel like it's all of the best together in one word. JEFFREY WAY: So Matt, how did you go from taking on smaller projects when you went back to web developments to suddenly running Tighten? Like how did you get there? What happened? Were you getting more projects than you can handle? MATT STAUFFER: The opposite. I...I had no work. I worked out of a co-working space in Chicago and I only had about 10 hours a day, fifteen hours day filled because I didnt know anybody. And I had not been doing anything in the industry for 6 years. So, I said, you know what? When I worked for non-profit there was this need I had and I still worked for those non-profit's per time at that point, so I just started building an app...I built an app by hand while I worked for the non-profit in PHP and it was terrible. And I was like oh, I have heard about this framework thing, and so I tried building it in CakePHP and it was terrible, and so, those experiences matured me a little bit...and so by the time I was now kinda going solo as a developer, every free moment I would have, outside of the you know, the contract work I had, I would go learn Codeigniter. You know my buddy Matt had learned ExpressionEngine and said hey, checkout Codeigniter I think you might like it. So I learned Codeigniter and I did all these work in Codeigniter and I built  this whole app which is Karani, the thing we are talking about today and I built Karani and I made it for myself and then my friends wanted it and so then I made it for my friends and then it was costing me money to upkeep, so I learned how to charge them money..and Stripe was brand new at that point, so I almost went with Stripe but I ended up going with BrainTree...I got into like big and software as a service app development through there...and right at that same time... I was teaching my buddy all about modern web development HTML5 boiler plate all that kind of stuff after work one day and this guy walked over...the one guy in my co-working space that I had never met, who was always in his closed office and he was like, are you a developer? Are you looking for work? I was like yeah..and he was like..I need you...would you consider working for me? I played it all cool but I was like YES..PLEASE I NEED WORK!!! I only have 10 hours of work a week right now. And it was Dan... And so, Dan and I worked together on this massive project for a year and the client took 6 months to actually get the work ready for us. And he already had me booked  and he already had me billed and he was why don't you just go learn become the best possible developer you can..I will throw you know, 30 hours a week jobs just off my various you know various projects...but in all your free time and even in those projects, just learn to become the absolute best, because we were working for, you know, this massive billion dollar international company at that point. And responsive was like  just a thought in people's minds. So, I wrote you know, articles and I created responsive libraries back in the early days of responsive and all those kind of stuff and I was like really up in the middle of it. And then we built this app. So, I had like a lot of kind of things that took me very quickly from like hey I haven't written any code or any professional code  in 6 years to like to the point where I was ready to build an app for this billion dollar company. JEFFREY WAY: That was amazing. That is how learn best too. MATT STAUFFER: It really is..and Dan and I loved working together so well that within 6 months we decided to go into business together and 6 months or a year later, we named it Tighten and the rest is history. MATT STAUFFER: And so, we are super late and Jeffery, you are the one who has to edit this all later, so I apologize for that..so Ok. Future Jeffery, editing this, I am going to do you a favor, call it a day for now so..guys...it's been a ton of fun..everyone who submitted questions to us on Twitter, the ones we didn't get to today, they are still on our trailer board, we will get to some of them next time... But keep sending us stuff for us to talk about and like I said, the Laravel news podcast is doing a fantastic job of keeping you up to date on regular basis with news so definitely tune in there for that...but we are gonna be talking about more long form stuffs  when you got questions for us, send them to us either to our personal accounts or twitter account..for the podcast and we will try to get to them whenever we can..so, until next time..it's Laravel Podcast thanks for listening. MUSIC fades out...

John and Dave start today's show answering listener questions about Lion's new versioning features and what that means for the way you interact with documents for affected apps. Then it's off to migration land, helping a few users with their issues doing so. Cool Stuff Found helps to solve the […]