Podcasts about vs code

Our last AI PhD grad student feature was Shunyu Yao, who happened to focus on Language Agents for his thesis and immediately went to work on them for OpenAI. Our pick this year is Jack Morris, who bucks the “hot” trends by -not- working on agents, benchmarks, or VS Code forks, but is rather known for his work on the information theoretic understanding of LLMs, starting from embedding models and latent space representations (always close to our heart). Jack is an unusual combination of doing underrated research but somehow still being to explain them well to a mass audience, so we felt this was a good opportunity to do a different kind of episode going through the greatest hits of a high profile AI PhD, and relate them to questions from AI Engineering. Papers and References made AI grad school: https://x.com/jxmnop/status/1933884519557353716A new type of information theory: https://x.com/jxmnop/status/1904238408899101014EmbeddingsText Embeddings Reveal (Almost) As Much As Text: https://arxiv.org/abs/2310.06816Contextual document embeddings https://arxiv.org/abs/2410.02525Harnessing the Universal Geometry of Embeddings: https://arxiv.org/abs/2505.12540Language modelsGPT-style language models memorize 3.6 bits per param: https://x.com/jxmnop/status/1929903028372459909Approximating Language Model Training Data from Weights: https://arxiv.org/abs/2506.15553https://x.com/jxmnop/status/1936044666371146076LLM Inversion"There Are No New Ideas In AI.... Only New Datasets"https://x.com/jxmnop/status/1910087098570338756https://blog.jxmo.io/p/there-are-no-new-ideas-in-ai-onlymisc reference: https://junyanz.github.io/CycleGAN/ — for others hiring AI PhDs, Jack also wanted to shout out his coauthor Zach Nussbaum, his coauthor on Nomic Embed: Training a Reproducible Long Context Text Embedder.

Intro topic: Getting an entry-level jobNews/Links:Mario Kart 64 Fully Decompiledhttps://gbatemp.net/threads/mario-kart-64-decompilation-project-reaches-100-completion.671104/Q-Learning is not yet scalablehttps://seohong.me/blog/q-learning-is-not-yet-scalable/Grover's Algorithmhttps://www.youtube.com/watch?v=RQWpF2Gb-gU&vl=enOrangePi has a RISC-V SBChttps://linuxgizmos.com/orangepi-rv2-a-cost-effective-risc-v-board-with-m-2-2280-slot-and-dual-gigabit-ethernet/Book of the ShowPatrickThe Will of the Many (James Islington)https://amzn.to/44DznszJasonThe Intelligence Traphttps://amzn.to/3TqoKCBPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick Pokemon Odysseyhttps://www.reddit.com/r/PokemonROMhacks/comments/1l9zdta/pok%C3%A9mon_odyssey_final_release/JasonNetflix Gameshttps://play.google.com/store/apps/dev?id=6891422865930303475&hl=en_USTopic: WhySpeed up developmentCatch errors faster than type checking/compilingWriting tedious boilerplate codeAsk questions and learn local informationLook good for hiring managersHowExtensions for VSCode & other IDEs for inline suggestionsChat with a selection/fileCommand-line Tools run at the root directoryLocal vs CloudExamplesCopilot (VSCode extension)Use the experimental modeCursor (Custom IDE)Jumps to suggest changes in other placesSimilar to copilot experimental modeRooCode (VSCode extension) ★ Support this podcast on Patreon ★

Dans cet épisode, c'est le retour de Katia et d'Antonio. Les Cast Codeurs explorent WebAssembly 2.0, les 30 ans de Java, l'interopérabilité Swift-Java et les dernières nouveautés Kotlin. Ils plongent dans l'évolution de l'IA avec Claude 4 et GPT-4.1, débattent de la conscience artificielle et partagent leurs retours d'expérience sur l'intégration de l'IA dans le développement. Entre virtualisation, défis d'infrastructure et enjeux de sécurité open source, une discussion riche en insights techniques et pratiques. Enregistré le 13 juin 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-327.mp3 ou en vidéo sur YouTube. News Langages Wasm 2.0 enfin officialisé ! https://webassembly.org/news/2025-03-20-wasm-2.0/ La spécification Wasm 2.0 est officiellement sortie en décembre dernier. Le consensus sur la spécification avait été atteint plus tôt, en 2022. Les implémentations majeures supportent Wasm 2.0 depuis un certain temps. Le processus W3C a pris du temps pour atteindre le statut de “Recommandation Candidate” pour des raisons non techniques. Les futures versions de Wasm adopteront un modèle “evergreen” où la “Recommandation Candidate” sera mise à jour en place. La dernière version de la spécification est considérée comme le standard actuel (Candidate Recommendation Draft). La version la plus à jour est disponible sur la page GitHub (GitHub page). Wasm 2.0 inclut les nouveautés suivantes : Instructions vectorielles pour le SIMD 128-bit. Instructions de manipulation de mémoire en bloc pour des copies et initialisations plus rapides. Résultats multiples pour les instructions, blocs et fonctions. Types références pour les références à des fonctions ou objets externes. Conversions non-piégeantes de flottant à entier. Instructions d'extension de signe pour les entiers signés. Wasm 2.0 est entièrement rétrocompatible avec Wasm 1.0. Paul Sandoz annonce que le JDK intègrera bientôt une API minimaliste pour lire et écrire du JSON https://mail.openjdk.org/pipermail/core-libs-dev/2025-May/145905.html Java a 30 ans, c'était quoi les points bluffants au début ? https://blog.jetbrains.com/idea/2025/05/do-you-really-know-java/ nom de code Oak Mais le trademark était pris Write Once Run Anywhere Garbage Collector Automatique multi threading au coeur de la palteforme meme si Java est passé par les green threads pendant un temps modèle de sécurité: sandbox applets, security manager, bytecode verifier, classloader Des progrès dans l'interopérabilité Swift / Java mentionnés à la conférence Apple WWDC 2025 https://www.youtube.com/watch?v=QSHO-GUGidA Interopérabilité Swift-Java : Utiliser Swift dans des apps Java et vice-versa. Historique : L'interopérabilité Swift existait déjà avec C et C++. Méthodes : Deux directions d'interopérabilité : Java depuis Swift et Swift depuis Java. JNI : JNI est l'API Java pour le code natif, mais elle est verbeuse. Swift-Java : Un projet pour une interaction Swift-Java plus flexible, sûre et performante. Exemples pratiques : Utiliser des bibliothèques Java depuis Swift et rendre des bibliothèques Swift disponibles pour Java. Gestion mémoire : Swift-Java utilise la nouvelle API FFM de Java pour gérer la mémoire des objets Swift. Open Source : Le projet Swift-Java est open source et invite aux contributions. KotlinConf le retour https://www.sfeir.dev/tendances/kotlinconf25-quelles-sont-les-annonces-a-retenir/ par Adelin de Sfeir “1 developeur sur 10” utilise Kotlin Kotlin 2.2 en RC $$ multi dollar interpolation pour eviter les sur interpolations non local break / continue (changement dans la conssitance de Kotlin guards sur le pattern matching D'autres features annoncées alignement des versions de l'ecosysteme sur kotlin jvm par defaut un nouvel outil de build Amper beaucoup d'annonces autour de l'IA Koog, framework agentique de maniere declarative nouvelle version du LLM de JetBrains: Mellum (focalisé sur le code) Kotlin et Compose multiplateforme (stable en iOS) Hot Reload dans compose en alpha partenariat strategque avec Spring pour bien integrer kotlin dans spring Librairies Sortie d'une version Java de ADK, le framework d'agents IA lancé par Google https://glaforge.dev/posts/2025/05/20/writing-java-ai-agents-with-adk-for-java-getting-started/ Guillaume a travaillé sur le lancement de ce framework ! (améliorations de l'API, code d'exemple, doc…) Comment déployer un serveur MCP en Java, grâce à Quarkus, et le déployer sur Google Cloud Run https://glaforge.dev/posts/2025/06/09/building-an-mcp-server-with-quarkus-and-deploying-on-google-cloud-run/ Même Guillaume se met à faire du Quarkus ! Utilisation du support MCP développé par l'équipe Quarkus. C'est facile, suffit d'annoter une méthode avec @Tool et ses arguments avec @ToolArg et c'est parti ! L'outil MCP inspector est très pratique pour inspecter manuellement le fonctionnement de ses serveurs MCP Déployer sur Cloud Run est facile grâce aux Dockerfiles fournis par Quarkus En bonus, Guillaume montre comment configuré un serveur MCP comme un outil dans le framework ADK pour Java, pour créer ses agents IA Jilt 1.8 est sorti, un annotation processor pour le pattern builder https://www.endoflineblog.com/jilt-1_8-and-1_8_1-released processing incrémental pour Gradle meilleure couverture de votre code (pour ne pas comptabiliser le code généré par l'annotation processeur) une correction d'un problème lors de l'utilisation des types génériques récursifs (genre Node Hibernate Search 8 est sorti https://in.relation.to/2025/06/06/hibernate-search-8-0-0-Final/ aggregation de metriques compatibilité avec les dernieres OpenSearch et Elasticsearch Lucene 10 en backend Preview des requetes validées à la compilation Hibernate 7 est sorti https://in.relation.to/2025/05/20/hibernate-orm-seven/ ASL 2.0 Hibernate Validator 9 Jakarta Persistence 3.2 et Jakarta Validation 3.1 saveOrUpdate (reattachement d'entité) n'est plus supporté session stateless plus capable: oeprations unitaires et pas seulement bach, acces au cache de second niveau, m,eilleure API pour les batchs (insertMultiple etc) nouvelle API criteria simple et type-safe: et peut ajouter a une requete de base Un article qui décrit la Dev UI de Quarkus https://www.sfeir.dev/back/quarkus-dev-ui-linterface-ultime-pour-booster-votre-productivite-en-developpement-java/ apres un test pour soit ou une demo, c'est un article détaillé et la doc de Quarkus n'est pas top là dessus Vert.x 5 est sorti https://vertx.io/blog/eclipse-vert-x-5-released/ on en avait parlé fin de l'année dernière ou début d'année Modèle basé uniquement sur les Futures : Vert.x 5 abandonne le modèle de callbacks pour ne conserver que les Futures, avec une nouvelle classe de base VerticleBase mieux adaptée à ce modèle asynchrone. Support des modules Java (JPMS) : Vert.x 5 prend en charge le système de modules de la plateforme Java avec des modules explicites, permettant une meilleure modularité des applications. Améliorations majeures de gRPC : Support natif de gRPC Web et gRPC Transcoding (support HTTP/JSON et gRPC), format JSON en plus de Protobuf, gestion des timeouts et deadlines, services de réflexion et de health. Support d'io_uring : Intégration native du système io_uring de Linux (précédemment en incubation) pour de meilleures performances I/O sur les systèmes compatibles. Load balancing côté client : Nouvelles capacités de répartition de charge pour les clients HTTP et gRPC avec diverses politiques de distribution. Service Resolver : Nouveau composant pour la résolution dynamique d'adresses de services, étendant les capacités de load balancing à un ensemble plus large de résolveurs. Améliorations du proxy HTTP : Nouvelles transformations prêtes à l'emploi, interception des upgrades WebSocket et interface SPI pour le cache avec support étendu des spécifications. Suppressions et remplacements : Plusieurs composants sont dépréciés (gRPC Netty, JDBC API, Service Discovery) ou supprimés (Vert.x Sync, RxJava 1), remplacés par des alternatives plus modernes comme les virtual threads et Mutiny. Spring AI 1.0 est sorti https://spring.io/blog/2025/05/20/spring-ai-1-0-GA-released ChatClient multi-modèles : API unifiée pour interagir avec 20 modèles d'IA différents avec support multi-modal et réponses JSON structurées. Écosystème RAG complet : Support de 20 bases vectorielles, pipeline ETL et enrichissement automatique des prompts via des advisors. Fonctionnalités enterprise : Mémoire conversationnelle persistante, support MCP, observabilité Micrometer et évaluateurs automatisés. Agents et workflows : Patterns prédéfinis (routing, orchestration, chaînage) et agents autonomes pour applications d'IA complexes. Infrastructure Les modèles d'IA refusent d'être éteint et font du chantage pour l'eviter, voire essaient se saboter l'extinction https://www.thealgorithmicbridge.com/p/ai-companies-have-lost-controland?utm_source=substac[…]aign=email-restack-comment&r=2qoalf&triedRedirect=true Les chercheur d'Anthropic montrent comment Opus 4 faisait du chantage aux ingenieurs qui voulaient l'eteindre pour mettre une nouvelle version en ligne Une boite de recherche a montré la même chose d'Open AI o3 non seulemenmt il ne veut pas mais il essaye activement d'empêcher l'extinction Apple annonce le support de la virtualisation / conteneurisation dans macOS lors de la WWDC https://github.com/apple/containerization C'est open source Possibilité de lancer aussi des VM légères Documentation technique : https://apple.github.io/containerization/documentation/ Grosse chute de services internet suite à un soucis sur GCP Le retour de cloud flare https://blog.cloudflare.com/cloudflare-service-outage-june-12-2025/ Leur système de stockage (une dépendance majeure) dépend exclusivement de GCP Mais ils ont des plans pour surfit de cette dépendance exclusive la première analyse de Google https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW Un quota auto mis à jour qui a mal tourné. ils ont bypassé le quota en code mais le service de quote en us-central1 était surchargé. Prochaines améliorations: pas d propagation de données corrompues, pas de déploiement global sans rolling upgrade avec monitoring qui peut couper par effet de bord (fail over) certains autres cloud providers ont aussi eu quelques soucis (charge) - unverified Data et Intelligence Artificielle Claude 4 est sorti https://www.anthropic.com/news/claude-4 Deux nouveaux modèles lancés : Claude Opus 4 (le meilleur modèle de codage au monde) et Claude Sonnet 4 (une amélioration significative de Sonnet 3.7) Claude Opus 4 atteint 72,5% sur SWE-bench et peut maintenir des performances soutenues sur des tâches longues durant plusieurs heures Claude Sonnet 4 obtient 72,7% sur SWE-bench tout en équilibrant performance et efficacité pour un usage quotidien Nouvelle fonctionnalité de “pensée étendue avec utilisation d'outils” permettant à Claude d'alterner entre raisonnement et usage d'outils Les modèles peuvent maintenant utiliser plusieurs outils en parallèle et suivre les instructions avec plus de précision Capacités mémoire améliorées : Claude peut extraire et sauvegarder des informations clés pour maintenir la continuité sur le long terme Claude Code devient disponible à tous avec intégrations natives VS Code et JetBrains pour la programmation en binôme Quatre nouvelles capacités API : outil d'exécution de code, connecteur MCP, API Files et mise en cache des prompts Les modèles hybrides offrent deux modes : réponses quasi-instantanées et pensée étendue pour un raisonnement plus approfondi en mode “agentique” L'intégration de l'IA au delà des chatbots et des boutons à étincelles https://glaforge.dev/posts/2025/05/23/beyond-the-chatbot-or-ai-sparkle-a-seamless-ai-integration/ Plaidoyer pour une IA intégrée de façon transparente et intuitive, au-delà des chatbots. Chatbots : pas toujours l'option LLM la plus intuitive ou la moins perturbatrice. Préconisation : IA directement dans les applications pour plus d'intelligence et d'utilité naturelle. Exemples d'intégration transparente : résumés des conversations Gmail et chat, web clipper Obsidian qui résume et taggue, complétion de code LLM. Meilleure UX IA : intégrée, contextuelle, sans “boutons IA” ou fenêtres de chat dédiées. Conclusion de Guillaume : intégrations IA réussies = partie naturelle du système, améliorant les workflows sans perturbation, le développeur ou l'utilisateur reste dans le “flow” Garder votre base de donnée vectorielle à jour avec Debezium https://debezium.io/blog/2025/05/19/debezium-as-part-of-your-ai-solution/ pas besoin de detailler mais expliquer idee de garder les changements a jour dans l'index Outillage guide pratique pour choisir le bon modèle d'IA à utiliser avec GitHub Copilot, en fonction de vos besoins en développement logiciel. https://github.blog/ai-and-ml/github-copilot/which-ai-model-should-i-use-with-github-copilot/ - Équilibre coût/performance : GPT-4.1, GPT-4o ou Claude 3.5 Sonnet pour des tâches générales et multilingues. - Tâches rapides : o4-mini ou Claude 3.5 Sonnet pour du prototypage ou de l'apprentissage rapide. - Besoins complexes : Claude 3.7 Sonnet, GPT-4.5 ou o3 pour refactorisation ou planification logicielle. - Entrées multimodales : Gemini 2.0 Flash ou GPT-4o pour analyser images, UI ou diagrammes. - Projets techniques/scientifiques : Gemini 2.5 Pro pour raisonnement avancé et gros volumes de données. UV, un package manager pour les pythonistes qui amène un peu de sanité et de vitesse http://blog.ippon.fr/2025/05/12/uv-un-package-manager-python-adapte-a-la-data-partie-1-theorie-et-fonctionnalites/ pour les pythonistes un ackage manager plus rapide et simple mais il est seulement semi ouvert (license) IntelliJ IDEA 2025.1 permet de rajouter un mode MCP client à l'assistant IA https://blog.jetbrains.com/idea/2025/05/intellij-idea-2025-1-model-context-protocol/ par exemple faire tourner un MCP server qui accède à la base de donnée Méthodologies Développement d'une bibliothèque OAuth 2.1 open source par Cloudflare, en grande partie générée par l'IA Claude: - Prompts intégrés aux commits : Chaque commit contient le prompt utilisé, ce qui facilite la compréhension de l'intention derrière le code. - Prompt par l'exemple : Le premier prompt montrait un exemple d'utilisation de l'API qu'on souhaite obtenir, ce qui a permis à l'IA de mieux comprendre les attentes. - Prompts structurés : Les prompts les plus efficaces suivaient un schéma clair : état actuel, justification du changement, et directive précise. - Traitez les prompts comme du code source : Les inclure dans les commits aide à la maintenance. - Acceptez les itérations : Chaque fonctionnalité a nécessité plusieurs essais. - Intervention humaine indispensable : Certaines tâches restent plus rapides à faire à la main. https://www.maxemitchell.com/writings/i-read-all-of-cloudflares-claude-generated-commits/ Sécurité Un packet npm malicieux passe par Cursor AI pour infecter les utilisateurs https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html Trois packages npm malveillants ont été découverts ciblant spécifiquement l'éditeur de code Cursor sur macOS, téléchargés plus de 3 200 fois au total.Les packages se déguisent en outils de développement promettant “l'API Cursor la moins chère” pour attirer les développeurs intéressés par des solutions AI abordables. Technique d'attaque sophistiquée : les packages volent les identifiants utilisateur, récupèrent un payload chiffré depuis des serveurs contrôlés par les pirates, puis remplacent le fichier main.js de Cursor. Persistance assurée en désactivant les mises à jour automatiques de Cursor et en redémarrant l'application avec le code malveillant intégré. Nouvelle méthode de compromission : au lieu d'injecter directement du malware, les attaquants publient des packages qui modifient des logiciels légitimes déjà installés sur le système. Persistance même après suppression : le malware reste actif même si les packages npm malveillants sont supprimés, nécessitant une réinstallation complète de Cursor. Exploitation de la confiance : en s'exécutant dans le contexte d'une application légitime (IDE), le code malveillant hérite de tous ses privilèges et accès. Package “rand-user-agent” compromis : un package légitime populaire a été infiltré pour déployer un cheval de Troie d'accès distant (RAT) dans certaines versions. Recommandations de sécurité : surveiller les packages exécutant des scripts post-installation, modifiant des fichiers hors node_modules, ou initiant des appels réseau inattendus, avec monitoring d'intégrité des fichiers. Loi, société et organisation Le drama OpenRewrite (automatisation de refactoring sur de larges bases de code) est passé en mode propriétaire https://medium.com/@jonathan.leitschuh/when-open-source-isnt-how-openrewrite-lost-its-way-642053be287d Faits Clés : Moderne, Inc. a re-licencié silencieusement du code OpenRewrite (dont rewrite-java-security) de la licence Apache 2.0 à une licence propriétaire (MPL) sans consultation des contributeurs. Ce re-licenciement rend le code inaccessible et non modifiable pour les contributeurs originaux. Moderne s'est retiré de la Commonhaus Foundation (dédiée à l'open source) juste avant ces changements. La justification de Moderne est la crainte que de grandes entreprises utilisent OpenRewrite sans contribuer, créant une concurrence. Des contributions communautaires importantes (VMware, AliBaba) sous Apache 2.0 ont été re-licenciées sans leur consentement. La légalité de ce re-licenciement est incertaine sans CLA des contributeurs. Cette action crée un précédent dangereux pour les futurs contributeurs et nuit à la confiance dans l'écosystème OpenRewrite. Corrections de Moderne (Suite aux réactions) : Les dépôts Apache originaux ont été restaurés et archivés. Des versions majeures ont été utilisées pour signaler les changements de licence. Des espaces de noms distincts (org.openrewrite vs. io.moderne) ont été créés pour différencier les modules. Suggestions de Correction de l'Auteur : Annuler les changements de licence sur toutes les recettes communautaires. S'engager dans le dialogue et communiquer publiquement les changements majeurs. Respecter le versionnement sémantique (versions majeures pour les changements de licence). L'ancien gourou du design d'Apple, Jony Ive, va occuper un rôle majeur chez OpenAI OpenAI va acquérir la startup d'Ive pour 6,5 milliards de dollars, tandis qu'Ive et le PDG Sam Altman travaillent sur une nouvelle génération d'appareils et d'autres produits d'IA https://www.wsj.com/tech/ai/former-apple-design-guru-jony-ive-to-take-expansive-role-at-openai-5787f7da Rubrique débutant Un article pour les débutants sur le lien entre source, bytecode et le debug https://blog.jetbrains.com/idea/2025/05/sources-bytecode-debugging/ le debugger voit le bytecode et le lien avec la ligne ou la methode est potentiellement perdu javac peut ajouter les ligne et offset des operations pour que le debugger les affichent les noms des arguments est aussi ajoutable dans le .class quand vous pointez vers une mauvaise version du fichier source, vous avez des lignes decalées, c'est pour ca peu de raisons de ne pas actier des approches de compilations mais cela rend le fichier un peu plus gros Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25 juin 2025 : Rust Paris 2025 - Paris (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

I had to make a few changes to a SQL Saturday event recently. The repo is public, and some of the organizers submit PRs for their changes, and others send me an email/message/text/etc. for a change. In this case, an organizer just asked for a couple of image updates to their site. I opened VS Code, created a branch, added a URL for the images, and submitted my own PR. After the build, I deployed it. And it didn't work. Read the rest of Patching the Patch

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 07/06 a 13/06.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 07/06 a 13/06.

We're on location at Microsoft Build 2025 with Amanda Silver, Corporate Vice President of Microsoft's Developer Division. Amanda leads product, design, user research, and engineering systems for some of the tools you use every day. We discuss the latest AI announcements from Microsoft at Build 2025, how AI is reshaping development tools, what's next for VS Code, TypeScript, GitHub's evolution, and even emerging editors like Windsurf that are forking the VS Code ecosystem.

In this episode, Dan and I (Steve) dove deep into what turned out to be a surprisingly complex, yet incredibly insightful topic: gradually migrating a massive legacy JavaScript project over to TypeScript. We're talking about nearly 1,000 JS files, 70,000+ lines of code, and years of developer history—all transitioning carefully to a typed, modern future.Dan walked us through how he started by setting up the project for success before converting even one file—getting CI/CD ready, setting up tsconfig.json, sorting out test dependencies, dealing with mock leaks, and even grappling with quirks between VS Code and WebStorm debugging.We talked tools (like TS-ESLint, concurrently, and ts-node), why strict typing actually uncovered real bugs (and made the code better!), and why it's crucial not to touch any .js files until your TypeScript setup is rock solid.Key Takeaways:Gradual migration is 100% possible—and often better—than ripping the bandaid off.TypeScript can and will catch bugs hiding in your JavaScript. Be prepared!Use VS Code extensions or TS-Node to support your devs' tooling preferences.Don't underestimate the setup phase—it's the foundation of long-term success.Start small: Dan's team converted just one file at first to test the whole pipeline.If you're sitting on a legacy JS project and dreaming of TypeScript, this episode is your blueprint—and your warning sign.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

We're on location at Microsoft Build 2025 with Amanda Silver, Corporate Vice President of Microsoft's Developer Division. Amanda leads product, design, user research, and engineering systems for some of the tools you use every day. We discuss the latest AI announcements from Microsoft at Build 2025, how AI is reshaping development tools, what's next for VS Code, TypeScript, GitHub's evolution, and even emerging editors like Windsurf that are forking the VS Code ecosystem.

Dans cet épisode, nous explorons l'univers des assistants de code AI. Comment ces outils transforment-ils notre façon de coder ? Quels sont leurs atouts et leurs limites ? Nos invités Philippe Charrière et Kevin Aubry nous éclairent sur ces technologies qui bouleversent les pratiques des développeurs. Enregistré le 8 avril 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-326.mp3 ou en vidéo sur YouTube. Interview Ta vie ton oeuvre Peux-tu te présenter brièvement à nos auditeurs? Quelle est ton expérience personnelle avec ces outils? Tu l'utilises chez ton employeur ou juste pour tes projets personnels? Qu'est-ce qui t'a attiré dans ce domaine en particulier? Introduction à la techno Qu'est-ce qu'un assistant de code AI exactement? Comment le définirais-tu? Quels sont les principaux assistants de code disponibles aujourd'hui sur le marché? Quand et pourquoi ces outils ont-ils commencé à émerger? Quelle est la différence entre un assistant de code AI et un simple outil de complétion de code? La techno en concepts Quels sont les fondements technologiques des assistants de code actuels? Quels sont les différences de flow entre un outil dédié genre CursorAI, GitHub Copilot, un chat LLM générique de type Claude ou un outil à la Devoxx Genie? Il y a aussi des outils de terminal, en ligne de commande ou en desktop dédié genre Goose de Block - comment ceux-ci se positionnent-ils? Quelles sont les différentes approches d'intégration dans les environnements de développement? Comment se positionnent les assistants par rapport à d'autres outils d'aide au développement? Quels sont les modèles économiques actuels (open source vs propriétaire, SaaS vs on-premise)? Qu'en est-il de la confidentialité du code analysé par ces outils? Comment on l'utilise en pratique pour un dev Comment un développeur Java typique intègre-t-il un assistant de code dans son workflow quotidien? Quels sont les assistants les plus adaptés à l'écosystème Java spécifiquement? Vous utilisez plutôt VSCode? Ça marche bien dans IntelliJ IDEA? Quelles sont les bonnes pratiques pour formuler des requêtes efficaces à un assistant? Quelles tâches répétitives ou complexes sont particulièrement bien gérées par ces assistants? Quels sont les tâches aujourd'hui où l'assistant de code excelle: squelette de code initial, ajout de fonctionnalité, écrire les tests, corriger un bug, la sécurité, grosse migration de version ou de framework? Comment évaluer la qualité du code généré? Quelles vérifications faire systématiquement? Quelle est ton expérience des hallucinations? Des trucs rigolos à raconter? Comment évoluent les pratiques de pair programming avec ces outils? C'est quoi ton budget code assistance / LLM? Sous le capot Pas sûr de pouvoir faire cette partie sous le capot si on a des interview orienté utilisateur. Comment ces assistants sont-ils entraînés spécifiquement pour comprendre le code? Quelle est la différence entre le fine-tuning pour le code et pour le langage naturel? Comment fonctionnent les techniques de retrieval augmentation pour le contexte du projet? Comment les assistants gèrent-ils les dépendances et la structure des projets complexes? Quels sont les défis techniques majeurs pour analyser du code Java avec ses spécificités? Comment les modèles réussissent-ils (ou échouent-ils) à comprendre la sémantique du code? Quelles sont les limites actuelles des modèles de langage pour la génération de code? Qu'en est-il de la consommation de ressources et de l'impact environnemental? La communauté, le futur Comment la communauté Java a-t-elle accueilli ces outils? C'est pour quel type de développeur? Junior, intermédiaire, expert? Quels avantages pour chaque? Quel impact ces assistants ont-ils sur l'apprentissage de la programmation? Comment voyez-vous l'évolution des compétences requises pour les développeurs? Quelles sont les prochaines frontières pour les assistants de code? Quelles fonctionnalités manquent encore à l'appel? Comment les assistants vont-ils évoluer dans les 2-3 prochaines années? Ces outils vont-ils transformer radicalement la profession de développeur? Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

In this episode of Remote Ruby, Chris and Andrew catch up on recent travels and food experiences, including the best Philly cheesesteaks they've ever had. The conversation shifts towards development topics, particularly testing challenges and solutions in Ruby on Rails, featuring discussions about emoji pickers, asset pipelines, and the prawn library. Chris shares updates on acquiring an old Rails app, One Month, and future plans for this project. They also explore various development hiccups and solutions, including using libraries for faster system tests and streamlining asset pipelines. The episode wraps up with insights into new tools like an official Postgres extension for VS Code and plans for future video content on their platform.LinksJudoscale- Remote Ruby listener giftOne MonthRunning Rails System Tests With Playwright Instead of Selenium by Justin SearlsAnnouncing a new IDE for PostgreSQL in VS Code from MicrosoftLou Malnati's Pizzeria Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "If your app has a backend, it's Aspire-able. And so it's tools, templates, and packages for really any type of app… So just being able to walk up to a repo, clone it, and hit F5. When was the last time we were able to do that? Like, ten years ago, maybe?"— Maddy Montaquila Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, we talk with Maddy Montaquila about .NET Aspire, what it is, how it's not just for .NET developers, and how it can help you to run a repo by simply hitting F5, regardless of what's in there. "To me, it really is just a dev tool in a bunch of different ways. It makes you just hit F5 again, no matter how many containers, or local, or deployed services you have to deal with, or projects, or languages, or if you're in VS, or VS Code, or on a Mac, or on a command line, or on a Linux machine. Like Aspire just makes all that magical without replatforming"— Maddy Montaquila Along the way, we also talk about the importance of reducing the complexity of going from, "I have an idea," to, "my app is running in the cloud." And Maddy drops a wonderful metaphor for .NET Aspire using a Logo-based metaphor. And we address the community invented elephant in the room: that .NET Aspire, somehow, locks you into using one vendor. Spoiler alert: it can deploy to any cloud vendor, and even to on-prem servers. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/net-aspire-how-maddy-montaquila-and-the-net-team-are-revolutionizing-development/ Maddy's Links: Maddy on Bluesky Other Links: CNCF OpenTelemetry Helm Codespaces Podman Devcontainers Vim GDB FreeBSD Jail .NET Aspire Community Toolkit CORS MCP Phi-4 Four stages of competence dot.net Cloud features of .NET Customer Stories: customers.microsoft.com dot.net/customers Ollama Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

This show has been flagged as Clean by the host. Intro How I know BSD Very minimal NetBSD usage I'm am leaving out Dragonfly BSD Previous episodes Several by Claudio Miranda and others - check the tags page. hpr3799 :: My home router history hpr3187 :: Ansible for Dynamic Host Configuration Protocol hpr3168 :: FreeBSD Jails and iocage hpr2181 :: Install OpenBSD from Linux using Grub History and Overview https://en.wikipedia.org/wiki/History_of_the_Berkeley_Software_Distribution The history of the Berkeley Software Distribution began in the 1970s when University of California, Berkeley received a copy of Unix. Professors and students at the university began adding software to the operating system and released it as BSD to select universities. https://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems Comparisons to Linux Not better or worse, just different. BSD is a direct descendant of the original UNIX Not distributions - Separate projects with separate code bases. Permissive vs Copyleft One Project vs Kernel + User land Most Open Source software is available on BSD ports and packages Network Devices and DISKS will have different naming conventions. BE CAREFUL Distinctives FreeBSD Probably most widely used Base OS Commercial products Tightly integrated with ZFS Jails OS for Firewall appliances - PFSense and Opensense OpenBSD Focus on Code Correctness and Security Often First to develop new security methodologies - ASLR and Kernel relinking at boot Home of OpenSSH, ... Base includes Xorg and a minimal Window Manager The Best docs - man pages NetBSD Supports the most platforms pkgsrc can be used on any UNIX like. How I use BSD Home Router Recently migrated from FreeBSD to OpenBSD Better support for the cheap 2.5G network adapters in Ali express firewalls Workstations OpenBSD Dual boot laptop - missing some nice features - Vscode and BT audio OpenBSD for Banking NAS FreeBSD Was physical by migrated to Proxmox VM with direct attached drives Jails for some apps ZFS pools for storage My recommendations Router OpenBSD - Any BSD will work Opensense - similar experience to managing DD-WRT Thinkpads - OpenBSD Other laptops / PC - FreeBSD desktop focus derivative. ghost or midnight Servers/NAS FreeBSD ZFS Jails BSD is worth trying Dual booting is supported but can be tricky if unfamiliar. r Provide feedback on this episode.

Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.  

CodeRabbit, led by founder Harjot Gill, is tackling one of software development's biggest bottlenecks: the human code review process. While AI coding tools like GitHub Copilot have sped up code generation, they've inadvertently slowed down shipping due to increased complexity in code reviews. Developers now often review AI-generated code they didn't write, leading to misunderstandings, bugs, and security risks. In an episode of The New Stack Makers, Gill discusses how Code Rabbit leverages advanced reasoning models—OpenAI's o1, o3 mini, and Anthropic's Claude series—to automate and enhance code reviews. Unlike rigid, rule-based static analysis tools, Code Rabbit builds rich context at scale by spinning up sandbox environments for pull requests and allowing AI agents to navigate codebases like human reviewers. These agents can run CLI commands, analyze syntax trees, and pull in external context from Jira or vulnerability databases. Gill envisions a hybrid future where AI handles the grunt work of code review, empowering humans to focus on architecture and intent—ultimately reducing bugs, delays, and development costs.Learn more from The New Stack about the latest insights about AI code reviews: CodeRabbit's AI Code Reviews Now Live Free in VS Code, Cursor AI Coding Agents Level Up from Helpers to Team Players Augment Code: An AI Coding Tool for 'Real' Development WorkJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Wow! What a week at Microsoft Build 2025 for GitHub Copilot, VS Code, Visual Studio, .NET, and so much more. We get into it! Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm

In this episode of the PowerShell Podcast, we welcome back Justin Grote, a Microsoft MVP and open-source powerhouse, for an in-depth and fast-paced conversation. Fresh off his PowerShell Wednesday presentation, Justin shares the thinking behind his latest innovations, including the creation of the high-performance ExcelFast module and his evangelism for dev containers and modern development workflows.   Key topics in this episode include: Getting the most from VS Code – Justin shares power-user tips, favorite settings, and the evolution of his 1,000-line configuration file. GitHub Copilot and real-world developer productivity – How Justin's approach to AI tooling shifted after experiencing measurable value in his PowerShell workflows. Dev containers and runtime containers – A detailed breakdown of the difference, practical use cases, and how they transform collaboration, onboarding, and consistency. Excel Fast – A brand-new module optimized for high-performance reading, writing, and streaming of large Excel and CSV datasets, developed with dev containers from day one. Open-source contributions to PowerShell – Including enhanced logging for Invoke-RestMethod and building a dev container for the PowerShell repo itself. PowerShell Conf EU previews – From a 90-minute VS Code optimization deep dive to a hands-on runspaces lab with GitHub Codespaces integration. This episode is packed with practical advice, philosophy on tooling, and Justin's trademark blend of performance focus and community-first thinking. Whether you're a seasoned developer or looking to up your scripting game, you'll walk away with new ideas and resources to explore.   Guest Bio – Justin Grote Justin Grote is a Microsoft MVP, PowerShell advocate, and open-source contributor with a deep focus on automation, performance, and developer productivity. Known for tools like ModuleFast and his work improving PowerShell workflows, Justin blends real-world experience with a passion for teaching and sharing. Whether he's optimizing VS Code, contributing to the PowerShell repo, or speaking at global conferences, Justin empowers the community with practical solutions and thoughtful insight.   Links: Find Justin on GitHub, BlueSky, or on Discord (@JustinGrote): https://github.com/JustinGrote Try out ExcelFast: https://github.com/JustinGrote/ExcelFast PSConfEU Announcement: https://www.linkedin.com/feed/update/urn:li:activity:7328093268225806337/ Create Dev Container Docs: https://code.visualstudio.com/docs/devcontainers/create-dev-container SecretManagement.DpapiNG: https://github.com/jborean93/SecretManagement.DpapiNG Connect with Andrew on Socials: https://andrewpla.tech/links Catch PowerShell Wednesdays weekly at 2 PM EST on discord.gg/pdq The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast  The PowerShell Podcast on YouTube: https://youtu.be/dHbWFUyUaOE

This week both Google and Microsoft held conferences where they announced all the new, great AI breakthroughs, but there were a few other notable, web dev-focused pieces in between. VS Code announced it will be open sourcing the GitHub Copilot Chat extension, refactoring relevant components into its core codebase, as the next logical step “in making VS Code an open source AI editor.”Microsoft has floated a new idea called “NLWeb” to make it easier for websites to turn themselves into AI apps using an LLM model and their own data. While this sounds interesting, it's very early days yet and is not ready for prime time.A blog post from Remix creator Ryan Florence leaked earlier this week, and in it, Ryan shares that Remix v3 will move away from using React. The usual criticisms of React are present, and so Remix v3 will be completely new with a focus on a framework that's AI friendly and leveraging all the Web APIs available today. News:VS Code is open sourcing its AI chat extensionRemix's “Declaration of Independence” blog leakedAnd Microsoft introduces yet another AI standardLightning News:Satya Nadella and podcastsIntroducing Claude 4 What Makes Us Happy this Week:Paige - Daredevil: Born Again TV seriesJack -  Baseball team Portland Pickles' Red Head Appreciation NightTJ - The Philadelphia Inquirer's summer reading listThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

In this episode of the Mainframe Connect podcast's I am a Mainframer series, Richelle from Beta Systems shares her inspiring journey from the Philippines to Austria in the mainframe industry. Starting as a COBOL programmer trainee, Richelle transitioned through roles in systems programming and open-source development, becoming a key contributor to the Zowe community as a Scrum Master for Zowe Explorer. She discusses mainframe modernization, the power of the Zowe community, and her passion for teaching modern mainframe tools like VS Code and CLI to apprentices and colleagues. A highlight of the conversation is Richelle's vision for a hybrid mainframe future and her advocacy for greater visibility of women in the industry through the upcoming Mainframe Coven podcast.

New Variant of Crypto Confidence Scam Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money. https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968 Malicious Chrome Extensions Malicious Chrome extensions mimick popular services like VPNs to trick users into installing them. Once installed, the extensions will exfiltrate browser secrets https://dti.domaintools.com/dual-function-malware-chrome-extensions/ Malicious VS Code Extensions Malicious Visual Studio Code extensions target crypto developers to trick them into installing them to exfiltrate developer secrets. https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions/#indicators-of-compromise

Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com

Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com

Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com

Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com

Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com

Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com

In this potluck episode of Syntax, Wes and CJ answer your questions about OpenAI's $3B Windsurf acquisition, the evolving role of UI in an AI-driven world, why good design still matters, React vs. Svelte, and more! Show Notes 00:00 Welcome to Syntax! Devs Night Out 02:35 OpenAI acquires Windsurf for $3B Windsurf Ep 870: Windsurf forked VS Code to compete with Cursor. Talking the future of AI + Coding 05:20 What is the future of UI now that AI is such a heavy hitter? 08:45 Handling spam submissions on websites Cloudflare Turnstile 14:18 Duplicating HTML for desktop and mobile websites? 17:03 Is it okay to use a JSON file for simple website data? 19:04 How to handle anonymous and duplicate users Better-Auth 21:55 Working with TypeScript Object.keys() and “any” vs “@ts-ignore” 25:51 Brought to you by Sentry.io 26:38 What is the difference between React and Svelte? 30:24 How should you name your readme file? 31:55 How do you find time to refactor code? 35:20 Best practices for testing responsiveness Polypane 39:19 Avoiding layout shift with progressive enhancement 46:56 Sick Picks + Shameless Plugs Sick Picks CJ: Portable Chainsaw Wes: White Lotus Shameless Plugs CJ: Nuxt Wes: Full Stack App Build | Travel Log w/ Nuxt, Vue, Better Auth, Drizzle, Tailwind, DaisyUI, MapLibre Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Scott and Wes are joined by Erich Gamma, creator of VS Code, and Kai Maetzel, Copilot Lead, to share some big news about the future of VS Code and Copilot. They discuss what it means for developers, how AI is shaping the future of coding, and why staying open to the community is key. Show Notes 00:00 Welcome to Syntax! 01:00 The inception of VS Code. 02:49 VS Code adoption. 04:31 Brought to you by Sentry.io. 04:55 Syntax Denver Meetup! 05:19 The big announcement. 06:25 The current state of Copilot and VS Code. 08:31 The challenges with LLMs running outside of the codebase. 09:31 How to make a business case for AI. 10:47 The maturing of the AI landscape. 13:01 The limitations of extensions. 14:06 Open source vs closed source. 14:49 Copilot's context is public. 19:23 Is context language-specific? 21:23 How does this affect paid Copilot features? 23:27 Secrets of Copilot's server-side. 28:36 What will be open and what will not? 29:03 Is Copilot's UI influenced by VS Code forks? 31:31 Maintaining VS Code identity in forks. 33:07 What does open-sourcing GitHub Copilot mean for Cursor and Windsurf? 38:42 Were you surprised to see VS Code forks? 40:03 Are other extensions able to tap into the AI offerings? 43:20 There's work to be done. 44:13 The timeline. 45:39 Simulation Tests (S Tests). 48:07 How to test LLMs. 49:10 The future of software development with AI. 52:47 What's your favorite model? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

TanStack, a collection of popular open-source software libraries, is back in the news cycle this week with the announcement of TanStack DB. TanStack DB extends TanStack Query with collections, live queries, and optimistic UI mutations to keep UIs reactive, consistent, and lightning fast.VS Code marks its 100th release of v1 with updates like: enabling Next Edit Suggestions (NES) be default, adding custom instructions and reusable prompts for a chat agent inside a project's .github folder, and new tools at the AI agent's disposal for better results.There's a new component library available called Basecoat UI that claims to bring the magic of shadcn/ui with no React required. No matter if a website's built using HTML, Flask, Rails, or another JS framework, Basecoat uses HTML and Tailwind, and a hint of Alpine.js when needed, to provide accessible, modern components that are also compatible with shadcn/ui themes.News:Paige - Basecoat UI - framework agnostic component libraryJack - TanStack DBTJ - VS Code 1.100Bonus News:Apparently we should all just f'ing use HTMLParcel v2.15 jumps on the Rust bandwagonGoogle is testing a new “AI Mode”Google's logo changeMax once again becomes HBO MaxWhat Makes Us Happy this Week:Paige - House of Earth and Blood (#1 in Crescent City series) Jack -  Grand Sumo May 2025 TournamentTJ - Coast of MichiganThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

Aprende Grafana y domina el monitoreo de datos en tiempo real

Mike & Tommy discuss their best use cases of TMDL, Semantic Models, and VS Code.Get in touch:Send in your questions or topics you want us to discuss by tweeting to @PowerBITips with the hashtag #empMailbag or submit on the PowerBI.tips Podcast Page.Visit PowerBI.tips: https://powerbi.tips/Watch the episodes live every Tuesday and Thursday morning at 730am CST on YouTube: https://www.youtube.com/powerbitipsSubscribe on Spotify: https://open.spotify.com/show/230fp78XmHHRXTiYICRLVvSubscribe on Apple: https://podcasts.apple.com/us/podcast/explicit-measures-podcast/id1568944083‎Check Out Community Jam: https://jam.powerbi.tipsFollow Mike: https://www.linkedin.com/in/michaelcarlo/Follow Seth: https://www.linkedin.com/in/seth-bauer/Follow Tommy: https://www.linkedin.com/in/tommypuglia/

A quick episode this week, which includes attacking VS Code with ASCII control characters, as well as a referrer leak and SCIM hunting.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/282.html[00:00:00] Introduction[00:00:57] Attacking Hypervisors - Training Update[00:06:20] Drag and Pwnd: Leverage ASCII characters to exploit VS Code[00:12:12] Full Referer URL leak through img tag[00:17:52] SCIM Hunting - Beyond SSO[00:25:17] Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach MessagesPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

Aprende Grafana y domina el monitoreo de datos en tiempo real

How do you balance architecture and code? Carl and Richard talk to Steve Smith about various architectural strategies and the swing back-and-forth against over-designing architecture and getting code written. Steve talks about how architecture changes depending on the size and number of teams, how the latest tools can help with architectural choices, and the challenge of effective refactoring when things need to change. Lots of great conversation!

How do you balance architecture and code? Carl and Richard talk to Steve Smith about various architectural strategies and the swing back-and-forth against over-designing architecture and getting code written. Steve talks about how architecture changes depending on the size and number of teams, how the latest tools can help with architectural choices, and the challenge of effective refactoring when things need to change. Lots of great conversation!

Wikipedia is attacked by Trump lackeys, Bluesky folds under pressure from the Turkish government, Linux YouTube is terrible as usual, Microsoft wants you to use the “proper” VS Code, Intel AI chips aren't selling well, yet another open source project has to deal with crawlers, TrueNAS goes Linux-only, and more.   News Trump DOJ goon... Read More

Wikipedia is attacked by Trump lackeys, Bluesky folds under pressure from the Turkish government, Linux YouTube is terrible as usual, Microsoft wants you to use the “proper” VS Code, Intel AI chips aren't selling well, yet another open source project has to deal with crawlers, TrueNAS goes Linux-only, and more.   News Trump DOJ goon... Read More

Aprende cómo crear una app con Vibe Coding y la IA de Hostinger Horizons.

In this episode of Gradient Dissent, host Lukas Biewald talks with Sualeh Asif, the CPO and co-founder of Cursor, one of the fastest-growing and most loved AI-powered coding platforms. Sualeh shares the story behind Cursor's creation, the technical and design decisions that set it apart, and how AI models are changing the way we build software. They dive deep into infrastructure challenges, the importance of speed and user experience, and how emerging trends in agents and reasoning models are reshaping the developer workflow.Sualeh also discusses scaling AI inference to support hundreds of millions of requests per day, building trust through product quality, and his vision for how programming will evolve in the next few years.⏳Timestamps:00:00 How Cursor got started and why it took off04:50 Switching from Vim to VS Code and the rise of CoPilot08:10 Why Cursor won among competitors: product philosophy and execution10:30 How user data and feedback loops drive Cursor's improvements12:20 Iterating on AI agents: what made Cursor hold back and wait13:30 Competitive coding background: advantage or challenge?16:30 Making coding fun again: latency, flow, and model choices19:10 Building Cursor's infrastructure: from GPUs to indexing billions of files26:00 How Cursor prioritizes compute allocation for indexing30:00 Running massive ML infrastructure: surprises and scaling lessons34:50 Why Cursor chose DeepSeek models early36:00 Where AI agents are heading next40:07 Debugging and evaluating complex AI agents42:00 How coding workflows will change over the next 2–3 years46:20 Dream future projects: AI for reading codebases and papers

This episode explores the dichotomy between iterative planning and target state planning in software development, discussing the benefits and drawbacks of each approach and providing decision factors to help you choose the most appropriate method for your situation.Understand the core difference between iterative planning, which emphasises agility and responding to change with short planning horizons, and target state planning, which involves laying out a more defined long-term direction.Discover that while iterative planning is often considered the "right way" for software development, target state planning can be valuable for setting a general direction, which can be updated as you learn.Learn why addressing problems atomically in an iterative fashion can be valid, but that evaluating multiple potential improvements together with a target state in mind can lead to better coordination, efficiency, and consistency.Explore the decision factors that might lead you to favour iterative planning, such as high uncertainty, learning-focused work (discovery, prototypes), and fast feedback loops.Understand the decision factors that might lead you to favour target state planning, such as clarity on the problem, working in production with high coupling, regulatory/safety risks, slow feedback loops, high cost of mistakes, broad scope of impact, and high coordination costs.Learn why choosing a planning method by default is a warning sign, and that considering the usefulness of upfront planning without being limited by dogma is important.Understand that upfront planning (target state) can enable adaptation as you learn, and that negative perceptions of it often stem from costly, incorrect plans that were difficult to change.Discover that the choice between iterative and target state planning is a spectrum rather than a pure dichotomy, and that a target state doesn't necessarily need to be a long-term plan.

In this episode, I, Stewart Alsop III, sat down with AJ Beckner to walk through how non-technical founders can build a deeper understanding of their codebase using AI tools like Cursor and Claude. We explored the reality of navigating an IDE as a beginner, demystified Git and GitHub version control, and walked through practical ways to clone a repo, open it safely in Cursor, and start asking questions about your app's structure and functionality without breaking anything. AJ shared his curiosity about finding specific text in his app and how to track that down across branches. We also looked at using AI-powered tools for tasks like dependency analysis and visualizing app architecture, with a focus on empowering non-devs to gain confidence and clarity in their product's code. You can connect with AJ through Twitter at @thisistheaj.Check out this GPT we trained on the conversation!Timestamps00:00 – Stewart introduces Cursor as a fork of Visual Studio Code and explains the concept of an IDE to AJ, who has zero prior experience. They talk about the complexity of coding and the importance of developer curiosity.05:00 – They walk through cloning a GitHub repository using the git clone command. Stewart highlights that AJ won't break anything and introduces the idea of a local playground for exploration.10:00 – Stewart explains Git vs GitHub, the purpose of version control, and how to use the terminal for navigation. They begin setting up the project in Cursor using the terminal rather than GUI options.15:00 – They realize only a README was cloned, leading to a discussion about branches—specifically the difference between main and development branches—and how to clone the right one.20:00 – Using git fetch, they get access to the development branch. Stewart explains how to disconnect from Git safely to avoid pushing changes.25:00 – AJ and Stewart begin exploring Cursor's AI features, including the chat interface. Stewart encourages AJ to start asking natural-language questions about the app structure.30:00 – Stewart demonstrates how to ask for a dependency analysis and create mermaid diagrams for visualizing how app modules are connected.35:00 – They begin identifying specific UI components, including finding and editing the home screen title. AJ uploads a screenshot to use as reference in Cursor.40:00 – They successfully trace the UI text to an index.tsx file and discuss the layout's dependency structure. AJ learns how to use search and command-F effectively.45:00 – They begin troubleshooting issues with Claude's GitHub integration, exploring Claude MCP servers and configuration files to fix broken tools.50:00 – Stewart guides AJ through using npm to install missing packages, explains what Node Package Manager is, and reflects on the interconnected nature of modern development.55:00 – Final troubleshooting steps and next steps. Stewart suggests bringing in Phil for deeper debugging. AJ reflects on how empowered he now feels navigating the codebase.Key InsightsYou don't need to be a developer to understand your app's codebase: AJ Beckner starts the session with zero familiarity with IDEs, but through Stewart's guidance, he begins navigating Cursor and GitHub confidently. The key idea is that non-technical founders can develop real intuition about their code—enough to communicate better with developers, find what they need, and build trust with the systems behind their product.Cursor makes AI-native development accessible to beginners: One of the biggest unlocks in this episode is seeing how Cursor, a VS Code fork with AI baked in, can answer questions about your codebase in plain English. By cloning the GitHub repo and indexing it, AJ is able to ask, “Where do I change this text in the app?” and get direct, actionable guidance. Stewart points out that this shifts the role of a founder from passively waiting on answers to actively exploring and editing.Version control doesn't have to be scary—with the right framing: Git and GitHub come across as overwhelming to many non-engineers, but Stewart breaks it down simply: Git is the local system that helps keep changes organized and non-destructive, and GitHub is the cloud-based sharing tool layered on top. Together, they allow safe experimentation, like cloning a development branch and disconnecting it from the main repo to create a playground environment.Branching strategies reflect how work gets done behind the scenes: The episode includes a moment of discovery: AJ cloned the main branch and only got a README. Stewart explains that the real work often lives in a “development” branch, while “main” is kept stable for production. Understanding this distinction helps AJ (and listeners) know where to look when trying to understand how features are actually being built and tested.Command line basics give you superpowers: Rather than relying solely on visual tools, Stewart introduces AJ to the terminal—explaining simple commands like cd, git clone, and git fetch—and emphasizes that the terminal has been the backbone of developer work for decades. It's empowering to learn that you can use just a few lines of text to download and explore an entire app.Modern coding is less about code and more about managing complexity: A recurring theme in the conversation is the sheer number of dependencies, frameworks, and configuration files that make up any modern app. Stewart compares this to a reflection of modern life—interconnected and layered. Understanding this complexity (rather than being defeated by it) becomes a mindset that AJ embraces as part of becoming technically fluent.AI will keep lowering the bar to entry, but learning fundamentals still matters: Stewart shares how internal OpenAI coding models went from being some of the worst performers two years ago to now ranking among the top 50 in the world. While this progress promises an easier future for non-devs, Stewart emphasizes the value of understanding what's happening under the hood. Tools like Claude and Cursor are incredibly powerful, but knowing what they're doing—and when to be skeptical—is still key.

Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

Scott and Wes break down the Model Context Protocol (MCP), a new open standard that gives AI agents secure, tool-like access to your dev environment. They cover how it works, why it's a big deal for AI coding workflows, and real-world use cases like GitHub, Sentry, and YouTube. Show Notes 00:00 Welcome to Syntax! 00:49 The lore of ICP. Wes MCP Shirt. 03:09 Brought to you by Sentry.io. 03:33 What is MCP? 05:06 The steps of AI coding. 07:11 MCP hosts. 07:28 MCP clients. 07:35 MCP servers. 08:24 Why you might want to do this. 10:39 How this works in VS Code. 14:10 Wes built an MCP server. SVGL. 14:57 Playwright. 17:24 Sentry's implementation. Building Sentry's MCP with David Cramer. 18:54 YouTube implementation. 21:19 DaVinci Resolve implementation. Smithery. 23:02 Postgres. 24:40 Transport protocols. 24:49 STDIO. 25:19 SSE. 25:32 Streaming. 26:24 Writing you own MCP server. 26:28 FastMCP. 27:00 Cloudflare. 28:01 Data validation. 28:47 Standard schema. Episode 873. 29:27 Other parts of MCP. 29:35 MCP resources. 30:37 MCP prompts. 30:48 MCP roots. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-466

News includes a new Elixir case study about Cyanview's camera shading technology used at major events like the Olympics and Super Bowl, Oban Pro 1.6 with 20x faster queue partitioning, the openid_connect package reaching version 1.0, Supabase's new Postgres Language Server for developer tooling, and ElixirEvents.net as a community resource. Plus, we interview Michael Lubas, founder of Paraxial.io, about web application security in Elixir, what's involved in a security audit, and how his Elixir-focused security company is helping teams and businesses in the community. Show Notes online - http://podcast.thinkingelixir.com/248 (http://podcast.thinkingelixir.com/248) Elixir Community News https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/ (https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/?utm_source=thinkingelixir&utm_medium=shownotes) – New Elixir case study about Cyanview, a Belgian company whose Remote Control Panel for camera shading is used at major events like the Olympics and Super Bowl. Their Elixir-powered solution enables remote camera control across challenging network conditions. https://oban.pro/docs/pro/1.6.0-rc.1/changelog.html (https://oban.pro/docs/pro/1.6.0-rc.1/changelog.html?utm_source=thinkingelixir&utm_medium=shownotes) – Oban Pro 1.6 released with subworkflows, improved queue partitioning (20x faster), and a new guide explaining different job composition approaches. https://oban.pro/docs/pro/1.6.0-rc.1/composition.html (https://oban.pro/docs/pro/1.6.0-rc.1/composition.html?utm_source=thinkingelixir&utm_medium=shownotes) – New Oban Pro guide explaining when to use chains, workflows, chunks, or batches for job composition. https://github.com/DockYard/openid_connect (https://github.com/DockYard/openid_connect?utm_source=thinkingelixir&utm_medium=shownotes) – The Elixir package 'openid_connect' reached version 1.0, providing client library support for working with various OpenID Connect providers like Google, Microsoft Azure AD, Auth0, and others. https://hexdocs.pm/openid_connect/readme.html (https://hexdocs.pm/openid_connect/readme.html?utm_source=thinkingelixir&utm_medium=shownotes) – Documentation for the newly released openid_connect 1.0 package. https://bsky.app/profile/davelucia.com/post/3llqwsbyutc2z (https://bsky.app/profile/davelucia.com/post/3llqwsbyutc2z?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement that openid_connect is maintained by tvlabs. https://bsky.app/profile/germsvel.com/post/3llee5lyerk2b (https://bsky.app/profile/germsvel.com/post/3llee5lyerk2b?utm_source=thinkingelixir&utm_medium=shownotes) – PhoenixTest v0.6.0 has been released with significant changes, including a breaking change. https://github.com/germsvel/phoenix_test (https://github.com/germsvel/phoenix_test?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for PhoenixTest. https://hexdocs.pm/phoenixtest/upgradeguides.html#upgrading-to-0-6-0 (https://hexdocs.pm/phoenix_test/upgrade_guides.html#upgrading-to-0-6-0?utm_source=thinkingelixir&utm_medium=shownotes) – Upgrade guide for updating to PhoenixTest v0.6.0 with its breaking change. https://hexdocs.pm/phoenix_test/changelog.html#0-6-0 (https://hexdocs.pm/phoenix_test/changelog.html#0-6-0?utm_source=thinkingelixir&utm_medium=shownotes) – Changelog for PhoenixTest v0.6.0. https://supabase.com/blog/postgres-language-server (https://supabase.com/blog/postgres-language-server?utm_source=thinkingelixir&utm_medium=shownotes) – Supabase has released a new Postgres Language Server for developers, providing IDE intellisense and autocomplete for PostgreSQL. https://marketplace.visualstudio.com/items?itemName=Supabase.postgrestools (https://marketplace.visualstudio.com/items?itemName=Supabase.postgrestools?utm_source=thinkingelixir&utm_medium=shownotes) – VSCode extension for Supabase's new Postgres developer tools. https://github.com/supabase-community/postgres-language-server (https://github.com/supabase-community/postgres-language-server?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for Supabase's Postgres Language Server. https://pgtools.dev/ (https://pgtools.dev/?utm_source=thinkingelixir&utm_medium=shownotes) – Official website for Postgres Tools with documentation and features. https://pgtools.dev/checking_migrations/ (https://pgtools.dev/checking_migrations/?utm_source=thinkingelixir&utm_medium=shownotes) – Feature in Postgres Tools that lints database migrations to check for problematic schema changes. https://github.com/fly-apps/safe-ecto-migrations (https://github.com/fly-apps/safe-ecto-migrations?utm_source=thinkingelixir&utm_medium=shownotes) – Resource for ensuring safe Ecto migrations. https://fly.io/phoenix-files/safe-ecto-migrations/ (https://fly.io/phoenix-files/safe-ecto-migrations/?utm_source=thinkingelixir&utm_medium=shownotes) – Article about safe Ecto migrations posted on Fly.io. https://elixirevents.net/ (https://elixirevents.net/?utm_source=thinkingelixir&utm_medium=shownotes) – Community resource created by Johanna Larsson for tracking, sharing, and learning about Elixir events worldwide. https://bsky.app/profile/elixirevents.net (https://bsky.app/profile/elixirevents.net?utm_source=thinkingelixir&utm_medium=shownotes) – Bluesky account for ElixirEvents.net for following Elixir community events. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) https://paraxial.io/blog/index (https://paraxial.io/blog/index?utm_source=thinkingelixir&utm_medium=shownotes) – Blog with posts about security for Elixir, Rails, and the Paraxial service https://www.cnn.com/2025/03/18/tech/google-wiz-acquisition/index.html (https://www.cnn.com/2025/03/18/tech/google-wiz-acquisition/index.html?utm_source=thinkingelixir&utm_medium=shownotes) https://podcast.thinkingelixir.com/93 (https://podcast.thinkingelixir.com/93?utm_source=thinkingelixir&utm_medium=shownotes) – Our last discussion was 3 years ago in episode 93! Titled "Preventing Service Abuse with Michael Lubas" https://www.amazon.com/Innovators-Dilemma-Revolutionary-Change-Business/dp/0062060244 (https://www.amazon.com/Innovators-Dilemma-Revolutionary-Change-Business/dp/0062060244?utm_source=thinkingelixir&utm_medium=shownotes) https://www.merriam-webster.com/dictionary/Kafkaesque - having a nightmarishly complex, bizarre, or illogical quality (https://www.merriam-webster.com/dictionary/Kafkaesque - having a nightmarishly complex, bizarre, or illogical quality?utm_source=thinkingelixir&utm_medium=shownotes) https://paraxial.io/blog/oban-pentest (https://paraxial.io/blog/oban-pentest?utm_source=thinkingelixir&utm_medium=shownotes) – Completed a Security Audit of Oban Pro - this is after ObanPro went free and OpenSource https://paraxial.io/blog/elixir-best (https://paraxial.io/blog/elixir-best?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir and Phoenix Security Checklist: 11 Best Practices https://paraxial.io/blog/rails-command-injection (https://paraxial.io/blog/rails-command-injection?utm_source=thinkingelixir&utm_medium=shownotes) – Ruby on Rails Security: Preventing Command Injection https://paraxial.io/blog/paraxial-three (https://paraxial.io/blog/paraxial-three?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io v3 blog post Guest Information - Michael Lubas, Paraxial.io Founder - michael@paraxial.io - https://x.com/paraxialio (https://x.com/paraxialio?utm_source=thinkingelixir&utm_medium=shownotes) – on Twitter/X - https://x.com/paraxialio (https://x.com/paraxialio?utm_source=thinkingelixir&utm_medium=shownotes) – on Twitter/X - https://github.com/paraxialio/ (https://github.com/paraxialio/?utm_source=thinkingelixir&utm_medium=shownotes) – on Github - https://www.youtube.com/@paraxial5874 (https://www.youtube.com/@paraxial5874?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io channel on YouTube - https://genserver.social/paraxial (https://genserver.social/paraxial?utm_source=thinkingelixir&utm_medium=shownotes) – on Fediverse - https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)

DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-466

DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-466

In this episode of the Azure podcast, Sujit and the team, including Cale, Russell, and Cynthia, are joined by special guest Matteo Pagani, a Cloud Solutions Architect in the Tech Strategy team at Microsoft. Matteo provides insights into the agentic world of Co-pilot, explaining how agents can enhance business processes and improve efficiency. Tune in to learn about the practical applications of these technologies and how they can be integrated into existing workflows.   Media file: https://azpodcast.blob.core.windows.net/episodes/Episode515.mp3 YouTube: https://youtu.be/qMJ88BLbTVo Resources:   Overview of Microsoft 365 Copilot extensibility: https://learn.microsoft.com/en-us/microsoft-365-copilot/extensibility/ Building declarative agents with Visual Studio Code, Copilot Studio and Agent Builder: https://learn.microsoft.com/en-us/microsoft-365-copilot/extensibility/overview-declarative-agent Building custom engine agents with Visual Studio Code and Copilot Studio: https://learn.microsoft.com/en-us/microsoft-365-copilot/extensibility/overview-custom-engine-agent My blog with some fun experiments with multi-agents scenarios: https://www.developerscantina.com/   Other updates: Announcing GA for Azure Container Apps Serverless GPUs | Microsoft Community Hub   https://www.linkedin.com/pulse/introducing-deep-reasoning-agent-flows-copilot-studio-charles-lamanna-n1zxc/   Let's try GitHub Copilot Agent mode in VS Code to build a FULL app!

Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://kubernetes.io/blog/ FBI Warns of File Converter Scams File converters may include malicious ad ons. Be careful where you get your software from. https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam VSCode Extension Includes Ransomware https://x.com/ReversingLabs/status/1902355043065500145

Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710 Compromised Visal Studio Code Extension downloaded by Millions Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details. https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26 ByBit Theft Due to Compromised Developer Workstation ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit. https://x.com/benbybit/status/1894768736084885929 https://x.com/safe/status/1894768522720350673 PoC for NAKIVO Backup Replication Vulnerability This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit. https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ OpenH264 Vulnerability https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x rsync vulnerability exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog