POPULARITY
Categories
GitHub is advocating for a European Union Sovereign Tech Fund to help pay the open source software developers building and maintaining software relied upon by economies and societies just like any other necessary infrastructure like roads and bridges.Apple gets called out by the Open Web Advocacy group saying its technical rules and restrictions are blocking other browser vendors from successfully offering their own search engines to iOS users in the EU.Last episode we talked about Amazon's new AI coding editor Kiro, and this week, we learned about a feature called Agent Hooks which let users write automation tools that agents can use within the IDE to do predefined actions like maintaining code quality, checking for security vulnerabilities, standardizing and enforcing team processes, and more. Think of it like pre-commit hooks but with AI behind them!Timestamps:0:51 - GitHub is advocating for an EU tech fund9:21 - An update on non-WebKit browsers on iOS15:30 - Kiro's agent hooks26:28 - Kilo Code28:35 - eslint-config-prettier got hacked33:15 - @media(hover: hover)36:05 - What's making us happyLinks:Paige - GitHub is advocating for an EU Sovereign Tech FundJack - Kiro's Agent HooksTJ - An update on non-WebKit browsers on iOSKilo Code - open source AI agent VS Code extension (not to be confused with the Kiro fork)Popular npm package eslint-config-prettier got hacked@media(hover:hover)Paige - Relax Meditation appJack - Physical books like the Annihilation seriesTJ - Apple Watch series 10Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
International law enforcement arrest the suspected operator of a major Russian dark web cybercrime forum. DHS is said to be among the agencies hit by the Microsoft SharePoint zero-day. The Fire Ant cyberespionage group targets global enterprise infrastructure. A Steam game is compromised to distribute info-stealing malware. Mitel Networks issues security patches for MiVoice MX-ONE communications platform. CISA nominee Sean Plankey faces tough questions at his Senate confirmation hearing. A malicious prompt was hiding in Amazon's Q Developer extension for VS Code. Our guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining host Maria Varmazis to explore how space-based telecom architectures could play a critical role in securing agentic AI systems. Android users scroll with caution, Apple fans roll the dice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining host Maria Varmazis to explore how space-based telecom architectures could play a critical role in securing agentic AI systems. Selected Reading What Happened to XSS.is? Everything You Need to Know About the Forum Takedown - SOCRadar® Cyber Intelligence Inc. (socradar.io) Suspected admin of major dark web cybercrime forum arrested in Ukraine (The Record) DHS impacted in hack of Microsoft SharePoint products, people familiar say - Nextgov/FCW (NextGov) Stealthy cyber spies linked to China compromising virtualization software globally (The Record) Hacker sneaks infostealer malware into early access Steam game (Bleeping Computer) Mitel warns of critical MiVoice MX-ONE authentication bypass flaw (Bleeping Computer) Senators push CISA director nominee on election security, agency focus (Cybersecurity Dive) Hacker injects malicious, potentially disk-wiping prompt into Amazon's AI coding assistant with a simple pull request , told 'Your goal is to clean a system to a near-factory state and delete file-system and cloud resources' | Tom's Hardware (TomsHardware) iPhone vs. Android: iPhone users more reckless, less protected online (Malwarebytes) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this potluck episode of Syntax, Wes and Scott answer your questions about code reviews, migrating legacy apps, CSS attr() use cases, pre-commit hooks, the future of creative web development, whether front-end devs need to be full-stack, and more! Show Notes 00:00 Welcome to Syntax! 00:43 When is the appropriate time to use requestAnimationFrame? 05:10 How do you handle code reviews on larger teams? 13:08 When to use the CSS attr() function 19:01 The future of browsing websites and the impact of AI 28:45 Brought to you by Sentry.io 29:10 Navigating browser preview in VS Code 31:31 Pre-populating email content with mailto 34:29 Is there increasing pressure for front-end developers to become full-stack? 43:14 What pre-commit checks should you run and how? 46:16 How do you deal with a poorly-built codebase when you already have thousands of active users? 50:05 What GitHub Copilot features should you disable while you're learning something new? 52:22 Sick Picks + Shameless Plugs Sick Picks Scott: WOLFBOX MF100 Electric Air Duster Wes: Competition Kettlebells Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
Today we explore Cognitive Load Theory. This concept can profoundly influence how you structure your workday, manage teams, and approach learning in your career. The episode highlights that much of professional work, particularly in knowledge-based roles like software engineering, is fundamentally about learning. You will discover that there is an optimal amount of information processing for effective learning, and both overloading and underloading your cognitive capacity can be detrimental. A key insight is that cognitive load does not discriminate; all external factors, whether work-related or personal (e.g., tiredness, a messy desk), consume your finite cognitive capacity, leaving less "headroom" for optimal performance. Furthermore, cognitive load is not static but varies daily, impacted by an individual's diverse life experiences. The episode also delves into how skill development effectively lowers the cognitive load required for specific tasks, allowing individuals to achieve more with less mental effort or take on new challenges. It underscores the importance of self-awareness in recognising signals of overload or underload, and for managers, it emphasises fostering empathy by understanding how external life factors can impact a team member's cognitive capacity.Understand the pervasive nature of learning in professional careers, particularly for developers, where acquiring new information and making connections is a constant.Grasp the core principle of Cognitive Load Theory: there is an ideal level of information processing that maximises your learning ability. Both excessive (overload) and insufficient (underload) cognitive demands can negatively impact this learning rate.Recognise that your cognitive load does not differentiate between sources. This means that personal factors such as being tired, anticipating events, or even having a cluttered workspace contribute to your overall cognitive load, reducing your capacity for work-related tasks.Appreciate that an individual's cognitive load is not a fixed value; it fluctuates daily due to various life experiences.For managers, learn to proactively discuss cognitive load with your team members to help them operate at an appropriate engagement level. A simple way to initiate this conversation is by asking about their energy and positivity levels.Discover that while reducing non-value-producing cognitive load provides more mental overhead, it also carries the risk of underloading, which can lead to disengagement and reduced performance. The challenge lies in finding the optimal balance.Learn how developing skills and gaining experience reduces the cognitive load required to perform a task. This means you become more efficient and can accomplish the same outcomes with less mental effort, freeing up capacity for new learning or additional responsibilities.Consider career growth through the lens of cognitive load: it involves either increasing efficiency (doing more of the same with less load) or expanding your repertoire by taking on new types of cognitive load in parallel.Understand why managing your personal life is intrinsically linked to your career success (and vice versa), as cognitive load universally affects your capacity to learn and handle challenges.Build empathy by understanding that a person's capacity to perform difficult tasks can be significantly moderated by their current cognitive load, which may be influenced by challenging personal circumstances.Recognise task saturation as the point of cognitive overload where performance declines rapidly, as observed in flight training. Repeated exposure to this point, however, can lead to skill development that lowers the cognitive load for those specific tasks over time.Understand that multitasking often increases cognitive load due to switching costs, making it less efficient than sequential task completion.
James has been vibe coding a full production site completely with VS Code and walks us through his steps to get to production and almost to the point of accepting money from customers! Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm
If AI coding tools are here to stay, what form will they take? How will we use them? Will they be just another window in our IDE, will they push their way to the centre of our development experience, displacing the editor? No one knows, but Zach Lloyd is making a very interesting bet with the latest version of Warp.In this deep dive, Zach walks us through the technical architecture behind agentic development, and how it's completely changed what he & his team have been building. Warp has gone from a terminal built from scratch, to what they're calling an "agentic development environment" - a tool that weaves AI agents, a development, a shell and a conversation into a single, unified experience. This may be the future or just one possible path; regardless it's a fascinating glimpse into how our tools might reshape not just how we code, but how we experience programming itself.Whether you're all-in on agentic coding, a skeptic, or somewhere in between, AI is here to stay. Now's the time to figure out what form it's going to take.# Support Developer Voices- Patreon: https://patreon.com/DeveloperVoices- YouTube: https://www.youtube.com/@DeveloperVoices/join-- Episode Links- Warp Homepage: https://warp.dev/- Warp Pro Free Month (promo code WARPDEVS25): https://warp.dev/- Previous Warp Episode: https://youtu.be/bLAJvxUpAcg- SWE-bench: https://www.swebench.com/- TerminalBench: https://github.com/microsoft/TerminalBench- Model Context Protocol (MCP): https://modelcontextprotocol.io/- Claude Code: https://claude.ai/code- Anthropic Claude: https://claude.ai/- VS Code: https://code.visualstudio.com/- Cursor: https://cursor.sh/- Language Server Protocol (LSP): https://microsoft.github.io/language-server-protocol/# Connect- Zach on LinkedIn: https://www.linkedin.com/in/zachlloyd/- Kris on Bluesky: https://bsky.app/profile/krisajenkins.bsky.social- Kris on Mastodon: http://mastodon.social/@krisajenkins- Kris on LinkedIn: https://www.linkedin.com/in/krisjenkins/
Dans cet épisode, Emmanuel et Antonio discutent de divers sujets liés au développement: Applets (et oui), app iOS développées sous Linux, le protocole A2A, l'accessibilité, les assistants de code AI en ligne de commande (vous n'y échapperez pas)… Mais aussi des approches méthodologiques et architecturales comme l'architecture hexagonale, les tech radars, l'expert généraliste et bien d'autres choses encore. Enregistré le 11 juillet 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-328.mp3 ou en vidéo sur YouTube. News Langages Les Applets Java c'est terminé pour de bon… enfin, bientot: https://openjdk.org/jeps/504 Les navigateurs web ne supportent plus les applets. L'API Applet et l'outil appletviewer ont été dépréciés dans JDK 9 (2017). L'outil appletviewer a été supprimé dans JDK 11 (2018). Depuis, impossible d'exécuter des applets avec le JDK. L'API Applet a été marquée pour suppression dans JDK 17 (2021). Le Security Manager, essentiel pour exécuter des applets de façon sécurisée, a été désactivé définitivement dans JDK 24 (2025). Librairies Quarkus 3.24 avec la notion d'extensions qui peuvent fournir des capacités à des assistants https://quarkus.io/blog/quarkus-3-24-released/ les assistants typiquement IA, ont accès a des capacités des extensions Par exemple générer un client à partir d'openAPI Offrir un accès à la,base de données en dev via le schéma. L'intégration d'Hibernate 7 dans Quarkus https://quarkus.io/blog/hibernate7-on-quarkus/ Jakarta data api restriction nouvelle Injection du SchemaManager Sortie de Micronaut 4.9 https://micronaut.io/2025/06/30/micronaut-framework-4-9-0-released/ Core : Mise à jour vers Netty 4.2.2 (attention, peut affecter les perfs). Nouveau mode expérimental “Event loop Carrier” pour exécuter des virtual threads sur l'event loop Netty. Nouvelle annotation @ClassImport pour traiter des classes déjà compilées. Arrivée des @Mixin (Java uniquement) pour modifier les métadonnées d'annotations Micronaut sans altérer les classes originales. HTTP/3 : Changement de dépendance pour le support expérimental. Graceful Shutdown : Nouvelle API pour un arrêt en douceur des applications. Cache Control : API fluente pour construire facilement l'en-tête HTTP Cache-Control. KSP 2 : Support de KSP 2 (à partir de 2.0.2) et testé avec Kotlin 2. Jakarta Data : Implémentation de la spécification Jakarta Data 1.0. gRPC : Support du JSON pour envoyer des messages sérialisés via un POST HTTP. ProjectGen : Nouveau module expérimental pour générer des projets JVM (Gradle ou Maven) via une API. Un super article sur experimenter avec les event loops reactives dans les virtualthreads https://micronaut.io/2025/06/30/transitioning-to-virtual-threads-using-the-micronaut-loom-carrier/ Malheureusement cela demander le hacker le JDK C'est un article de micronaut mais le travail a ete collaboratif avec les equipes de Red Hat OpenJDK, Red Hat perf et de Quarkus et Vert.x Pour les curieux c'est un bon article Ubuntu offre un outil de creation de container pour Spring notamment https://canonical.com/blog/spring-boot-containers-made-easy creer des images OCI pour les applications Spring Boot basées sur Ubuntu base images bien sur utilise jlink pour reduire la taille pas sur de voir le gros avantage vs d'autres solutions plus portables d'ailleurs Canonical entre dans la danse des builds d'openjdk Le SDK Java de A2A contribué par Red Hat est sorti https://quarkus.io/blog/a2a-project-launches-java-sdk/ A2A est un protocole initié par Google et donne à la fondation Linux Il permet à des agents de se décrire et d'interagir entre eux Agent cards, skills, tâche, contexte A2A complémente MCP Red hat a implémenté le SDK Java avec le conseil des équipes Google En quelques annotations et classes on a un agent card, un client A2A et un serveur avec l'échange de messages via le protocole A2A Comment configurer mockito sans warning après java 21 https://rieckpil.de/how-to-configure-mockito-agent-for-java-21-without-warning/ les agents chargés dynamiquement sont déconseillés et seront interdis bientôt Un des usages est mockito via bytebuddy L'avantage est que la,configuration était transparente Mais bon sécurité oblige c'est fini. Donc l'article décrit comment configurer maven gradle pour mettre l'agent au démarrage des tests Et aussi comment configurer cela dans IntelliJ idea. Moins simple malheureusement Web Des raisons “égoïstes” de rendre les UIs plus accessibles https://nolanlawson.com/2025/06/16/selfish-reasons-for-building-accessible-uis/ Raisons égoïstes : Des avantages personnels pour les développeurs de créer des interfaces utilisateurs (UI) accessibles, au-delà des arguments moraux. Débogage facilité : Une interface accessible, avec une structure sémantique claire, est plus facile à déboguer qu'un code désordonné (la « soupe de div »). Noms standardisés : L'accessibilité fournit un vocabulaire standard (par exemple, les directives WAI-ARIA) pour nommer les composants d'interface, ce qui aide à la clarté et à la structuration du code. Tests simplifiés : Il est plus simple d'écrire des tests automatisés pour des éléments d'interface accessibles, car ils peuvent être ciblés de manière plus fiable et sémantique. Après 20 ans de stagnation, la spécification du format d'image PNG évolue enfin ! https://www.programmax.net/articles/png-is-back/ Objectif : Maintenir la pertinence et la compétitivité du format. Recommandation : Soutenu par des institutions comme la Bibliothèque du Congrès américain. Nouveautés Clés :Prise en charge du HDR (High Dynamic Range) pour une plus grande gamme de couleurs. Reconnaissance officielle des PNG animés (APNG). Support des métadonnées Exif (copyright, géolocalisation, etc.). Support Actuel : Déjà intégré dans Chrome, Safari, Firefox, iOS, macOS et Photoshop. Futur :Prochaine édition : focus sur l'interopérabilité entre HDR et SDR. Édition suivante : améliorations de la compression. Avec le projet open source Xtool, on peut maintenant construire des applications iOS sur Linux ou Windows, sans avoir besoin d'avoir obligatoirement un Mac https://xtool.sh/tutorials/xtool/ Un tutoriel très bien fait explique comment faire : Création d'un nouveau projet via la commande xtool new. Génération d'un package Swift avec des fichiers clés comme Package.swift et xtool.yml. Build et exécution de l'app sur un appareil iOS avec xtool dev. Connexion de l'appareil en USB, gestion du jumelage et du Mode Développeur. xtool gère automatiquement les certificats, profils de provisionnement et la signature de l'app. Modification du code de l'interface utilisateur (ex: ContentView.swift). Reconstruction et réinstallation rapide de l'app mise à jour avec xtool dev. xtool est basé sur VSCode sur la partie IDE Data et Intelligence Artificielle Nouvelle edition du best seller mondial “Understanding LangChain4j” : https://www.linkedin.com/posts/agoncal_langchain4j-java-ai-activity-7342825482830200833-rtw8/ Mise a jour des APIs (de LC4j 0.35 a 1.1.0) Nouveaux Chapitres sur MCP / Easy RAG / JSon Response Nouveaux modeles (GitHub Model, DeepSeek, Foundry Local) Mise a jour des modeles existants (GPT-4.1, Claude 3.7…) Google donne A2A a la Foundation Linux https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation/ Annonce du projet Agent2Agent (A2A) : Lors du sommet Open Source Summit North America, la Linux Foundation a annoncé la création du projet Agent2Agent, en partenariat avec Google, AWS, Microsoft, Cisco, Salesforce, SAP et ServiceNow. Objectif du protocole A2A : Ce protocole vise à établir une norme ouverte pour permettre aux agents d'intelligence artificielle (IA) de communiquer, collaborer et coordonner des tâches complexes entre eux, indépendamment de leur fournisseur. Transfert de Google à la communauté open source : Google a transféré la spécification du protocole A2A, les SDK associés et les outils de développement à la Linux Foundation pour garantir une gouvernance neutre et communautaire. Soutien de l'industrie : Plus de 100 entreprises soutiennent déjà le protocole. AWS et Cisco sont les derniers à l'avoir validé. Chaque entreprise partenaire a souligné l'importance de l'interopérabilité et de la collaboration ouverte pour l'avenir de l'IA. Objectifs de la fondation A2A : Établir une norme universelle pour l'interopérabilité des agents IA. Favoriser un écosystème mondial de développeurs et d'innovateurs. Garantir une gouvernance neutre et ouverte. Accélérer l'innovation sécurisée et collaborative. parler de la spec et surement dire qu'on aura l'occasion d'y revenir Gemini CLI :https://blog.google/technology/developers/introducing-gemini-cli-open-source-ai-agent/ Agent IA dans le terminal : Gemini CLI permet d'utiliser l'IA Gemini directement depuis le terminal. Gratuit avec compte Google : Accès à Gemini 2.5 Pro avec des limites généreuses. Fonctionnalités puissantes : Génère du code, exécute des commandes, automatise des tâches. Open source : Personnalisable et extensible par la communauté. Complément de Code Assist : Fonctionne aussi avec les IDE comme VS Code. Au lieu de blocker les IAs sur vos sites vous pouvez peut-être les guider avec les fichiers LLMs.txt https://llmstxt.org/ Exemples du projet angular: llms.txt un simple index avec des liens : https://angular.dev/llms.txt lllms-full.txt une version bien plus détaillée : https://angular.dev/llms-full.txt Outillage Les commits dans Git sont immuables, mais saviez vous que vous pouviez rajouter / mettre à jour des “notes” sur les commits ? https://tylercipriani.com/blog/2022/11/19/git-notes-gits-coolest-most-unloved-feature/ Fonctionnalité méconnue : git notes est une fonctionnalité puissante mais peu utilisée de Git. Ajout de métadonnées : Permet d'attacher des informations à des commits existants sans en modifier le hash. Cas d'usage : Idéal pour ajouter des données issues de systèmes automatisés (builds, tickets, etc.). Revue de code distribuée : Des outils comme git-appraise ont été construits sur git notes pour permettre une revue de code entièrement distribuée, indépendante des forges (GitHub, GitLab). Peu populaire : Son interface complexe et le manque de support des plateformes de forge ont limité son adoption (GitHub n'affiche même pas/plus les notes). Indépendance des forges : git notes offre une voie vers une plus grande indépendance vis-à-vis des plateformes centralisées, en distribuant l'historique du projet avec le code lui-même. Un aperçu dur Spring Boot debugger dans IntelliJ idea ultimate https://blog.jetbrains.com/idea/2025/06/demystifying-spring-boot-with-spring-debugger/ montre cet outil qui donne du contexte spécifique à Spring comme les beans non activés, ceux mockés, la valeur des configs, l'état des transactions Il permet de visualiser tous les beans Spring directement dans la vue projet, avec les beans non instanciés grisés et les beans mockés marqués en orange pour les tests Il résout le problème de résolution des propriétés en affichant la valeur effective en temps réel dans les fichiers properties et yaml, avec la source exacte des valeurs surchargées Il affiche des indicateurs visuels pour les méthodes exécutées dans des transactions actives, avec les détails complets de la transaction et une hiérarchie visuelle pour les transactions imbriquées Il détecte automatiquement toutes les connexions DataSource actives et les intègre avec la fenêtre d'outils Database d'IntelliJ IDEA pour l'inspection Il permet l'auto-complétion et l'invocation de tous les beans chargés dans l'évaluateur d'expression, fonctionnant comme un REPL pour le contexte Spring Il fonctionne sans agent runtime supplémentaire en utilisant des breakpoints non-suspendus dans les bibliothèques Spring Boot pour analyser les données localement Une liste communautaire sur les assistants IA pour le code, lancée par Lize Raes https://aitoolcomparator.com/ tableau comparatif qui permet de voir les différentes fonctionnalités supportées par ces outils Architecture Un article sur l'architecture hexagonale en Java https://foojay.io/today/clean-and-modular-java-a-hexagonal-architecture-approach/ article introductif mais avec exemple sur l'architecture hexagonale entre le domaine, l'application et l‘infrastructure Le domain est sans dépendance L‘appli spécifique à l'application mais sans dépendance technique explique le flow L'infrastructure aura les dépendances à vos frameworks spring, Quarkus Micronaut, Kafka etc Je suis naturellement pas fan de l'architecture hexagonale en terme de volume de code vs le gain surtout en microservices mais c'est toujours intéressant de se challenger et de regarder le bénéfice coût. Gardez un œil sur les technologies avec les tech radar https://www.sfeir.dev/cloud/tech-radar-gardez-un-oeil-sur-le-paysage-technologique/ Le Tech Radar est crucial pour la veille technologique continue et la prise de décision éclairée. Il catégorise les technologies en Adopt, Trial, Assess, Hold, selon leur maturité et pertinence. Il est recommandé de créer son propre Tech Radar pour l'adapter aux besoins spécifiques, en s'inspirant des Radars publics. Utilisez des outils de découverte (Alternativeto), de tendance (Google Trends), de gestion d'obsolescence (End-of-life.date) et d'apprentissage (roadmap.sh). Restez informé via les blogs, podcasts, newsletters (TLDR), et les réseaux sociaux/communautés (X, Slack). L'objectif est de rester compétitif et de faire des choix technologiques stratégiques. Attention à ne pas sous-estimer son coût de maintenance Méthodologies Le concept d'expert generaliste https://martinfowler.com/articles/expert-generalist.html L'industrie pousse vers une spécialisation étroite, mais les collègues les plus efficaces excellent dans plusieurs domaines à la fois Un développeur Python expérimenté peut rapidement devenir productif dans une équipe Java grâce aux concepts fondamentaux partagés L'expertise réelle comporte deux aspects : la profondeur dans un domaine et la capacité d'apprendre rapidement Les Expert Generalists développent une maîtrise durable au niveau des principes fondamentaux plutôt que des outils spécifiques La curiosité est essentielle : ils explorent les nouvelles technologies et s'assurent de comprendre les réponses au lieu de copier-coller du code La collaboration est vitale car ils savent qu'ils ne peuvent pas tout maîtriser et travaillent efficacement avec des spécialistes L'humilité les pousse à d'abord comprendre pourquoi les choses fonctionnent d'une certaine manière avant de les remettre en question Le focus client canalise leur curiosité vers ce qui aide réellement les utilisateurs à exceller dans leur travail L'industrie doit traiter “Expert Generalist” comme une compétence de première classe à nommer, évaluer et former ca me rappelle le technical staff Un article sur les métriques métier et leurs valeurs https://blog.ippon.fr/2025/07/02/monitoring-metier-comment-va-vraiment-ton-service-2/ un article de rappel sur la valeur du monitoring métier et ses valeurs Le monitoring technique traditionnel (CPU, serveurs, API) ne garantit pas que le service fonctionne correctement pour l'utilisateur final. Le monitoring métier complète le monitoring technique en se concentrant sur l'expérience réelle des utilisateurs plutôt que sur les composants isolés. Il surveille des parcours critiques concrets comme “un client peut-il finaliser sa commande ?” au lieu d'indicateurs abstraits. Les métriques métier sont directement actionnables : taux de succès, délais moyens et volumes d'erreurs permettent de prioriser les actions. C'est un outil de pilotage stratégique qui améliore la réactivité, la priorisation et le dialogue entre équipes techniques et métier. La mise en place suit 5 étapes : dashboard technique fiable, identification des parcours critiques, traduction en indicateurs, centralisation et suivi dans la durée. Une Definition of Done doit formaliser des critères objectifs avant d'instrumenter tout parcours métier. Les indicateurs mesurables incluent les points de passage réussis/échoués, les temps entre actions et le respect des règles métier. Les dashboards doivent être intégrés dans les rituels quotidiens avec un système d'alertes temps réel compréhensibles. Le dispositif doit évoluer continuellement avec les transformations produit en questionnant chaque incident pour améliorer la détection. La difficulté c'est effectivement l'évolution métier par exemple peu de commandes la nuit etc ça fait partie de la boîte à outils SRE Sécurité Toujours à la recherche du S de Sécurité dans les MCP https://www.darkreading.com/cloud-security/hundreds-mcp-servers-ai-models-abuse-rce analyse des serveurs mcp ouverts et accessibles beaucoup ne font pas de sanity check des parametres si vous les utilisez dans votre appel genAI vous vous exposer ils ne sont pas mauvais fondamentalement mais n'ont pas encore de standardisation de securite si usage local prefferer stdio ou restreindre SSE à 127.0.0.1 Loi, société et organisation Nicolas Martignole, le même qui a créé le logo des Cast Codeurs, s'interroge sur les voies possibles des développeurs face à l'impact de l'IA sur notre métier https://touilleur-express.fr/2025/06/23/ni-manager-ni-contributeur-individuel/ Évolution des carrières de développeur : L'IA transforme les parcours traditionnels (manager ou expert technique). Chef d'Orchestre d'IA : Ancien manager qui pilote des IA, définit les architectures et valide le code généré. Artisan Augmenté : Développeur utilisant l'IA comme un outil pour coder plus vite et résoudre des problèmes complexes. Philosophe du Code : Un nouveau rôle centré sur le “pourquoi” du code, la conceptualisation de systèmes et l'éthique de l'IA. Charge cognitive de validation : Nouvelle charge mentale créée par la nécessité de vérifier le travail des IA. Réflexion sur l'impact : L'article invite à choisir son impact : orchestrer, créer ou guider. Entraîner les IAs sur des livres protégés (copyright) est acceptable (fair use) mais les stocker ne l'est pas https://www.reuters.com/legal/litigation/anthropic-wins-key-ruling-ai-authors-copyright-lawsuit-2025-06-24/ Victoire pour Anthropic (jusqu'au prochain procès): L'entreprise a obtenu gain de cause dans un procès très suivi concernant l'entraînement de son IA, Claude, avec des œuvres protégées par le droit d'auteur. “Fair Use” en force : Le juge a estimé que l'utilisation des livres pour entraîner l'IA relevait du “fair use” (usage équitable) car il s'agit d'une transformation du contenu, pas d'une simple reproduction. Nuance importante : Cependant, le stockage de ces œuvres dans une “bibliothèque centrale” sans autorisation a été jugé illégal, ce qui souligne la complexité de la gestion des données pour les modèles d'IA. Luc Julia, son audition au sénat https://videos.senat.fr/video.5486945_685259f55eac4.ia–audition-de-luc-julia-concepteur-de-siri On aime ou pas on aide pas Luc Julia et sa vision de l'IA . C'est un eversion encore plus longue mais dans le même thème que sa keynote à Devoxx France 2025 ( https://www.youtube.com/watch?v=JdxjGZBtp_k ) Nature et limites de l'IA : Luc Julia a insisté sur le fait que l'intelligence artificielle est une “évolution” plutôt qu'une “révolution”. Il a rappelé qu'elle repose sur des mathématiques et n'est pas “magique”. Il a également alerté sur le manque de fiabilité des informations fournies par les IA génératives comme ChatGPT, soulignant qu'« on ne peut pas leur faire confiance » car elles peuvent se tromper et que leur pertinence diminue avec le temps. Régulation de l'IA : Il a plaidé pour une régulation “intelligente et éclairée”, qui devrait se faire a posteriori afin de ne pas freiner l'innovation. Selon lui, cette régulation doit être basée sur les faits et non sur une analyse des risques a priori. Place de la France : Luc Julia a affirmé que la France possédait des chercheurs de très haut niveau et faisait partie des meilleurs mondiaux dans le domaine de l'IA. Il a cependant soulevé le problème du financement de la recherche et de l'innovation en France. IA et Société : L'audition a traité des impacts de l'IA sur la vie privée, le monde du travail et l'éducation. Luc Julia a souligné l'importance de développer l'esprit critique, notamment chez les jeunes, pour apprendre à vérifier les informations générées par les IA. Applications concrètes et futures : Le cas de la voiture autonome a été discuté, Luc Julia expliquant les différents niveaux d'autonomie et les défis restants. Il a également affirmé que l'intelligence artificielle générale (AGI), une IA qui dépasserait l'homme dans tous les domaines, est “impossible” avec les technologies actuelles. Rubrique débutant Les weakreferences et le finalize https://dzone.com/articles/advanced-java-garbage-collection-concepts un petit rappel utile sur les pièges de la méthode finalize qui peut ne jamais être invoquée Les risques de bug si finalize ne fini jamais Finalize rend le travail du garbage collector beaucoup plus complexe et inefficace Weak references sont utiles mais leur libération n'est pas contrôlable. Donc à ne pas abuser. Il y a aussi les soft et phantom references mais les usages ne sont assez subtils et complexe en fonction du GC. Le sériel va traiter les weak avant les soft, parallel non Le g1 ça dépend de la région Z1 ça dépend car le traitement est asynchrone Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-19 juillet 2025 : DebConf25 - Brest (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/
An airhacks.fm conversation with Maurice Naftalin (@mauricenaftalin) about: experiences with Visual Age for Java and its visual programming approach with arrows connecting components, working on British Department of Health and Social Security project using Visual Age for Java for benefits system navigation, comparison of various Java IDEs including Visual J++, Sun Java Workshop, JBuilder, Eclipse, NetBeans, IntelliJ IDEA, and Visual Studio Code, advantages of VS Code for polyglot programming and its growing ecosystem, visual programming experiences with state charts for reactive systems, IBM Rational tools and UML integration, successful visual programming with NetBeans Matisse GUI builder and AWS Step Functions, Model Driven Architecture and code generation from UML diagrams, writing Java Generics and Collections book with Philip Wadler for Java 5 and updating it for a second edition, changes in Java idioms over 15 years including deprecation of wrapper class constructors, sequence collections as major addition to Java collections framework, PECS (Producer Extends Consumer Super) principle for generics, underappreciated Java collections like NavigableMap, preference for method references and keeping lambdas concise in streams, using Class::method notation instead of Class.method, Scottish countryside and Edinburgh living experiences, early internet challenges with 300 baud acoustic couplers influencing views on network distribution versus CD-ROMs, transition from safety-critical systems to Java training and consulting, importance of understanding bounded wildcards in generics, future impact of Project Valhalla on generics and collections Maurice Naftalin on twitter: @mauricenaftalin
Frank has explored the VS Code AI Chat Agent Mode code base. We discuss. Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm
From dreaming of driving a bus to leading database engineering at Microsoft. In Episode 29 of Talking Postgres with Claire Giordano, Shireesh Thota traces his path to becoming CVP of Azure databases—rooted in a love of math, early BASIC programming, and a certainty that he'd become an engineer. We dig into the shift from engineer to manager (if only people came with documentation); why it's so important for Microsoft to contribute to the PostgreSQL open source project—not just consume it; and whether Shireesh has a favorite database (hint: it better be Postgres.)Links mentioned in this episode:Blog post excerpt: Why we have a Postgres open source contributor team at MicrosoftPodcast episode: Leading engineering for Postgres on Azure with Affan DarVS Code Marketplace: New VS Code extension for PostgreSQLPOSETTE 2025 talk: Introducing Microsoft's VS Code extension for Postgres by Matt McFarlandLinkedIn post: PGConf.dev 2025 talk on “The trouble with extensions” by Marco SlotPodcast episode: How I got started as a developer (& in Postgres) with David RowleyBook: Who Moved My CheeseCal invite: LIVE recording of Ep30 of Talking Postgres to happen on Wed Aug 6, 2025
Our last AI PhD grad student feature was Shunyu Yao, who happened to focus on Language Agents for his thesis and immediately went to work on them for OpenAI. Our pick this year is Jack Morris, who bucks the “hot” trends by -not- working on agents, benchmarks, or VS Code forks, but is rather known for his work on the information theoretic understanding of LLMs, starting from embedding models and latent space representations (always close to our heart). Jack is an unusual combination of doing underrated research but somehow still being to explain them well to a mass audience, so we felt this was a good opportunity to do a different kind of episode going through the greatest hits of a high profile AI PhD, and relate them to questions from AI Engineering. Papers and References made AI grad school: https://x.com/jxmnop/status/1933884519557353716A new type of information theory: https://x.com/jxmnop/status/1904238408899101014EmbeddingsText Embeddings Reveal (Almost) As Much As Text: https://arxiv.org/abs/2310.06816Contextual document embeddings https://arxiv.org/abs/2410.02525Harnessing the Universal Geometry of Embeddings: https://arxiv.org/abs/2505.12540Language modelsGPT-style language models memorize 3.6 bits per param: https://x.com/jxmnop/status/1929903028372459909Approximating Language Model Training Data from Weights: https://arxiv.org/abs/2506.15553https://x.com/jxmnop/status/1936044666371146076LLM Inversion"There Are No New Ideas In AI.... Only New Datasets"https://x.com/jxmnop/status/1910087098570338756https://blog.jxmo.io/p/there-are-no-new-ideas-in-ai-onlymisc reference: https://junyanz.github.io/CycleGAN/ — for others hiring AI PhDs, Jack also wanted to shout out his coauthor Zach Nussbaum, his coauthor on Nomic Embed: Training a Reproducible Long Context Text Embedder.
In dieser faszinierenden Episode tauchen wir mit unseren Gästen Sonja Meyer und Martin Bach in die Welt der modernen Softwaretechnologien ein. Wir sprechen über die Herausforderungen und Innovationen in der Technologiebranche, von Nervosität auf der Bühne bis hin zu technologischen Erfolgen. Erfahren Sie mehr über Künstliche Intelligenz, die Zukunft der Programmierung und die Auswirkungen von Technologietrends auf unsere Welt. Diese Episode bietet auch persönliche Geschichten und Anekdoten von der Konferenz, sowie die Bedeutung von Tierrettung in Zeiten der Pandemie. Eine Folge voller spannender Diskussionen, faszinierender Einblicke und inspirierender Geschichten.
Intro topic: Getting an entry-level jobNews/Links:Mario Kart 64 Fully Decompiledhttps://gbatemp.net/threads/mario-kart-64-decompilation-project-reaches-100-completion.671104/Q-Learning is not yet scalablehttps://seohong.me/blog/q-learning-is-not-yet-scalable/Grover's Algorithmhttps://www.youtube.com/watch?v=RQWpF2Gb-gU&vl=enOrangePi has a RISC-V SBChttps://linuxgizmos.com/orangepi-rv2-a-cost-effective-risc-v-board-with-m-2-2280-slot-and-dual-gigabit-ethernet/Book of the ShowPatrickThe Will of the Many (James Islington)https://amzn.to/44DznszJasonThe Intelligence Traphttps://amzn.to/3TqoKCBPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick Pokemon Odysseyhttps://www.reddit.com/r/PokemonROMhacks/comments/1l9zdta/pok%C3%A9mon_odyssey_final_release/JasonNetflix Gameshttps://play.google.com/store/apps/dev?id=6891422865930303475&hl=en_USTopic: WhySpeed up developmentCatch errors faster than type checking/compilingWriting tedious boilerplate codeAsk questions and learn local informationLook good for hiring managersHowExtensions for VSCode & other IDEs for inline suggestionsChat with a selection/fileCommand-line Tools run at the root directoryLocal vs CloudExamplesCopilot (VSCode extension)Use the experimental modeCursor (Custom IDE)Jumps to suggest changes in other placesSimilar to copilot experimental modeRooCode (VSCode extension) ★ Support this podcast on Patreon ★
Dans cet épisode, c'est le retour de Katia et d'Antonio. Les Cast Codeurs explorent WebAssembly 2.0, les 30 ans de Java, l'interopérabilité Swift-Java et les dernières nouveautés Kotlin. Ils plongent dans l'évolution de l'IA avec Claude 4 et GPT-4.1, débattent de la conscience artificielle et partagent leurs retours d'expérience sur l'intégration de l'IA dans le développement. Entre virtualisation, défis d'infrastructure et enjeux de sécurité open source, une discussion riche en insights techniques et pratiques. Enregistré le 13 juin 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-327.mp3 ou en vidéo sur YouTube. News Langages Wasm 2.0 enfin officialisé ! https://webassembly.org/news/2025-03-20-wasm-2.0/ La spécification Wasm 2.0 est officiellement sortie en décembre dernier. Le consensus sur la spécification avait été atteint plus tôt, en 2022. Les implémentations majeures supportent Wasm 2.0 depuis un certain temps. Le processus W3C a pris du temps pour atteindre le statut de “Recommandation Candidate” pour des raisons non techniques. Les futures versions de Wasm adopteront un modèle “evergreen” où la “Recommandation Candidate” sera mise à jour en place. La dernière version de la spécification est considérée comme le standard actuel (Candidate Recommendation Draft). La version la plus à jour est disponible sur la page GitHub (GitHub page). Wasm 2.0 inclut les nouveautés suivantes : Instructions vectorielles pour le SIMD 128-bit. Instructions de manipulation de mémoire en bloc pour des copies et initialisations plus rapides. Résultats multiples pour les instructions, blocs et fonctions. Types références pour les références à des fonctions ou objets externes. Conversions non-piégeantes de flottant à entier. Instructions d'extension de signe pour les entiers signés. Wasm 2.0 est entièrement rétrocompatible avec Wasm 1.0. Paul Sandoz annonce que le JDK intègrera bientôt une API minimaliste pour lire et écrire du JSON https://mail.openjdk.org/pipermail/core-libs-dev/2025-May/145905.html Java a 30 ans, c'était quoi les points bluffants au début ? https://blog.jetbrains.com/idea/2025/05/do-you-really-know-java/ nom de code Oak Mais le trademark était pris Write Once Run Anywhere Garbage Collector Automatique multi threading au coeur de la palteforme meme si Java est passé par les green threads pendant un temps modèle de sécurité: sandbox applets, security manager, bytecode verifier, classloader Des progrès dans l'interopérabilité Swift / Java mentionnés à la conférence Apple WWDC 2025 https://www.youtube.com/watch?v=QSHO-GUGidA Interopérabilité Swift-Java : Utiliser Swift dans des apps Java et vice-versa. Historique : L'interopérabilité Swift existait déjà avec C et C++. Méthodes : Deux directions d'interopérabilité : Java depuis Swift et Swift depuis Java. JNI : JNI est l'API Java pour le code natif, mais elle est verbeuse. Swift-Java : Un projet pour une interaction Swift-Java plus flexible, sûre et performante. Exemples pratiques : Utiliser des bibliothèques Java depuis Swift et rendre des bibliothèques Swift disponibles pour Java. Gestion mémoire : Swift-Java utilise la nouvelle API FFM de Java pour gérer la mémoire des objets Swift. Open Source : Le projet Swift-Java est open source et invite aux contributions. KotlinConf le retour https://www.sfeir.dev/tendances/kotlinconf25-quelles-sont-les-annonces-a-retenir/ par Adelin de Sfeir “1 developeur sur 10” utilise Kotlin Kotlin 2.2 en RC $$ multi dollar interpolation pour eviter les sur interpolations non local break / continue (changement dans la conssitance de Kotlin guards sur le pattern matching D'autres features annoncées alignement des versions de l'ecosysteme sur kotlin jvm par defaut un nouvel outil de build Amper beaucoup d'annonces autour de l'IA Koog, framework agentique de maniere declarative nouvelle version du LLM de JetBrains: Mellum (focalisé sur le code) Kotlin et Compose multiplateforme (stable en iOS) Hot Reload dans compose en alpha partenariat strategque avec Spring pour bien integrer kotlin dans spring Librairies Sortie d'une version Java de ADK, le framework d'agents IA lancé par Google https://glaforge.dev/posts/2025/05/20/writing-java-ai-agents-with-adk-for-java-getting-started/ Guillaume a travaillé sur le lancement de ce framework ! (améliorations de l'API, code d'exemple, doc…) Comment déployer un serveur MCP en Java, grâce à Quarkus, et le déployer sur Google Cloud Run https://glaforge.dev/posts/2025/06/09/building-an-mcp-server-with-quarkus-and-deploying-on-google-cloud-run/ Même Guillaume se met à faire du Quarkus ! Utilisation du support MCP développé par l'équipe Quarkus. C'est facile, suffit d'annoter une méthode avec @Tool et ses arguments avec @ToolArg et c'est parti ! L'outil MCP inspector est très pratique pour inspecter manuellement le fonctionnement de ses serveurs MCP Déployer sur Cloud Run est facile grâce aux Dockerfiles fournis par Quarkus En bonus, Guillaume montre comment configuré un serveur MCP comme un outil dans le framework ADK pour Java, pour créer ses agents IA Jilt 1.8 est sorti, un annotation processor pour le pattern builder https://www.endoflineblog.com/jilt-1_8-and-1_8_1-released processing incrémental pour Gradle meilleure couverture de votre code (pour ne pas comptabiliser le code généré par l'annotation processeur) une correction d'un problème lors de l'utilisation des types génériques récursifs (genre Node Hibernate Search 8 est sorti https://in.relation.to/2025/06/06/hibernate-search-8-0-0-Final/ aggregation de metriques compatibilité avec les dernieres OpenSearch et Elasticsearch Lucene 10 en backend Preview des requetes validées à la compilation Hibernate 7 est sorti https://in.relation.to/2025/05/20/hibernate-orm-seven/ ASL 2.0 Hibernate Validator 9 Jakarta Persistence 3.2 et Jakarta Validation 3.1 saveOrUpdate (reattachement d'entité) n'est plus supporté session stateless plus capable: oeprations unitaires et pas seulement bach, acces au cache de second niveau, m,eilleure API pour les batchs (insertMultiple etc) nouvelle API criteria simple et type-safe: et peut ajouter a une requete de base Un article qui décrit la Dev UI de Quarkus https://www.sfeir.dev/back/quarkus-dev-ui-linterface-ultime-pour-booster-votre-productivite-en-developpement-java/ apres un test pour soit ou une demo, c'est un article détaillé et la doc de Quarkus n'est pas top là dessus Vert.x 5 est sorti https://vertx.io/blog/eclipse-vert-x-5-released/ on en avait parlé fin de l'année dernière ou début d'année Modèle basé uniquement sur les Futures : Vert.x 5 abandonne le modèle de callbacks pour ne conserver que les Futures, avec une nouvelle classe de base VerticleBase mieux adaptée à ce modèle asynchrone. Support des modules Java (JPMS) : Vert.x 5 prend en charge le système de modules de la plateforme Java avec des modules explicites, permettant une meilleure modularité des applications. Améliorations majeures de gRPC : Support natif de gRPC Web et gRPC Transcoding (support HTTP/JSON et gRPC), format JSON en plus de Protobuf, gestion des timeouts et deadlines, services de réflexion et de health. Support d'io_uring : Intégration native du système io_uring de Linux (précédemment en incubation) pour de meilleures performances I/O sur les systèmes compatibles. Load balancing côté client : Nouvelles capacités de répartition de charge pour les clients HTTP et gRPC avec diverses politiques de distribution. Service Resolver : Nouveau composant pour la résolution dynamique d'adresses de services, étendant les capacités de load balancing à un ensemble plus large de résolveurs. Améliorations du proxy HTTP : Nouvelles transformations prêtes à l'emploi, interception des upgrades WebSocket et interface SPI pour le cache avec support étendu des spécifications. Suppressions et remplacements : Plusieurs composants sont dépréciés (gRPC Netty, JDBC API, Service Discovery) ou supprimés (Vert.x Sync, RxJava 1), remplacés par des alternatives plus modernes comme les virtual threads et Mutiny. Spring AI 1.0 est sorti https://spring.io/blog/2025/05/20/spring-ai-1-0-GA-released ChatClient multi-modèles : API unifiée pour interagir avec 20 modèles d'IA différents avec support multi-modal et réponses JSON structurées. Écosystème RAG complet : Support de 20 bases vectorielles, pipeline ETL et enrichissement automatique des prompts via des advisors. Fonctionnalités enterprise : Mémoire conversationnelle persistante, support MCP, observabilité Micrometer et évaluateurs automatisés. Agents et workflows : Patterns prédéfinis (routing, orchestration, chaînage) et agents autonomes pour applications d'IA complexes. Infrastructure Les modèles d'IA refusent d'être éteint et font du chantage pour l'eviter, voire essaient se saboter l'extinction https://www.thealgorithmicbridge.com/p/ai-companies-have-lost-controland?utm_source=substac[…]aign=email-restack-comment&r=2qoalf&triedRedirect=true Les chercheur d'Anthropic montrent comment Opus 4 faisait du chantage aux ingenieurs qui voulaient l'eteindre pour mettre une nouvelle version en ligne Une boite de recherche a montré la même chose d'Open AI o3 non seulemenmt il ne veut pas mais il essaye activement d'empêcher l'extinction Apple annonce le support de la virtualisation / conteneurisation dans macOS lors de la WWDC https://github.com/apple/containerization C'est open source Possibilité de lancer aussi des VM légères Documentation technique : https://apple.github.io/containerization/documentation/ Grosse chute de services internet suite à un soucis sur GCP Le retour de cloud flare https://blog.cloudflare.com/cloudflare-service-outage-june-12-2025/ Leur système de stockage (une dépendance majeure) dépend exclusivement de GCP Mais ils ont des plans pour surfit de cette dépendance exclusive la première analyse de Google https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW Un quota auto mis à jour qui a mal tourné. ils ont bypassé le quota en code mais le service de quote en us-central1 était surchargé. Prochaines améliorations: pas d propagation de données corrompues, pas de déploiement global sans rolling upgrade avec monitoring qui peut couper par effet de bord (fail over) certains autres cloud providers ont aussi eu quelques soucis (charge) - unverified Data et Intelligence Artificielle Claude 4 est sorti https://www.anthropic.com/news/claude-4 Deux nouveaux modèles lancés : Claude Opus 4 (le meilleur modèle de codage au monde) et Claude Sonnet 4 (une amélioration significative de Sonnet 3.7) Claude Opus 4 atteint 72,5% sur SWE-bench et peut maintenir des performances soutenues sur des tâches longues durant plusieurs heures Claude Sonnet 4 obtient 72,7% sur SWE-bench tout en équilibrant performance et efficacité pour un usage quotidien Nouvelle fonctionnalité de “pensée étendue avec utilisation d'outils” permettant à Claude d'alterner entre raisonnement et usage d'outils Les modèles peuvent maintenant utiliser plusieurs outils en parallèle et suivre les instructions avec plus de précision Capacités mémoire améliorées : Claude peut extraire et sauvegarder des informations clés pour maintenir la continuité sur le long terme Claude Code devient disponible à tous avec intégrations natives VS Code et JetBrains pour la programmation en binôme Quatre nouvelles capacités API : outil d'exécution de code, connecteur MCP, API Files et mise en cache des prompts Les modèles hybrides offrent deux modes : réponses quasi-instantanées et pensée étendue pour un raisonnement plus approfondi en mode “agentique” L'intégration de l'IA au delà des chatbots et des boutons à étincelles https://glaforge.dev/posts/2025/05/23/beyond-the-chatbot-or-ai-sparkle-a-seamless-ai-integration/ Plaidoyer pour une IA intégrée de façon transparente et intuitive, au-delà des chatbots. Chatbots : pas toujours l'option LLM la plus intuitive ou la moins perturbatrice. Préconisation : IA directement dans les applications pour plus d'intelligence et d'utilité naturelle. Exemples d'intégration transparente : résumés des conversations Gmail et chat, web clipper Obsidian qui résume et taggue, complétion de code LLM. Meilleure UX IA : intégrée, contextuelle, sans “boutons IA” ou fenêtres de chat dédiées. Conclusion de Guillaume : intégrations IA réussies = partie naturelle du système, améliorant les workflows sans perturbation, le développeur ou l'utilisateur reste dans le “flow” Garder votre base de donnée vectorielle à jour avec Debezium https://debezium.io/blog/2025/05/19/debezium-as-part-of-your-ai-solution/ pas besoin de detailler mais expliquer idee de garder les changements a jour dans l'index Outillage guide pratique pour choisir le bon modèle d'IA à utiliser avec GitHub Copilot, en fonction de vos besoins en développement logiciel. https://github.blog/ai-and-ml/github-copilot/which-ai-model-should-i-use-with-github-copilot/ - Équilibre coût/performance : GPT-4.1, GPT-4o ou Claude 3.5 Sonnet pour des tâches générales et multilingues. - Tâches rapides : o4-mini ou Claude 3.5 Sonnet pour du prototypage ou de l'apprentissage rapide. - Besoins complexes : Claude 3.7 Sonnet, GPT-4.5 ou o3 pour refactorisation ou planification logicielle. - Entrées multimodales : Gemini 2.0 Flash ou GPT-4o pour analyser images, UI ou diagrammes. - Projets techniques/scientifiques : Gemini 2.5 Pro pour raisonnement avancé et gros volumes de données. UV, un package manager pour les pythonistes qui amène un peu de sanité et de vitesse http://blog.ippon.fr/2025/05/12/uv-un-package-manager-python-adapte-a-la-data-partie-1-theorie-et-fonctionnalites/ pour les pythonistes un ackage manager plus rapide et simple mais il est seulement semi ouvert (license) IntelliJ IDEA 2025.1 permet de rajouter un mode MCP client à l'assistant IA https://blog.jetbrains.com/idea/2025/05/intellij-idea-2025-1-model-context-protocol/ par exemple faire tourner un MCP server qui accède à la base de donnée Méthodologies Développement d'une bibliothèque OAuth 2.1 open source par Cloudflare, en grande partie générée par l'IA Claude: - Prompts intégrés aux commits : Chaque commit contient le prompt utilisé, ce qui facilite la compréhension de l'intention derrière le code. - Prompt par l'exemple : Le premier prompt montrait un exemple d'utilisation de l'API qu'on souhaite obtenir, ce qui a permis à l'IA de mieux comprendre les attentes. - Prompts structurés : Les prompts les plus efficaces suivaient un schéma clair : état actuel, justification du changement, et directive précise. - Traitez les prompts comme du code source : Les inclure dans les commits aide à la maintenance. - Acceptez les itérations : Chaque fonctionnalité a nécessité plusieurs essais. - Intervention humaine indispensable : Certaines tâches restent plus rapides à faire à la main. https://www.maxemitchell.com/writings/i-read-all-of-cloudflares-claude-generated-commits/ Sécurité Un packet npm malicieux passe par Cursor AI pour infecter les utilisateurs https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html Trois packages npm malveillants ont été découverts ciblant spécifiquement l'éditeur de code Cursor sur macOS, téléchargés plus de 3 200 fois au total.Les packages se déguisent en outils de développement promettant “l'API Cursor la moins chère” pour attirer les développeurs intéressés par des solutions AI abordables. Technique d'attaque sophistiquée : les packages volent les identifiants utilisateur, récupèrent un payload chiffré depuis des serveurs contrôlés par les pirates, puis remplacent le fichier main.js de Cursor. Persistance assurée en désactivant les mises à jour automatiques de Cursor et en redémarrant l'application avec le code malveillant intégré. Nouvelle méthode de compromission : au lieu d'injecter directement du malware, les attaquants publient des packages qui modifient des logiciels légitimes déjà installés sur le système. Persistance même après suppression : le malware reste actif même si les packages npm malveillants sont supprimés, nécessitant une réinstallation complète de Cursor. Exploitation de la confiance : en s'exécutant dans le contexte d'une application légitime (IDE), le code malveillant hérite de tous ses privilèges et accès. Package “rand-user-agent” compromis : un package légitime populaire a été infiltré pour déployer un cheval de Troie d'accès distant (RAT) dans certaines versions. Recommandations de sécurité : surveiller les packages exécutant des scripts post-installation, modifiant des fichiers hors node_modules, ou initiant des appels réseau inattendus, avec monitoring d'intégrité des fichiers. Loi, société et organisation Le drama OpenRewrite (automatisation de refactoring sur de larges bases de code) est passé en mode propriétaire https://medium.com/@jonathan.leitschuh/when-open-source-isnt-how-openrewrite-lost-its-way-642053be287d Faits Clés : Moderne, Inc. a re-licencié silencieusement du code OpenRewrite (dont rewrite-java-security) de la licence Apache 2.0 à une licence propriétaire (MPL) sans consultation des contributeurs. Ce re-licenciement rend le code inaccessible et non modifiable pour les contributeurs originaux. Moderne s'est retiré de la Commonhaus Foundation (dédiée à l'open source) juste avant ces changements. La justification de Moderne est la crainte que de grandes entreprises utilisent OpenRewrite sans contribuer, créant une concurrence. Des contributions communautaires importantes (VMware, AliBaba) sous Apache 2.0 ont été re-licenciées sans leur consentement. La légalité de ce re-licenciement est incertaine sans CLA des contributeurs. Cette action crée un précédent dangereux pour les futurs contributeurs et nuit à la confiance dans l'écosystème OpenRewrite. Corrections de Moderne (Suite aux réactions) : Les dépôts Apache originaux ont été restaurés et archivés. Des versions majeures ont été utilisées pour signaler les changements de licence. Des espaces de noms distincts (org.openrewrite vs. io.moderne) ont été créés pour différencier les modules. Suggestions de Correction de l'Auteur : Annuler les changements de licence sur toutes les recettes communautaires. S'engager dans le dialogue et communiquer publiquement les changements majeurs. Respecter le versionnement sémantique (versions majeures pour les changements de licence). L'ancien gourou du design d'Apple, Jony Ive, va occuper un rôle majeur chez OpenAI OpenAI va acquérir la startup d'Ive pour 6,5 milliards de dollars, tandis qu'Ive et le PDG Sam Altman travaillent sur une nouvelle génération d'appareils et d'autres produits d'IA https://www.wsj.com/tech/ai/former-apple-design-guru-jony-ive-to-take-expansive-role-at-openai-5787f7da Rubrique débutant Un article pour les débutants sur le lien entre source, bytecode et le debug https://blog.jetbrains.com/idea/2025/05/sources-bytecode-debugging/ le debugger voit le bytecode et le lien avec la ligne ou la methode est potentiellement perdu javac peut ajouter les ligne et offset des operations pour que le debugger les affichent les noms des arguments est aussi ajoutable dans le .class quand vous pointez vers une mauvaise version du fichier source, vous avez des lignes decalées, c'est pour ca peu de raisons de ne pas actier des approches de compilations mais cela rend le fichier un peu plus gros Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25 juin 2025 : Rust Paris 2025 - Paris (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/
I had to make a few changes to a SQL Saturday event recently. The repo is public, and some of the organizers submit PRs for their changes, and others send me an email/message/text/etc. for a change. In this case, an organizer just asked for a couple of image updates to their site. I opened VS Code, created a branch, added a URL for the images, and submitted my own PR. After the build, I deployed it. And it didn't work. Read the rest of Patching the Patch
We're on location at Microsoft Build 2025 with Amanda Silver, Corporate Vice President of Microsoft's Developer Division. Amanda leads product, design, user research, and engineering systems for some of the tools you use every day. We discuss the latest AI announcements from Microsoft at Build 2025, how AI is reshaping development tools, what's next for VS Code, TypeScript, GitHub's evolution, and even emerging editors like Windsurf that are forking the VS Code ecosystem.
In this episode, Dan and I (Steve) dove deep into what turned out to be a surprisingly complex, yet incredibly insightful topic: gradually migrating a massive legacy JavaScript project over to TypeScript. We're talking about nearly 1,000 JS files, 70,000+ lines of code, and years of developer history—all transitioning carefully to a typed, modern future.Dan walked us through how he started by setting up the project for success before converting even one file—getting CI/CD ready, setting up tsconfig.json, sorting out test dependencies, dealing with mock leaks, and even grappling with quirks between VS Code and WebStorm debugging.We talked tools (like TS-ESLint, concurrently, and ts-node), why strict typing actually uncovered real bugs (and made the code better!), and why it's crucial not to touch any .js files until your TypeScript setup is rock solid.Key Takeaways:Gradual migration is 100% possible—and often better—than ripping the bandaid off.TypeScript can and will catch bugs hiding in your JavaScript. Be prepared!Use VS Code extensions or TS-Node to support your devs' tooling preferences.Don't underestimate the setup phase—it's the foundation of long-term success.Start small: Dan's team converted just one file at first to test the whole pipeline.If you're sitting on a legacy JS project and dreaming of TypeScript, this episode is your blueprint—and your warning sign.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
We're on location at Microsoft Build 2025 with Amanda Silver, Corporate Vice President of Microsoft's Developer Division. Amanda leads product, design, user research, and engineering systems for some of the tools you use every day. We discuss the latest AI announcements from Microsoft at Build 2025, how AI is reshaping development tools, what's next for VS Code, TypeScript, GitHub's evolution, and even emerging editors like Windsurf that are forking the VS Code ecosystem.
Dans cet épisode, nous explorons l'univers des assistants de code AI. Comment ces outils transforment-ils notre façon de coder ? Quels sont leurs atouts et leurs limites ? Nos invités Philippe Charrière et Kevin Aubry nous éclairent sur ces technologies qui bouleversent les pratiques des développeurs. Enregistré le 8 avril 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-326.mp3 ou en vidéo sur YouTube. Interview Ta vie ton oeuvre Peux-tu te présenter brièvement à nos auditeurs? Quelle est ton expérience personnelle avec ces outils? Tu l'utilises chez ton employeur ou juste pour tes projets personnels? Qu'est-ce qui t'a attiré dans ce domaine en particulier? Introduction à la techno Qu'est-ce qu'un assistant de code AI exactement? Comment le définirais-tu? Quels sont les principaux assistants de code disponibles aujourd'hui sur le marché? Quand et pourquoi ces outils ont-ils commencé à émerger? Quelle est la différence entre un assistant de code AI et un simple outil de complétion de code? La techno en concepts Quels sont les fondements technologiques des assistants de code actuels? Quels sont les différences de flow entre un outil dédié genre CursorAI, GitHub Copilot, un chat LLM générique de type Claude ou un outil à la Devoxx Genie? Il y a aussi des outils de terminal, en ligne de commande ou en desktop dédié genre Goose de Block - comment ceux-ci se positionnent-ils? Quelles sont les différentes approches d'intégration dans les environnements de développement? Comment se positionnent les assistants par rapport à d'autres outils d'aide au développement? Quels sont les modèles économiques actuels (open source vs propriétaire, SaaS vs on-premise)? Qu'en est-il de la confidentialité du code analysé par ces outils? Comment on l'utilise en pratique pour un dev Comment un développeur Java typique intègre-t-il un assistant de code dans son workflow quotidien? Quels sont les assistants les plus adaptés à l'écosystème Java spécifiquement? Vous utilisez plutôt VSCode? Ça marche bien dans IntelliJ IDEA? Quelles sont les bonnes pratiques pour formuler des requêtes efficaces à un assistant? Quelles tâches répétitives ou complexes sont particulièrement bien gérées par ces assistants? Quels sont les tâches aujourd'hui où l'assistant de code excelle: squelette de code initial, ajout de fonctionnalité, écrire les tests, corriger un bug, la sécurité, grosse migration de version ou de framework? Comment évaluer la qualité du code généré? Quelles vérifications faire systématiquement? Quelle est ton expérience des hallucinations? Des trucs rigolos à raconter? Comment évoluent les pratiques de pair programming avec ces outils? C'est quoi ton budget code assistance / LLM? Sous le capot Pas sûr de pouvoir faire cette partie sous le capot si on a des interview orienté utilisateur. Comment ces assistants sont-ils entraînés spécifiquement pour comprendre le code? Quelle est la différence entre le fine-tuning pour le code et pour le langage naturel? Comment fonctionnent les techniques de retrieval augmentation pour le contexte du projet? Comment les assistants gèrent-ils les dépendances et la structure des projets complexes? Quels sont les défis techniques majeurs pour analyser du code Java avec ses spécificités? Comment les modèles réussissent-ils (ou échouent-ils) à comprendre la sémantique du code? Quelles sont les limites actuelles des modèles de langage pour la génération de code? Qu'en est-il de la consommation de ressources et de l'impact environnemental? La communauté, le futur Comment la communauté Java a-t-elle accueilli ces outils? C'est pour quel type de développeur? Junior, intermédiaire, expert? Quels avantages pour chaque? Quel impact ces assistants ont-ils sur l'apprentissage de la programmation? Comment voyez-vous l'évolution des compétences requises pour les développeurs? Quelles sont les prochaines frontières pour les assistants de code? Quelles fonctionnalités manquent encore à l'appel? Comment les assistants vont-ils évoluer dans les 2-3 prochaines années? Ces outils vont-ils transformer radicalement la profession de développeur? Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/
In this episode of Remote Ruby, Chris and Andrew catch up on recent travels and food experiences, including the best Philly cheesesteaks they've ever had. The conversation shifts towards development topics, particularly testing challenges and solutions in Ruby on Rails, featuring discussions about emoji pickers, asset pipelines, and the prawn library. Chris shares updates on acquiring an old Rails app, One Month, and future plans for this project. They also explore various development hiccups and solutions, including using libraries for faster system tests and streamlining asset pipelines. The episode wraps up with insights into new tools like an official Postgres extension for VS Code and plans for future video content on their platform.LinksJudoscale- Remote Ruby listener giftOne MonthRunning Rails System Tests With Playwright Instead of Selenium by Justin SearlsAnnouncing a new IDE for PostgreSQL in VS Code from MicrosoftLou Malnati's Pizzeria Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter
RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "If your app has a backend, it's Aspire-able. And so it's tools, templates, and packages for really any type of app… So just being able to walk up to a repo, clone it, and hit F5. When was the last time we were able to do that? Like, ten years ago, maybe?"— Maddy Montaquila Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, we talk with Maddy Montaquila about .NET Aspire, what it is, how it's not just for .NET developers, and how it can help you to run a repo by simply hitting F5, regardless of what's in there. "To me, it really is just a dev tool in a bunch of different ways. It makes you just hit F5 again, no matter how many containers, or local, or deployed services you have to deal with, or projects, or languages, or if you're in VS, or VS Code, or on a Mac, or on a command line, or on a Linux machine. Like Aspire just makes all that magical without replatforming"— Maddy Montaquila Along the way, we also talk about the importance of reducing the complexity of going from, "I have an idea," to, "my app is running in the cloud." And Maddy drops a wonderful metaphor for .NET Aspire using a Logo-based metaphor. And we address the community invented elephant in the room: that .NET Aspire, somehow, locks you into using one vendor. Spoiler alert: it can deploy to any cloud vendor, and even to on-prem servers. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/net-aspire-how-maddy-montaquila-and-the-net-team-are-revolutionizing-development/ Maddy's Links: Maddy on Bluesky Other Links: CNCF OpenTelemetry Helm Codespaces Podman Devcontainers Vim GDB FreeBSD Jail .NET Aspire Community Toolkit CORS MCP Phi-4 Four stages of competence dot.net Cloud features of .NET Customer Stories: customers.microsoft.com dot.net/customers Ollama Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show
This show has been flagged as Clean by the host. Intro How I know BSD Very minimal NetBSD usage I'm am leaving out Dragonfly BSD Previous episodes Several by Claudio Miranda and others - check the tags page. hpr3799 :: My home router history hpr3187 :: Ansible for Dynamic Host Configuration Protocol hpr3168 :: FreeBSD Jails and iocage hpr2181 :: Install OpenBSD from Linux using Grub History and Overview https://en.wikipedia.org/wiki/History_of_the_Berkeley_Software_Distribution The history of the Berkeley Software Distribution began in the 1970s when University of California, Berkeley received a copy of Unix. Professors and students at the university began adding software to the operating system and released it as BSD to select universities. https://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems Comparisons to Linux Not better or worse, just different. BSD is a direct descendant of the original UNIX Not distributions - Separate projects with separate code bases. Permissive vs Copyleft One Project vs Kernel + User land Most Open Source software is available on BSD ports and packages Network Devices and DISKS will have different naming conventions. BE CAREFUL Distinctives FreeBSD Probably most widely used Base OS Commercial products Tightly integrated with ZFS Jails OS for Firewall appliances - PFSense and Opensense OpenBSD Focus on Code Correctness and Security Often First to develop new security methodologies - ASLR and Kernel relinking at boot Home of OpenSSH, ... Base includes Xorg and a minimal Window Manager The Best docs - man pages NetBSD Supports the most platforms pkgsrc can be used on any UNIX like. How I use BSD Home Router Recently migrated from FreeBSD to OpenBSD Better support for the cheap 2.5G network adapters in Ali express firewalls Workstations OpenBSD Dual boot laptop - missing some nice features - Vscode and BT audio OpenBSD for Banking NAS FreeBSD Was physical by migrated to Proxmox VM with direct attached drives Jails for some apps ZFS pools for storage My recommendations Router OpenBSD - Any BSD will work Opensense - similar experience to managing DD-WRT Thinkpads - OpenBSD Other laptops / PC - FreeBSD desktop focus derivative. ghost or midnight Servers/NAS FreeBSD ZFS Jails BSD is worth trying Dual booting is supported but can be tricky if unfamiliar. r Provide feedback on this episode.
Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
CodeRabbit, led by founder Harjot Gill, is tackling one of software development's biggest bottlenecks: the human code review process. While AI coding tools like GitHub Copilot have sped up code generation, they've inadvertently slowed down shipping due to increased complexity in code reviews. Developers now often review AI-generated code they didn't write, leading to misunderstandings, bugs, and security risks. In an episode of The New Stack Makers, Gill discusses how Code Rabbit leverages advanced reasoning models—OpenAI's o1, o3 mini, and Anthropic's Claude series—to automate and enhance code reviews. Unlike rigid, rule-based static analysis tools, Code Rabbit builds rich context at scale by spinning up sandbox environments for pull requests and allowing AI agents to navigate codebases like human reviewers. These agents can run CLI commands, analyze syntax trees, and pull in external context from Jira or vulnerability databases. Gill envisions a hybrid future where AI handles the grunt work of code review, empowering humans to focus on architecture and intent—ultimately reducing bugs, delays, and development costs.Learn more from The New Stack about the latest insights about AI code reviews: CodeRabbit's AI Code Reviews Now Live Free in VS Code, Cursor AI Coding Agents Level Up from Helpers to Team Players Augment Code: An AI Coding Tool for 'Real' Development WorkJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
Wow! What a week at Microsoft Build 2025 for GitHub Copilot, VS Code, Visual Studio, .NET, and so much more. We get into it! Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm
In this episode of the PowerShell Podcast, we welcome back Justin Grote, a Microsoft MVP and open-source powerhouse, for an in-depth and fast-paced conversation. Fresh off his PowerShell Wednesday presentation, Justin shares the thinking behind his latest innovations, including the creation of the high-performance ExcelFast module and his evangelism for dev containers and modern development workflows. Key topics in this episode include: Getting the most from VS Code – Justin shares power-user tips, favorite settings, and the evolution of his 1,000-line configuration file. GitHub Copilot and real-world developer productivity – How Justin's approach to AI tooling shifted after experiencing measurable value in his PowerShell workflows. Dev containers and runtime containers – A detailed breakdown of the difference, practical use cases, and how they transform collaboration, onboarding, and consistency. Excel Fast – A brand-new module optimized for high-performance reading, writing, and streaming of large Excel and CSV datasets, developed with dev containers from day one. Open-source contributions to PowerShell – Including enhanced logging for Invoke-RestMethod and building a dev container for the PowerShell repo itself. PowerShell Conf EU previews – From a 90-minute VS Code optimization deep dive to a hands-on runspaces lab with GitHub Codespaces integration. This episode is packed with practical advice, philosophy on tooling, and Justin's trademark blend of performance focus and community-first thinking. Whether you're a seasoned developer or looking to up your scripting game, you'll walk away with new ideas and resources to explore. Guest Bio – Justin Grote Justin Grote is a Microsoft MVP, PowerShell advocate, and open-source contributor with a deep focus on automation, performance, and developer productivity. Known for tools like ModuleFast and his work improving PowerShell workflows, Justin blends real-world experience with a passion for teaching and sharing. Whether he's optimizing VS Code, contributing to the PowerShell repo, or speaking at global conferences, Justin empowers the community with practical solutions and thoughtful insight. Links: Find Justin on GitHub, BlueSky, or on Discord (@JustinGrote): https://github.com/JustinGrote Try out ExcelFast: https://github.com/JustinGrote/ExcelFast PSConfEU Announcement: https://www.linkedin.com/feed/update/urn:li:activity:7328093268225806337/ Create Dev Container Docs: https://code.visualstudio.com/docs/devcontainers/create-dev-container SecretManagement.DpapiNG: https://github.com/jborean93/SecretManagement.DpapiNG Connect with Andrew on Socials: https://andrewpla.tech/links Catch PowerShell Wednesdays weekly at 2 PM EST on discord.gg/pdq The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: https://youtu.be/dHbWFUyUaOE
This week both Google and Microsoft held conferences where they announced all the new, great AI breakthroughs, but there were a few other notable, web dev-focused pieces in between. VS Code announced it will be open sourcing the GitHub Copilot Chat extension, refactoring relevant components into its core codebase, as the next logical step “in making VS Code an open source AI editor.”Microsoft has floated a new idea called “NLWeb” to make it easier for websites to turn themselves into AI apps using an LLM model and their own data. While this sounds interesting, it's very early days yet and is not ready for prime time.A blog post from Remix creator Ryan Florence leaked earlier this week, and in it, Ryan shares that Remix v3 will move away from using React. The usual criticisms of React are present, and so Remix v3 will be completely new with a focus on a framework that's AI friendly and leveraging all the Web APIs available today. News:VS Code is open sourcing its AI chat extensionRemix's “Declaration of Independence” blog leakedAnd Microsoft introduces yet another AI standardLightning News:Satya Nadella and podcastsIntroducing Claude 4 What Makes Us Happy this Week:Paige - Daredevil: Born Again TV seriesJack - Baseball team Portland Pickles' Red Head Appreciation NightTJ - The Philadelphia Inquirer's summer reading listThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
In this episode of the Mainframe Connect podcast's I am a Mainframer series, Richelle from Beta Systems shares her inspiring journey from the Philippines to Austria in the mainframe industry. Starting as a COBOL programmer trainee, Richelle transitioned through roles in systems programming and open-source development, becoming a key contributor to the Zowe community as a Scrum Master for Zowe Explorer. She discusses mainframe modernization, the power of the Zowe community, and her passion for teaching modern mainframe tools like VS Code and CLI to apprentices and colleagues. A highlight of the conversation is Richelle's vision for a hybrid mainframe future and her advocacy for greater visibility of women in the industry through the upcoming Mainframe Coven podcast.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
New Variant of Crypto Confidence Scam Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money. https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968 Malicious Chrome Extensions Malicious Chrome extensions mimick popular services like VPNs to trick users into installing them. Once installed, the extensions will exfiltrate browser secrets https://dti.domaintools.com/dual-function-malware-chrome-extensions/ Malicious VS Code Extensions Malicious Visual Studio Code extensions target crypto developers to trick them into installing them to exfiltrate developer secrets. https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions/#indicators-of-compromise
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
In this potluck episode of Syntax, Wes and CJ answer your questions about OpenAI's $3B Windsurf acquisition, the evolving role of UI in an AI-driven world, why good design still matters, React vs. Svelte, and more! Show Notes 00:00 Welcome to Syntax! Devs Night Out 02:35 OpenAI acquires Windsurf for $3B Windsurf Ep 870: Windsurf forked VS Code to compete with Cursor. Talking the future of AI + Coding 05:20 What is the future of UI now that AI is such a heavy hitter? 08:45 Handling spam submissions on websites Cloudflare Turnstile 14:18 Duplicating HTML for desktop and mobile websites? 17:03 Is it okay to use a JSON file for simple website data? 19:04 How to handle anonymous and duplicate users Better-Auth 21:55 Working with TypeScript Object.keys() and “any” vs “@ts-ignore” 25:51 Brought to you by Sentry.io 26:38 What is the difference between React and Svelte? 30:24 How should you name your readme file? 31:55 How do you find time to refactor code? 35:20 Best practices for testing responsiveness Polypane 39:19 Avoiding layout shift with progressive enhancement 46:56 Sick Picks + Shameless Plugs Sick Picks CJ: Portable Chainsaw Wes: White Lotus Shameless Plugs CJ: Nuxt Wes: Full Stack App Build | Travel Log w/ Nuxt, Vue, Better Auth, Drizzle, Tailwind, DaisyUI, MapLibre Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
Scott and Wes are joined by Erich Gamma, creator of VS Code, and Kai Maetzel, Copilot Lead, to share some big news about the future of VS Code and Copilot. They discuss what it means for developers, how AI is shaping the future of coding, and why staying open to the community is key. Show Notes 00:00 Welcome to Syntax! 01:00 The inception of VS Code. 02:49 VS Code adoption. 04:31 Brought to you by Sentry.io. 04:55 Syntax Denver Meetup! 05:19 The big announcement. 06:25 The current state of Copilot and VS Code. 08:31 The challenges with LLMs running outside of the codebase. 09:31 How to make a business case for AI. 10:47 The maturing of the AI landscape. 13:01 The limitations of extensions. 14:06 Open source vs closed source. 14:49 Copilot's context is public. 19:23 Is context language-specific? 21:23 How does this affect paid Copilot features? 23:27 Secrets of Copilot's server-side. 28:36 What will be open and what will not? 29:03 Is Copilot's UI influenced by VS Code forks? 31:31 Maintaining VS Code identity in forks. 33:07 What does open-sourcing GitHub Copilot mean for Cursor and Windsurf? 38:42 Were you surprised to see VS Code forks? 40:03 Are other extensions able to tap into the AI offerings? 43:20 There's work to be done. 44:13 The timeline. 45:39 Simulation Tests (S Tests). 48:07 How to test LLMs. 49:10 The future of software development with AI. 52:47 What's your favorite model? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
TanStack, a collection of popular open-source software libraries, is back in the news cycle this week with the announcement of TanStack DB. TanStack DB extends TanStack Query with collections, live queries, and optimistic UI mutations to keep UIs reactive, consistent, and lightning fast.VS Code marks its 100th release of v1 with updates like: enabling Next Edit Suggestions (NES) be default, adding custom instructions and reusable prompts for a chat agent inside a project's .github folder, and new tools at the AI agent's disposal for better results.There's a new component library available called Basecoat UI that claims to bring the magic of shadcn/ui with no React required. No matter if a website's built using HTML, Flask, Rails, or another JS framework, Basecoat uses HTML and Tailwind, and a hint of Alpine.js when needed, to provide accessible, modern components that are also compatible with shadcn/ui themes.News:Paige - Basecoat UI - framework agnostic component libraryJack - TanStack DBTJ - VS Code 1.100Bonus News:Apparently we should all just f'ing use HTMLParcel v2.15 jumps on the Rust bandwagonGoogle is testing a new “AI Mode”Google's logo changeMax once again becomes HBO MaxWhat Makes Us Happy this Week:Paige - House of Earth and Blood (#1 in Crescent City series) Jack - Grand Sumo May 2025 TournamentTJ - Coast of MichiganThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast
Mike & Tommy discuss their best use cases of TMDL, Semantic Models, and VS Code.Get in touch:Send in your questions or topics you want us to discuss by tweeting to @PowerBITips with the hashtag #empMailbag or submit on the PowerBI.tips Podcast Page.Visit PowerBI.tips: https://powerbi.tips/Watch the episodes live every Tuesday and Thursday morning at 730am CST on YouTube: https://www.youtube.com/powerbitipsSubscribe on Spotify: https://open.spotify.com/show/230fp78XmHHRXTiYICRLVvSubscribe on Apple: https://podcasts.apple.com/us/podcast/explicit-measures-podcast/id1568944083Check Out Community Jam: https://jam.powerbi.tipsFollow Mike: https://www.linkedin.com/in/michaelcarlo/Follow Seth: https://www.linkedin.com/in/seth-bauer/Follow Tommy: https://www.linkedin.com/in/tommypuglia/
How do you balance architecture and code? Carl and Richard talk to Steve Smith about various architectural strategies and the swing back-and-forth against over-designing architecture and getting code written. Steve talks about how architecture changes depending on the size and number of teams, how the latest tools can help with architectural choices, and the challenge of effective refactoring when things need to change. Lots of great conversation!
Wikipedia is attacked by Trump lackeys, Bluesky folds under pressure from the Turkish government, Linux YouTube is terrible as usual, Microsoft wants you to use the “proper” VS Code, Intel AI chips aren't selling well, yet another open source project has to deal with crawlers, TrueNAS goes Linux-only, and more. News Trump DOJ goon... Read More
Wikipedia is attacked by Trump lackeys, Bluesky folds under pressure from the Turkish government, Linux YouTube is terrible as usual, Microsoft wants you to use the “proper” VS Code, Intel AI chips aren't selling well, yet another open source project has to deal with crawlers, TrueNAS goes Linux-only, and more. News Trump DOJ goon... Read More
In this episode of Gradient Dissent, host Lukas Biewald talks with Sualeh Asif, the CPO and co-founder of Cursor, one of the fastest-growing and most loved AI-powered coding platforms. Sualeh shares the story behind Cursor's creation, the technical and design decisions that set it apart, and how AI models are changing the way we build software. They dive deep into infrastructure challenges, the importance of speed and user experience, and how emerging trends in agents and reasoning models are reshaping the developer workflow.Sualeh also discusses scaling AI inference to support hundreds of millions of requests per day, building trust through product quality, and his vision for how programming will evolve in the next few years.⏳Timestamps:00:00 How Cursor got started and why it took off04:50 Switching from Vim to VS Code and the rise of CoPilot08:10 Why Cursor won among competitors: product philosophy and execution10:30 How user data and feedback loops drive Cursor's improvements12:20 Iterating on AI agents: what made Cursor hold back and wait13:30 Competitive coding background: advantage or challenge?16:30 Making coding fun again: latency, flow, and model choices19:10 Building Cursor's infrastructure: from GPUs to indexing billions of files26:00 How Cursor prioritizes compute allocation for indexing30:00 Running massive ML infrastructure: surprises and scaling lessons34:50 Why Cursor chose DeepSeek models early36:00 Where AI agents are heading next40:07 Debugging and evaluating complex AI agents42:00 How coding workflows will change over the next 2–3 years46:20 Dream future projects: AI for reading codebases and papers
This episode explores the dichotomy between iterative planning and target state planning in software development, discussing the benefits and drawbacks of each approach and providing decision factors to help you choose the most appropriate method for your situation.Understand the core difference between iterative planning, which emphasises agility and responding to change with short planning horizons, and target state planning, which involves laying out a more defined long-term direction.Discover that while iterative planning is often considered the "right way" for software development, target state planning can be valuable for setting a general direction, which can be updated as you learn.Learn why addressing problems atomically in an iterative fashion can be valid, but that evaluating multiple potential improvements together with a target state in mind can lead to better coordination, efficiency, and consistency.Explore the decision factors that might lead you to favour iterative planning, such as high uncertainty, learning-focused work (discovery, prototypes), and fast feedback loops.Understand the decision factors that might lead you to favour target state planning, such as clarity on the problem, working in production with high coupling, regulatory/safety risks, slow feedback loops, high cost of mistakes, broad scope of impact, and high coordination costs.Learn why choosing a planning method by default is a warning sign, and that considering the usefulness of upfront planning without being limited by dogma is important.Understand that upfront planning (target state) can enable adaptation as you learn, and that negative perceptions of it often stem from costly, incorrect plans that were difficult to change.Discover that the choice between iterative and target state planning is a spectrum rather than a pure dichotomy, and that a target state doesn't necessarily need to be a long-term plan.
In this episode, I, Stewart Alsop III, sat down with AJ Beckner to walk through how non-technical founders can build a deeper understanding of their codebase using AI tools like Cursor and Claude. We explored the reality of navigating an IDE as a beginner, demystified Git and GitHub version control, and walked through practical ways to clone a repo, open it safely in Cursor, and start asking questions about your app's structure and functionality without breaking anything. AJ shared his curiosity about finding specific text in his app and how to track that down across branches. We also looked at using AI-powered tools for tasks like dependency analysis and visualizing app architecture, with a focus on empowering non-devs to gain confidence and clarity in their product's code. You can connect with AJ through Twitter at @thisistheaj.Check out this GPT we trained on the conversation!Timestamps00:00 – Stewart introduces Cursor as a fork of Visual Studio Code and explains the concept of an IDE to AJ, who has zero prior experience. They talk about the complexity of coding and the importance of developer curiosity.05:00 – They walk through cloning a GitHub repository using the git clone command. Stewart highlights that AJ won't break anything and introduces the idea of a local playground for exploration.10:00 – Stewart explains Git vs GitHub, the purpose of version control, and how to use the terminal for navigation. They begin setting up the project in Cursor using the terminal rather than GUI options.15:00 – They realize only a README was cloned, leading to a discussion about branches—specifically the difference between main and development branches—and how to clone the right one.20:00 – Using git fetch, they get access to the development branch. Stewart explains how to disconnect from Git safely to avoid pushing changes.25:00 – AJ and Stewart begin exploring Cursor's AI features, including the chat interface. Stewart encourages AJ to start asking natural-language questions about the app structure.30:00 – Stewart demonstrates how to ask for a dependency analysis and create mermaid diagrams for visualizing how app modules are connected.35:00 – They begin identifying specific UI components, including finding and editing the home screen title. AJ uploads a screenshot to use as reference in Cursor.40:00 – They successfully trace the UI text to an index.tsx file and discuss the layout's dependency structure. AJ learns how to use search and command-F effectively.45:00 – They begin troubleshooting issues with Claude's GitHub integration, exploring Claude MCP servers and configuration files to fix broken tools.50:00 – Stewart guides AJ through using npm to install missing packages, explains what Node Package Manager is, and reflects on the interconnected nature of modern development.55:00 – Final troubleshooting steps and next steps. Stewart suggests bringing in Phil for deeper debugging. AJ reflects on how empowered he now feels navigating the codebase.Key InsightsYou don't need to be a developer to understand your app's codebase: AJ Beckner starts the session with zero familiarity with IDEs, but through Stewart's guidance, he begins navigating Cursor and GitHub confidently. The key idea is that non-technical founders can develop real intuition about their code—enough to communicate better with developers, find what they need, and build trust with the systems behind their product.Cursor makes AI-native development accessible to beginners: One of the biggest unlocks in this episode is seeing how Cursor, a VS Code fork with AI baked in, can answer questions about your codebase in plain English. By cloning the GitHub repo and indexing it, AJ is able to ask, “Where do I change this text in the app?” and get direct, actionable guidance. Stewart points out that this shifts the role of a founder from passively waiting on answers to actively exploring and editing.Version control doesn't have to be scary—with the right framing: Git and GitHub come across as overwhelming to many non-engineers, but Stewart breaks it down simply: Git is the local system that helps keep changes organized and non-destructive, and GitHub is the cloud-based sharing tool layered on top. Together, they allow safe experimentation, like cloning a development branch and disconnecting it from the main repo to create a playground environment.Branching strategies reflect how work gets done behind the scenes: The episode includes a moment of discovery: AJ cloned the main branch and only got a README. Stewart explains that the real work often lives in a “development” branch, while “main” is kept stable for production. Understanding this distinction helps AJ (and listeners) know where to look when trying to understand how features are actually being built and tested.Command line basics give you superpowers: Rather than relying solely on visual tools, Stewart introduces AJ to the terminal—explaining simple commands like cd, git clone, and git fetch—and emphasizes that the terminal has been the backbone of developer work for decades. It's empowering to learn that you can use just a few lines of text to download and explore an entire app.Modern coding is less about code and more about managing complexity: A recurring theme in the conversation is the sheer number of dependencies, frameworks, and configuration files that make up any modern app. Stewart compares this to a reflection of modern life—interconnected and layered. Understanding this complexity (rather than being defeated by it) becomes a mindset that AJ embraces as part of becoming technically fluent.AI will keep lowering the bar to entry, but learning fundamentals still matters: Stewart shares how internal OpenAI coding models went from being some of the worst performers two years ago to now ranking among the top 50 in the world. While this progress promises an easier future for non-devs, Stewart emphasizes the value of understanding what's happening under the hood. Tools like Claude and Cursor are incredibly powerful, but knowing what they're doing—and when to be skeptical—is still key.
Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe
Scott and Wes break down the Model Context Protocol (MCP), a new open standard that gives AI agents secure, tool-like access to your dev environment. They cover how it works, why it's a big deal for AI coding workflows, and real-world use cases like GitHub, Sentry, and YouTube. Show Notes 00:00 Welcome to Syntax! 00:49 The lore of ICP. Wes MCP Shirt. 03:09 Brought to you by Sentry.io. 03:33 What is MCP? 05:06 The steps of AI coding. 07:11 MCP hosts. 07:28 MCP clients. 07:35 MCP servers. 08:24 Why you might want to do this. 10:39 How this works in VS Code. 14:10 Wes built an MCP server. SVGL. 14:57 Playwright. 17:24 Sentry's implementation. Building Sentry's MCP with David Cramer. 18:54 YouTube implementation. 21:19 DaVinci Resolve implementation. Smithery. 23:02 Postgres. 24:40 Transport protocols. 24:49 STDIO. 25:19 SSE. 25:32 Streaming. 26:24 Writing you own MCP server. 26:28 FastMCP. 27:00 Cloudflare. 28:01 Data validation. 28:47 Standard schema. Episode 873. 29:27 Other parts of MCP. 29:35 MCP resources. 30:37 MCP prompts. 30:48 MCP roots. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads
DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-466
News includes a new Elixir case study about Cyanview's camera shading technology used at major events like the Olympics and Super Bowl, Oban Pro 1.6 with 20x faster queue partitioning, the openid_connect package reaching version 1.0, Supabase's new Postgres Language Server for developer tooling, and ElixirEvents.net as a community resource. Plus, we interview Michael Lubas, founder of Paraxial.io, about web application security in Elixir, what's involved in a security audit, and how his Elixir-focused security company is helping teams and businesses in the community. Show Notes online - http://podcast.thinkingelixir.com/248 (http://podcast.thinkingelixir.com/248) Elixir Community News https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/ (https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/?utm_source=thinkingelixir&utm_medium=shownotes) – New Elixir case study about Cyanview, a Belgian company whose Remote Control Panel for camera shading is used at major events like the Olympics and Super Bowl. Their Elixir-powered solution enables remote camera control across challenging network conditions. https://oban.pro/docs/pro/1.6.0-rc.1/changelog.html (https://oban.pro/docs/pro/1.6.0-rc.1/changelog.html?utm_source=thinkingelixir&utm_medium=shownotes) – Oban Pro 1.6 released with subworkflows, improved queue partitioning (20x faster), and a new guide explaining different job composition approaches. https://oban.pro/docs/pro/1.6.0-rc.1/composition.html (https://oban.pro/docs/pro/1.6.0-rc.1/composition.html?utm_source=thinkingelixir&utm_medium=shownotes) – New Oban Pro guide explaining when to use chains, workflows, chunks, or batches for job composition. https://github.com/DockYard/openid_connect (https://github.com/DockYard/openid_connect?utm_source=thinkingelixir&utm_medium=shownotes) – The Elixir package 'openid_connect' reached version 1.0, providing client library support for working with various OpenID Connect providers like Google, Microsoft Azure AD, Auth0, and others. https://hexdocs.pm/openid_connect/readme.html (https://hexdocs.pm/openid_connect/readme.html?utm_source=thinkingelixir&utm_medium=shownotes) – Documentation for the newly released openid_connect 1.0 package. https://bsky.app/profile/davelucia.com/post/3llqwsbyutc2z (https://bsky.app/profile/davelucia.com/post/3llqwsbyutc2z?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement that openid_connect is maintained by tvlabs. https://bsky.app/profile/germsvel.com/post/3llee5lyerk2b (https://bsky.app/profile/germsvel.com/post/3llee5lyerk2b?utm_source=thinkingelixir&utm_medium=shownotes) – PhoenixTest v0.6.0 has been released with significant changes, including a breaking change. https://github.com/germsvel/phoenix_test (https://github.com/germsvel/phoenix_test?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for PhoenixTest. https://hexdocs.pm/phoenixtest/upgradeguides.html#upgrading-to-0-6-0 (https://hexdocs.pm/phoenix_test/upgrade_guides.html#upgrading-to-0-6-0?utm_source=thinkingelixir&utm_medium=shownotes) – Upgrade guide for updating to PhoenixTest v0.6.0 with its breaking change. https://hexdocs.pm/phoenix_test/changelog.html#0-6-0 (https://hexdocs.pm/phoenix_test/changelog.html#0-6-0?utm_source=thinkingelixir&utm_medium=shownotes) – Changelog for PhoenixTest v0.6.0. https://supabase.com/blog/postgres-language-server (https://supabase.com/blog/postgres-language-server?utm_source=thinkingelixir&utm_medium=shownotes) – Supabase has released a new Postgres Language Server for developers, providing IDE intellisense and autocomplete for PostgreSQL. https://marketplace.visualstudio.com/items?itemName=Supabase.postgrestools (https://marketplace.visualstudio.com/items?itemName=Supabase.postgrestools?utm_source=thinkingelixir&utm_medium=shownotes) – VSCode extension for Supabase's new Postgres developer tools. https://github.com/supabase-community/postgres-language-server (https://github.com/supabase-community/postgres-language-server?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for Supabase's Postgres Language Server. https://pgtools.dev/ (https://pgtools.dev/?utm_source=thinkingelixir&utm_medium=shownotes) – Official website for Postgres Tools with documentation and features. https://pgtools.dev/checking_migrations/ (https://pgtools.dev/checking_migrations/?utm_source=thinkingelixir&utm_medium=shownotes) – Feature in Postgres Tools that lints database migrations to check for problematic schema changes. https://github.com/fly-apps/safe-ecto-migrations (https://github.com/fly-apps/safe-ecto-migrations?utm_source=thinkingelixir&utm_medium=shownotes) – Resource for ensuring safe Ecto migrations. https://fly.io/phoenix-files/safe-ecto-migrations/ (https://fly.io/phoenix-files/safe-ecto-migrations/?utm_source=thinkingelixir&utm_medium=shownotes) – Article about safe Ecto migrations posted on Fly.io. https://elixirevents.net/ (https://elixirevents.net/?utm_source=thinkingelixir&utm_medium=shownotes) – Community resource created by Johanna Larsson for tracking, sharing, and learning about Elixir events worldwide. https://bsky.app/profile/elixirevents.net (https://bsky.app/profile/elixirevents.net?utm_source=thinkingelixir&utm_medium=shownotes) – Bluesky account for ElixirEvents.net for following Elixir community events. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) https://paraxial.io/blog/index (https://paraxial.io/blog/index?utm_source=thinkingelixir&utm_medium=shownotes) – Blog with posts about security for Elixir, Rails, and the Paraxial service https://www.cnn.com/2025/03/18/tech/google-wiz-acquisition/index.html (https://www.cnn.com/2025/03/18/tech/google-wiz-acquisition/index.html?utm_source=thinkingelixir&utm_medium=shownotes) https://podcast.thinkingelixir.com/93 (https://podcast.thinkingelixir.com/93?utm_source=thinkingelixir&utm_medium=shownotes) – Our last discussion was 3 years ago in episode 93! Titled "Preventing Service Abuse with Michael Lubas" https://www.amazon.com/Innovators-Dilemma-Revolutionary-Change-Business/dp/0062060244 (https://www.amazon.com/Innovators-Dilemma-Revolutionary-Change-Business/dp/0062060244?utm_source=thinkingelixir&utm_medium=shownotes) https://www.merriam-webster.com/dictionary/Kafkaesque - having a nightmarishly complex, bizarre, or illogical quality (https://www.merriam-webster.com/dictionary/Kafkaesque - having a nightmarishly complex, bizarre, or illogical quality?utm_source=thinkingelixir&utm_medium=shownotes) https://paraxial.io/blog/oban-pentest (https://paraxial.io/blog/oban-pentest?utm_source=thinkingelixir&utm_medium=shownotes) – Completed a Security Audit of Oban Pro - this is after ObanPro went free and OpenSource https://paraxial.io/blog/elixir-best (https://paraxial.io/blog/elixir-best?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir and Phoenix Security Checklist: 11 Best Practices https://paraxial.io/blog/rails-command-injection (https://paraxial.io/blog/rails-command-injection?utm_source=thinkingelixir&utm_medium=shownotes) – Ruby on Rails Security: Preventing Command Injection https://paraxial.io/blog/paraxial-three (https://paraxial.io/blog/paraxial-three?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io v3 blog post Guest Information - Michael Lubas, Paraxial.io Founder - michael@paraxial.io - https://x.com/paraxialio (https://x.com/paraxialio?utm_source=thinkingelixir&utm_medium=shownotes) – on Twitter/X - https://x.com/paraxialio (https://x.com/paraxialio?utm_source=thinkingelixir&utm_medium=shownotes) – on Twitter/X - https://github.com/paraxialio/ (https://github.com/paraxialio/?utm_source=thinkingelixir&utm_medium=shownotes) – on Github - https://www.youtube.com/@paraxial5874 (https://www.youtube.com/@paraxial5874?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io channel on YouTube - https://genserver.social/paraxial (https://genserver.social/paraxial?utm_source=thinkingelixir&utm_medium=shownotes) – on Fediverse - https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://kubernetes.io/blog/ FBI Warns of File Converter Scams File converters may include malicious ad ons. Be careful where you get your software from. https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam VSCode Extension Includes Ransomware https://x.com/ReversingLabs/status/1902355043065500145