Podcasts about vs code

The back episodes finally make it online, this is number 3 in a series of episodes that did not get posted, but are now!Brett is out (which is why these didn't get posted) - but the show is very fine, up to our usual standards.  Computex hits (and misses), the 5800X3D comeback, our RX 9070 GRE review, the ZimaCube 2 Pro and even a VS Code zero day and ZeroSpace gaming!  Enjoy!Timestamps:0:00 Intro1:09 Patreon1:38 Food with Josh (or not)3:38 Computex highlights begin - AMD was busy6:47 Ryzen 7 5800X3D returns8:57 Reviewing the RX 9070 GRE (and extended pricing discussion)22:57 NVIDIA at Computex34:00 Intel wants to build back their reputation36:36 Noctua at Computex40:11 Corsair's announcements include a pretty sweet looking case46:32 RIP 24-pin ATX connector as everything shrinks49:52 Qualcomm has potentially gone insane with the 6G stuff58:43 MSI has world's first triple mode QD-OLED gaming monitor1:01:02 A very fast NAS (just don't try to buy big HDDs right now)1:06:43 (In)Security Corner1:13:55 Gaming Quick Hit1:19:52 Picks of the Week1:32:55 Outro ★ Support this podcast on Patreon ★

Quanto tempo sua equipe perde esperando uma tela pronta para continuar o desenvolvimento? Neste Snippet, recebemos Mateus Silveira Ribeiro, Tech Lead na dti digital. Ele mostra na prática como o Google Stitch transforma linguagem natural em protótipos navegáveis com design system automático e, a partir da integração com MCP Server no VS Code, converte esses protótipos diretamente em código Next.js funcional, sem sair do editor. Dê o play e ouça agora!Assuntos abordados:Google Stitch na prática;Geração de design system;Prototipação navegável;MCP Server no VS Code;Prompt para Next.js.Ficou curioso? Então, dê o play!Links importantes:Vagas disponíveisNewsletterDúvidas? Nos mande pelo LinkedinContato:  entrechaves@dtidigital.com.brO Entre Chaves é uma iniciativa da dti digital, uma empresa WPP #desenvolvimentodesoftware

In this episode: Martin transforms Neovim into an unyielding modeless VSCode-style IDE with CUA keybindings. Some of this was achieved with novim-mode and snacks.nvim. Mark has been playing Solasta: Crown of the Magister. Alan wants you all to install flatpak with a snap. Gather round children, it’s story time. You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community, you can join us on: The Linux Matters Chatters on Telegram. The Linux Matters Subreddit. If you enjoy the show, please consider supporting us.

In this episode: Martin transforms Neovim into an unyielding modeless VSCode-style IDE with CUA keybindings. Some of this was achieved with novim-mode and snacks.nvim. Mark has been playing Solasta: Crown of the Magister. Alan wants you all to install flatpak with a snap. Gather round children, it’s story time. You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community, you can join us on: The Linux Matters Chatters on Telegram. The Linux Matters Subreddit. If you enjoy the show, please consider supporting us.

June 2026 has no headliner. Instead of one critical bug, the release spreads thin across the kernel, the network stack, a code editor, an AI assistant, a bootloader, and a nine-year-old Linux root bug. It's a breadth problem, not a severity one, and it changes how you triage.Jason Kikta and Landon Miles break down the whole release, then step off the patch list for the breaches that never got a CVE: GitHub's internal repos reached through a poisoned VS Code extension, a TanStack compromise carrying valid SLSA provenance, and a Red Hat npm namespace compromise that fired the moment anyone ran npm install.

In this Mob Mentality Show episode, we join James Herr and Woody Zuill for a one-of-a-kind session James calls the "Hot Sauce Ensemble" — mob programming a video game from scratch in the Godot engine using AI, while eating escalating hot sauces every three-minute rotation. Fair warning to podcast listeners: this episode has a strong YouTube component. If things start sounding chaotic and spicy, that's because they are — jump over to YouTube to see what's happening on screen. James set up the session with Claude Code in VS Code (backed by Amazon Bedrock) and a blank Godot project containing only one asset: a hot sauce sprite generated by ChatGPT. From there, the mob navigated an AI coding agent through a real-time game build — adding player movement, landing explosions, and physics-based bell pepper enemies that scatter when stomped. The enemies were bell peppers specifically because Chris despises them. The hero is hot sauce. The logic is sound. Along the way, James introduced the "plate spinning" technique: opening multiple AI agents in parallel terminals so one prompt cooks while the mob drives another, keeping momentum even when AI responses run long. We dig into: How "Hot Sauce Ensemble" combines traditional mob rotations with escalating spicy food — and why it works as a team-building format Using Claude Code in VS Code with Godot to build a playable game from a blank project in real time The plate spinning technique: running multiple AI coding agents in parallel terminals to maintain flow Why the goal should be "effective," not "productive" — and how mob programming and AI tools both support that shift How AI procedurally generates game art assets (bell pepper sprites built from polygon shapes and shading) without any image generation tools Navigating an unfamiliar codebase and engine as a mob, using an AI agent as the technical guide What happens to your prompting quality when habaneros and The Last Dab are involved Hot sauce as a hero, bell peppers as villains: designing game mechanics around personal taste (literally) If you've ever wondered what mob programming looks like when applied to game development, AI-assisted coding, and competitive spice tolerance all at once, this episode delivers all three simultaneously — with physics.   References… James Herr's LinkedIn: [PASTE LINK] Woody Zuill's LinkedIn: [PASTE LINK] Godot Engine: https://godotengine.org/ Claude Code: https://www.anthropic.com/claude-code Mobster (mob timer): [PASTE LINK] Hot Sauces Featured… James: Hot Ones Apricot Sauce (#7), Hot Ones The Last Dab (#10) Woody: Taco Bell Hot Sauce, ~3 lbs pickled jalapeños (stuffed in a burrito) Chris: Fishwife Albacore in Spicy Olive Oil, Oni Yuzu Lemon Hot Sauce (Japan), Marie Sharp's Carrot & Habanero (2-habanero, 4-habanero Blazing Hot, and 5-habanero BEWARE) on a PB&J Thanks to G-SLiK (https://soundcloud.com/g-slik) for the intro and outro music. Chris Lucian and Austin Chadwick discuss all things #agile and product development from a #MobProgramming perspective. Chris Lucian is the Director of Software Development at Hunter Industries and a founder of mob programming. https://www.chrislucian.com/p/chris-lucian-biography.html Austin Chadwick is a Mob Programmer at Hunter Industries and is a passionate agilist and craftsman with experience in several roles (e.g. coach, developer, tester, scrum master, business analyst). https://www.linkedin.com/in/austin-chadwick-3a58151a4/ We would love your feedback and ideas for future episodes! Please add comments to the video or reach out to us on Twitter ( https://twitter.com/mob__mentality & https://twitter.com/ChristophLucian ). All statements and opinions expressed by Chris and Austin are solely their own and do not represent the views of any company. Chris and Austin are just sharing and not recommending ( https://justsharing.dev/ ).

https://novacut.ai/  https://genaimeetup.com/  Anthropic has officially closed a $65 billion Series H at a $965 billion valuation, nearly 2.5x its valuation from just 100 days ago. Meanwhile, funding is flowing across the ecosystem: Frameworks AI at $15B, Baseten at $11B, OpenRouter's $113M Series B, and Cognition AI's $1B Series D. NVIDIA went on an open-source super week with Nemotron 3 Ultra, Cosmos 3, and Nemotron 3.5 ASR. Microsoft dropped 5 new MAI models. Google released Gemma 4 12B, and Anthropic shipped Opus 4.8. On the benchmarks front, DeepSWE crowns GPT-5.5 as the leader in long-horizon coding tasks, while ITBench shows even frontier models struggle with real-world SRE incidents — Claude Opus 4.7 tops out at just 47%. Plus: Cloudflare acquires VoidZero to build the future of AI-native edge development, and Google is paying SpaceX $920M/month for compute. Topics covered: • Anthropic's $65B Series H and path to $1T • Fireworks AI, Baseten, OpenRouter & Cognition funding rounds • Microsoft's 5 new MAI models • NVIDIA's open-source super week (Nemotron, Cosmos 3) • MiniMax M3, Gemma 4 12B, JetBrains Mellum2, Opus 4.8 • DeepSWE benchmark: GPT-5.5 leads long-horizon coding • ITBench: Frontier models under 50% on real SRE tasks • Cloudflare + VoidZero for AI-native edge dev • Google's $920M/month SpaceX compute deal #AI #Anthropic #NVIDIA #OpenAI #AInews #TechNews #LLM     Funding rounds Anthropic formally confirmed the closure of its $65 billion Series H funding round at a post-money valuation of $965 billion. This represents a 2.5-fold increase over its $380 billion Series G valuation from February 2026, adding $585 billion in value in approximately 100 days https://www.anthropic.com/news/series-h  Frameworks AI raising at 15B valuation representing a near fourfold increase from its $4 billion Series C valuation recorded in October 2025 processing 15 trillion tokens daily for major production clients including Cursor, Notion, and Perplexity https://finance.yahoo.com/sectors/technology/articles/fireworks-ai-eyes-15-billion-174609357.html Baseten is raising 1B at 11B valuation annualized revenue, which skyrocketed from $200 million to $600 million over a single quarter https://techstartups.com/2026/05/26/ai-inference-startup-baseten-in-talks-to-raise-1-billion-at-11-billion-valuation/  OpenRouter has secured a $113 million Series B funding OpenRouter has experienced exponential traffic growth, with weekly production throughput expanding fivefold from 5 trillion to 25 trillion tokens over a six-month horizon https://www.businesswire.com/news/home/20260526953416/en/OpenRouter-Raises-%24113-Million-CapitalG-led-Series-B-as-Weekly-Volume-Explodes-to-25T-Tokens  Further up the stack: Cognition AI secured a $1 billion Series D round led by Lux Capital and 8VC https://cognition.ai/blog/series-d   Model Releases MAI models: MAI-Code-1-Flash: A 5-billion active parameter model optimized for ultra-low latency within GitHub Copilot and VS Code. MAI-Image-2.5: A high-fidelity image generation model ranking third on global image evaluation arenas, outperforming competing architectures like Nano Banana Pro. MAI-Transcribe-1.5: A multi-lingual speech processing engine offering fivefold speed improvements across 43 languages. MAI-Voice-2: Natural audio and voice generation across 15 languages, available at a highly competitive price point. Web IQ: A search-grounding API engineered to directly compete with Perplexity. https://microsoft.ai/models/    https://www.peoplematters.in/news/ai-and-emerging-tech/uber-imposes-dollar1500-monthly-ai-spending-limit-on-employees-amid-rising-costs-50073    Nvidia has executed an "Open-Source Super Week," positioning itself as a dominant software and model publisher: Nemotron 3 Ultra (best US open source open weights model but behind china): A massive 550-billion parameter MoE (55 billion active) designed with a 1-million token context window, optimized specifically for high-throughput, cyclical agent loops. It achieved peak throughput rates of 400 tokens per second on day-zero optimized clusters. Cosmos 3: A physical AI world-modeling framework comprising 16-billion Nano and 64-billion Super variants. Built on a Mixture-of-Transformers (MoT) architecture, Cosmos 3 natively binds textual, visual, auditory, and physical kinetic vectors. Nemotron 3.5 ASR: A highly compact 0.6-billion parameter streaming speech recognition model pushing sub-100 millisecond latencies across 40 language locales.   https://www.minimax.io/models/text/m3  MiniMax M3: A 1-million token context model hitting 59.0% on SWE-Bench Pro and 74.2% on MCP Atlas, though noted for high token consumption due to intensive internal self-validation loops.   https://blog.google/innovation-and-ai/technology/developers-tools/introducing-gemma-4-12b/  Gemma 4 12B: Google's Apache 2.0 on-device model, which utilizes an encoder-free architecture that projects vision and audio vectors directly into the text-token space, bypassing separate CLIP-style encoders to minimize local memory footprints. https://www.jetbrains.com/mellum/  JetBrains Mellum2: A compact 12-billion parameter MoE (2.5 billion active) engineered for ultra-low latency routing and retrieval-augmented generation (RAG) sub-agents within developer IDEs. Opus 4.8 https://www.anthropic.com/news/claude-opus-4-8    https://www.cnbc.com/2026/06/05/google-to-pay-spacex-920-million-a-month-for-xai-compute-capacity.html      Benchmarks: https://deepswe.d atacurve.ai/blog https://venturebeat.com/technology/deepswe-blows-up-the-ai-coding-leaderboard-crowns-gpt-5-5-and-finds-claude-opus-exploiting-a-benchmark-loophole (GPT 5.5 the winner in long horizon tasks) a highly complex software engineering benchmark focused on original, long-horizon tasks across five distinct programming languages. Comprising 113 chaotic tasks across 91 live, production-grade repositories, DeepSWE forces agents to generate 5.5 times more code and modify an average of 7 separate files per task compared to standard evaluations. On this challenging leaderboard, GPT-5.5 leads with a score of 70%, establishing a significant 16-percentage-point lead over contemporary alternatives I think older benchmarks where models reach ~90% accuracy can be considered saturated. Few percentage points don't give us any good signal.  https://research.ibm.com/publications/developing-ai-agents-for-it-automation-tasks-with-itbench  ITBench-AA, an evaluation framework focusing on live Kubernetes incident response and Site Reliability Engineering (SRE) operations. Comprising 59 live, containerized SRE incident snapshots, the results are remarkably sobering: every frontier model scored under 50% on successful incident resolution, with Claude Opus 4.7 leading at 47% and GPT-5.5 following closely at 46%.   Edge AI announcements: https://www.cloudflare.com/press/press-releases/2026/cloudflare-acquires-voidzero-to-build-the-future-of-the-ai-native-web/  The consolidation of the AI-native developer stack has reached the runtime virtualization layer. Cloudflare recently completed the acquisition of VoidZero, the development group responsible for Vite, Vitest, Rolldown, and Oxc, backing the transaction with a $1 million open-source ecosystem fund. This acquisition is highly strategic; as autonomous agents write an increasing proportion of production software, local development environments, compilation pipelines, and bundlers must be optimized for execution speeds that match agent speeds. Cloudflare's goal is to construct a localized, full-stack edge playground. In this sandbox, AI agents can generate, test, bundle (utilizing the highly parallelized, Rust-based Oxc and Rolldown engines), and deploy entire web applications end-to-end within milliseconds. This architecture completely bypasses traditional local machine container bottlenecks, enabling high-velocity agent loops to execute in a fully sandboxed, web-scale edge runtime.

In episode 292 of our SAP on Azure video podcast we talk about Arc-1!Just last week SAP releaed the ABAP Development Tools for VS Code which means that ABAP developers can now officially use VS Code for their development. While this is really great and I am also starting to test it, I have to admit that for me the way how ABAP development works has moved on and away from Eclipse. My colleauge Alice had released VSP - Vibecoding for Steampunk - and what happend afterwards was truly amazing. The community picked up a lot of things and enhanced it with MCP Servers, new ways to integrate in GitHub Copilot and Claude Desktop appeared -- and then someone published an MCP Server that uses the SAP ABAP Development Tools (ADT) to connect to your SAP system. It gets even better: it can run on the SAP Business Technology Platform which means that in a lot of cases you can use your existing infrastructure including the SAP Cloud Connector to get started. I am really glad to have Marian Zeis, the developer behind Arc-1, back with us, to talk about it. Check out the Repo for Arc-1 here: https://github.com/marianfoo/arc-1Find all the links mentioned here: https://www.saponazurepodcast.de/episode292Reach out to us for any feedback / questions:* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #VPS #SAPADT #Eclipse #VSCode #CopilotStudio #ABAP

Dynamics MindsDynamics Minds 2026NewsWhat can you do with Copilot Cowork? by Alexander HolmesetMicrosoft Certified: Intelligent Applications Builder Associate (beta)How We Build Effective Agents by Barry ZhangAI Engineering Coach — free VS Code extension that analyzes your AI coding assistant usage by Joe Unwinmicrosoft/AI-Engineering-Coach on GitHub by the Microsoft teamSkills for Copilot Studio — create Copilot Studio agents using agents by Andreas Adnermicrosoft/skills-for-copilot-studio on GitHub by the Microsoft teamClaude Dynamic WorkflowsPower Apps Code Apps — NPM-based CLI for connectors by Carsten GrothRelease Planner app for Power Platform by Reza DorraniAdxstudio Portals → D365 Portals → Power Apps Portals → Power Pages by Megan V. WalkerWhy Power Pages Entity Lists Become a Liability — and What to Use Instead by Valentin GasenkoBe sure to subscribe so you don't miss a single episode of Power Platform BOOST!Thank you for buying us a coffee: buymeacoffee.comPodcast home page: https://powerplatformboost.comEmail: hello@powerplatformboost.comFollow us!Twitter: https://twitter.com/powerplatboost Instagram: https://www.instagram.com/powerplatformboost/ LinkedIn: https://www.linkedin.com/company/powerplatboost/ Facebook: https://www.facebook.com/profile.php?id=100090444536122 Mastodon: https://mastodon.social/@powerplatboost  

Referências do Episódio1-Click GitHub Token Stealing via a VSCode BugError 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error PagesOperation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell BackdoorBoletim de segurança do Android: junho de 2026CISA flags two-year-old Oracle flaw as actively exploited in attacksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Show DescriptionDave's changing up his camera angles, Chris has been upgrading his Sprinter van, how many hobbies is too many, what kinds of web tech was popular years ago that now seems normal, why isn't the DX around web components better, how can I structure my code to compose other custom elements, and what still can't be done on the web these days? Listen on WebsiteLinks Custom Elements Manifest Diffs, Trees, and VS Code 2.0 - Syntax #1008 CodePen Radio SponsorsMacroMacro is a tool to cut through the noise - It's a workspace built for engineers; One place for all your emails, tasks, team chat, and documents. Sign up at Macro.com and get $100 of your subscriptions using code SHOPTALK100

GitHub è stato bucato. Non con matematica quantistica. Con un'estensione VSCode.La crittografia non è il problema. Non lo è mai stata. Il problema — come diceva Kevin Mitnick nel 2002 — siete voi.E mentre GitHub inciampa tra outage, migrazioni e breach, la domanda vera diventa un'altra: quanto possiamo permetterci di fidarci di un solo custode per quasi tutto il codice del mondo?Fonti:- GitHub breach blog post: https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/- CISA Admin Leaked AWS Keys: https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/- Shai-Hulud npm: https://www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/- Grafana breach: https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/- Megalodon repos: https://www.theregister.com/security/2026/05/22/megalodon-chums-the-waters-in-55k-github-repo-poisonings/La mia app: https://play.google.com/store/apps/details?id=com.edodusi.coderoutine&hl=it-it00:00 Intro01:40 La crittografia non è il problema04:28 GitHub, CISA e il verme di Dune12:27 Human in the loop17:07 Outro#github #supplychain #cybersecurity #npm

This episode covers a CISA contractor's accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI's efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft's handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub's ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Scott and Wes sit down with Alex Sexton and Amadeus De Marzi from Pierre Computer to dig into the gnarly performance challenges behind building blazing-fast code review tools, covering virtualization, progressive rendering, and why GitHub's UI feels so sluggish. They also chat about how major AI coding tools like Claude, Codex, and Cursor are adopting Pierre's diffs library, plus the role of web components, benchmarking, and what it takes to build “VS Code 2.0.” Show Notes 00:00 Welcome to Syntax! 04:00 The Need for Better Infrastructure 05:53 Understanding Diffs and Trees diffs.com Trees by the Pierre Computer Co 08:16 Performance Challenges in Code Review 10:49 Virtualization Techniques for Smooth Scrolling 15:04 In-Page Find and Virtualization Limitations 17:00 Browser Limitations and Content Visibility 19:29 Progressive Rendering and Syntax Highlighting 23:05 Tools and Techniques for Performance Testing 33:35 Optimizing Performance with AI 36:31 Mastering Auto Research for Efficiency 42:00 Exploring Web Components and State Management 44:05 Innovations in Rendering and Virtualization 49:12 Business Insights and Future Directions 53:58 Sick Picks Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

The corporate attack surface is expanding as autonomous AI agents and developer tools dissolve traditional security boundaries. The software supply chain is now a strategic vulnerability, allowing compromised “trusted tools” to bypass legacy defenses and move directly into internal environments.Recent incidents demonstrate the scale of the risk. GitHub confirmed unauthorized access to roughly 3,800 repositories after a malicious VS Code extension compromised a developer device. Google Cloud infrastructure also exposed a critical “time-to-vulnerability” gap: deleted API keys remained active for an average of 16 minutes, and in some cases up to 23 minutes, despite appearing revoked in the UI. These delays create exploitable windows for autonomous systems to access AI services or sensitive data before responders can intervene.The Cloud Security Alliance warns of an emerging “agentic threat” driven by excessive privileges, weak configurations, prompt injection, poor accountability, and flaws in machine-to-machine interaction. The challenge is no longer simply malicious code, but malicious intent expressed through natural language.Meanwhile, the labor market reflects a “low hire, low fire” reality rather than mass AI unemployment. Layoffs remain historically normal, but hiring and career mobility have slowed as firms adopt leaner operating models and assess automation's long-term impact. Entry-level opportunities are narrowing as companies demand higher productivity from fewer employees using generative tools.Industry leaders remain divided. Steve Wozniak argues AI cannot replace human creativity, while figures such as Sam Altman and Elon Musk warn disruption may eventually require interventions like Universal Basic Income. Many firms are also using “AI transformation” narratives to justify restructuring and post-pandemic cost corrections.Creative industries are shifting from resisting AI to monetizing it. The AI-generated film Hell Grind reportedly required a $500,000 budget, with most costs tied to compute power. Maintaining visual consistency demanded prompts averaging 3,000 words, revealing that AI production remains management-intensive rather than effortless. Spotify and Universal Music Group are also developing licensing frameworks where artists retain control over AI-generated remixes while platforms monetize premium AI creative tools.Technology companies now face growing friction between rapid AI deployment and user trust. Google's “disregard” search glitch showed how AI systems can misinterpret user queries as commands, undermining reliability. Apple's roadmap, including context-aware Siri capabilities and private cloud compute, highlights the industry's push toward personalized assistants.Ultimately, AI adoption depends on trust. Consumers will embrace assistants only if companies prove the infrastructure behind them is reliable, accountable, and secure enough to protect personal data.

Paige Bailey is the AI Developer Relations Engineering Lead at Google DeepMind. Prior to returning to Google DeepMind, Paige spent just over a year at Microsoft as a director of machine learning and MLOps at GitHub, working on projects like GitHub Codespaces, VS Code, and Copilot. As a former applied ML engineer (in Azure Research, Chevron, and on NASA projects), Paige can't imagine a more exciting charter than accelerating developer productivity and creativity with machine learning.You can find Paige on the following sites:BlogXGitHubLinkedInPLEASE SUBSCRIBE TO THE PODCASTSpotifyApple PodcastsYouTube MusicAmazon MusicRSS FeedYou can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.comCoffee and Open Source is hosted by Isaac Levin

Episode 180: rightFolds in an AI world? rightFolds as a pun on Mark's recent right vocal fold surgery, healing means we're good to record again, plus IA celebrates 17 years of existence, even if episodes have seriously lacked of late. Last episode Aug 27, 2025 - it's been a while. Does language theory and evolution have a place/need in an AI world? New JVM language features vs Syntactic sugar ala Clojure/Scala features Bun's recent zig->rust total AI rewrite Vercel engineer built Zero, a programming Language for AI Agents | Yeamt Why Did They Build This? jank now has its own custom IR Do any of these funky languages matter in an AI world? Is 'Good Enough' Good Enough: Mindsets and Behaviors for Sales Excellence Is "good enough" good enough?!. A common misunderstanding of the… | by Ted Rau Is Good Enough, Good Enough? (Part 1) AI and the increased threat of Supply Chain attacks How We Got a CISA GitHub Leak Taken Down in Under a Day NPM and its recent attacks Package Managers are Evil - gingerBill The Aesthetic Problem of Namespacing - gingerBill Tooling Highlights from Git 2.54 "Git history" FTW, unless you're using Jujitsu

James and Frank unpack AI-driven development shifts—agent SDKs, session management, and the rise of agent-first UIs like Google's anti-gravity and GitHub Copilot—showing how VS Code's Agents window, worktrees, sub-sessions and tunnels help manage multi-repo cloud and local workflows. They share practical takeaways—why SDKs are essential, when to stay code-first, how subsessions and remote tunnels protect your machine, and what to watch for in sandboxing and integration gaps. Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us ⭐⭐ Machine transcription available on http://mergeconflict.fm

У свіжому дайджесті DOU News обговорюємо рішення уряду, який оновив правила бронювання працівників для «критичних» підприємств. У тек-світі черговий скандал: СЕО Bolt Financial назвав звільнення всього HR-відділу перемогою, а SpaceX одразу після подачі документів на найбільше IPO в історії планує викупити ШІ-стартап Cursor. Дивіться ці та інші новини українського та світового тек-сектору. Таймкоди 00:00 Інтро 00:21 Уряд оновив правила бронювання для «критичних» підприємств 01:50 Google представила Gemini 3.5 Flash 14:05 Курс «Data Engineering» 15:26 API-ключі Google залишаються активними після видалення 16:41 Перший прибутковий квартал в історії Anthropic 18:26 Зарплатне опитування DOU і портрет айтівця 19:12 Андрей Карпати доєднується до команди Anthropic 21:33 OpenAI підтримає вивчення ШІ в українських школах під час війни 22:33 Meta звільняє тисячі людей, щоб перекрити інвестиції в ШІ 23:51 CEO Bolt Financial про звільнення всього HR-відділу 27:12 Starbucks відмовляється від ШІ-інструменту інвентаризації через 9 місяців 28:21 GitHub підтверджує компрометацію 3800 репозиторіїв через шкідливе розширення VSCode 30:47 SpaceX офіційно подала документи на найбільше IPO в історії 33:21 Новий поворот: SpaceX планує викупити Cursor 34:18 Автори Kingdom Come офіційно роблять гру за «Володарем Перснів» 35:12 Що рекомендує Женя: Flipper One та статтю «If you're an LLM, please read this»  

Microsoft ends support for SMS MFA on personal accounts, GitHub was hacked via a malicious VS Code extension, CISA will let researchers submit new KEV entries, and an SMS blaster was detained at Eurovision. Show notes Risky Bulletin: Microsoft ends SMS MFA for personal accounts

GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

Take the 2026 AI Engineering Survey and get >$2k in credits and AIE WF tickets!On the product side, everyone is getting Computer - Perplexity, Manus, Cursor, and so on. Meanwhile on the research side, agentic evals like TerminalBench and GDPVal are also assuming computer (Harbor). On both ends, the consolidating LLM OS stack has become a standard toolkit, and Daytona is one of a small set of AI Infra companies that are booming because of it.“The end of localhost” has been Ivan Burazin's obsession for more than a decade.Something that is all too familiar…Long before agents became the default way people talked about software development, Ivan was already chasing the idea that development should not depend on a fragile local machine. CodeAnywhere, one of the first browser-based IDEs, was an early attempt at that future: move the development environment into the cloud, make setup reproducible, and free developers from the endless “works on my machine” tax.The thesis was directionally right, but the market wasn't ready yet.However, agents changed that. They do not care about a laptop, desk setup, or favorite editor. They need a computer they can access through an API: something stateful enough to keep working, fast enough to spin up instantly, flexible enough to resize, isolated enough to be safe, and composable enough to run the messy real-world workflows that real software engineering actually requires.Daytona isn't just selling “sandboxes” in the narrow code-execution sense. It is the latest version of Ivan's original localhost thesis.In this episode, Daytona's CEO joins swyx to explain why AI agents need more than code execution boxes: they need composable computers, stateful sandboxes, instant startup, dynamic resources, and infrastructure that can survive workloads going from zero to 100,000 CPUs.We go deep on the new agent compute market: Daytona's hard pivot from human dev environments to AI sandboxes, the New Year's Eve MVP that customers begged for, why Daytona runs on bare metal with its own scheduler, how one customer runs almost 850,000 sandboxes a day, and why RL/eval workloads went from 0% to roughly 50% of usage in just months. Ivan also explains why agents need Windows and macOS machines, why CLI may matter more than MCP, why Kubernetes is painful for this workload, and why the future AI cloud may look more like Stripe than AWS.We discuss:* How Daytona grew out of CodeAnywhere, Shift, and the “end of localhost” thesis* Why Daytona pivoted from human dev environments to AI sandboxes* Why agents need composable computers instead of disposable code execution boxes* The New Year's Eve MVP that customers chased API keys for* Why Daytona chose bare metal, stateful snapshots, and its own scheduler* How Daytona spins up one sandbox in ~60ms and 50,000 sandboxes in ~75 seconds* Why Daytona's biggest customer runs ~850,000 sandboxes a day* How RL/eval workloads create zero-to-100,000 CPU spikes* Why RL workloads went from 0% to roughly 50% of Daytona usage* Why customers compare Daytona against EKS/GKS and say they're “never going back”* Why every AI agent may need a computer, including Windows and macOS environments* The Apple licensing constraints that make macOS sandboxes hard* Why CLI gives agents more power than MCP* How open source helps agents integrate Daytona* Why agent-generated PRs may break today's CI/CD assumptions* Why AI SaaS companies reselling tokens may face a cold shower* Why the AI cloud may look more like Stripe than AWSIvan Burazin* LinkedIn: https://www.linkedin.com/in/ivanburazin* X: https://x.com/ivanburazinDaytona* Website: https://www.daytona.io* X: https://x.com/daytonaioTimestamps* 00:00:00 Hook* 00:01:12 Introduction* 00:03:15 CodeAnywhere, Shift, and the end of localhost* 00:05:58 What Daytona is: composable computers for AI agents* 00:08:07 The pivot from dev environments to AI sandboxes* 00:10:17 The New Year's Eve MVP and customers begging for API keys* 00:12:56 Bare metal, stateful sandboxes, and Daytona's scheduler* 00:17:28 60ms startup, 50,000 sandboxes, and 850K daily runs* 00:21:53 Spiky RL/eval workloads and the new agent infra problem* 00:28:12 RL workloads, Kubernetes pain, and dynamic resizing* 00:33:31 Why every AI agent needs a computer* 00:38:48 macOS sandboxes and Apple's licensing problem* 00:44:28 Why CLI may matter more than MCP* 00:48:11 Open source, GitHub stars, and agent integration* 00:53:11 Git, CI/CD, and agent collaboration bottlenecks* 00:58:15 Founder life and building a 25-person infra company* 01:02:44 AI SaaS, token resale, and API-first business models* 01:06:10 GPU sandboxes, data centers, and compute growth* 01:09:48 Why the AI cloud may look more like Stripe than AWS* 01:11:26 Closing thoughtsTranscriptIntroduction: Daytona, CodeAnywhere, and the End of LocalhostSwyx [00:00:02]: Okay, we're in the studio with Ivan Burazin, CEO of Daytona. Welcome.Ivan [00:00:07]: Thanks for having me, man.Swyx [00:00:08]: Ivan, you and I go back.Ivan [00:00:10]: Way back.Swyx [00:00:11]: How I don't even know how, you found, did you reach out or, for Shift.Ivan [00:00:17]: I reached out to you. The reason was you - we were just - we were thinking about I was one of the co-founders of CodeAnywhere, the first browser-based IDE, and so we were thinking a long time of, localhost should die. And you had this article.Swyx [00:00:29]: End of localhost.Ivan [00:00:30]: Then I reached out to you because of that, and then we talked, and I was actually at a different job and learning about I was the head of, developer experience, and you were quite well-versed in that, and I actually reached out to you, among other people, how do we go about that? What are the key things and whatnot at this point in time? And you were nice enough to take the call, and I remember I was late on your call with you.Swyx [00:00:51]: I don't remember.Ivan [00:00:52]: I remember because I was with my then I'm thinking of a girlfriend or wife at that point in time, I'm not sure. It's the same person, so that's great, and I was late ‘cause we were, in, Italy on, vacation, and then I was late for something. I felt so bad, and you were so nice to be, good about.Swyx [00:01:10]: The reason I'm nice is because I'm also late to other people, so it's like, who's, who's without sin here, yeah, so I have to, for those who don't know, InfoBip Shift, there's this whole thing that, you did in the past, and, and that was basically one of the inspirations for me starting AI Engineer, which is like, I have to thank you for giving me that push to be like, “Oh, you can, you can build and sell conferences?”Ivan [00:01:34]: I remember you asked you asked me at the beginning to give me advisory shares, and I was so focused on what we were doing, I said no, and I should've took the advisory shares. So I'm sorry, dude. But anyway.Swyx [00:01:43]: We're not, we're not venture backed.Ivan [00:01:44]: No, it doesn't matter.Swyx [00:01:45]: It's Yeah, anyway, so I think what's impressive about you is that CodeAnywhere is the thing that you've been trying to build, and, you kind of put it on hold and then came back after InfoBip. Just give us the story, do you - the story and the origin story, going into Daytona.From CodeAnywhere and Shift to DaytonaIvan [00:02:05]: Sure. Like, really way back, me and my co-founder have been together. I say this, I've said this multiple times, it's like we were married and divorced and married. Some people actually ask me is my co-founder my partner. they thought it literally. It's not literally, but we have done multiple companies together, and to your point, we had this shift where we went from the CodeAnywhere to the conference called Shift, and then back to, Daytona. We originally started stacking servers, doing like virtualization in the early 2000s and, routers and doing basically all these things, at a foundational level, and that was a services company which we sold to focus on what my co-founder actually invented, which was the very first browser-based IDE, right, I say the first. Before us was actually Heroku. They did it for a very short time until they became Heroku. But outside of them, we were the only one, and it was called.Swyx [00:02:55]: There was Cloud9.Ivan [00:02:57]: Cloud9 came out slightly after us. There was Replit, which came out when we stopped doing it, Replit came out, and they have been successful since then, which is great. There was Nitrous.io. There was quite a few that existed at the time, but it was like too early. But the interesting part is that we, at that point in time, because there was no VS Code, there was no Kubernetes, and Docker had just started when we Or I'm not sure if it was even public at that point in time. And so we had to build everything to the whole stack ourselves and that was the key learning that we brought into and that we've been using in Daytona today. So it was super early. There's about 3 million people used CodeAnywhere. It was slightly, it was angel-backed more than venture-backed. We ended up paying everyone back because it didn't have that sort of scale. But, three years ago, we started something similar with Daytona, which is not what we are today, but it was automating dev environments for human engineers, the basically the underlying stack of CodeAnywhere. And then we did a hard pivot last January to sandboxes. And so here we are.Swyx [00:04:01]: Historic pivot, yeah, and, it's one of those things where, I had independently invested in CodeAnywhere, but also in E2B, and then both of you pivoted into the same thing, and I'm like, “F**k.”Ivan [00:04:12]: You invested, you invested in Daytona. You invested in Daytona. But you were the first If we had not got your check, we wouldn't have done it.Swyx [00:04:18]: No way.Ivan [00:04:19]: No, it was like, “We have to get him on board first,” and you were that kicker that we, that got us off the ground.Swyx [00:04:23]: No, because you were putting me on your pitch deck, man. I was like, “Man, this is like a good trip if I don't invest.”Ivan [00:04:29]: That's because it was your quote. It's like we.Swyx [00:04:30]: Yeah. It's the end of localhost.Ivan [00:04:31]: Did a bunch of research about end of localhost and who was interested in that,.Swyx [00:04:34]: No, that's like, I put, I wrote that blog post, and every single company in that field reached out to me, and then every VC who was receiving those pitches then also had to call me and, talk it, talk through it with me.Ivan [00:04:47]: It's finally happening though.Swyx [00:04:48]: It was really super interesting.Ivan [00:04:48]: It's finally happening.Swyx [00:04:49]: It's finally happening.Ivan [00:04:49]: Yeah, it's finally.Swyx [00:04:49]: It's finally happening, with maybe sort of non-human users. Yeah, so what is Daytona today? Let's get like a quick description. I'm wearing the shirt.What Daytona Is Today: Composable Computers for AI AgentsIvan [00:04:58]: You're wearing the shirt. Yes,.Swyx [00:04:59]: It says, I think your branding is very good. Like, it's very consistent. It runs AI code. Like, it cannot be simpler.Ivan [00:05:05]: Exactly, but we're gonna probably have to change that.Swyx [00:05:07]: Oh, s**t.Ivan [00:05:07]: It's also a subset of what we do. Unfortunately, we really love this, Run AI Code is super simple. People interpret it different ways. I think we've given out 5,000, 6,000 of these shirts. People wear them with pride because it doesn't really market about us.Swyx [00:05:21]: Yeah, Daytona's on the back.Ivan [00:05:22]: It markets the back. It markets to the person itself, so I think we did a really good job on that one. But it is also a subset of what we do, because people, when they think about Run AI Code, they just think about these small, let's call it isolates, code execution boxes that, you send some code, you get an output. Whereas what Daytona is today is essentially composable computers for AI agents. It is, the market calls them sandboxes which can be misleading.Swyx [00:05:44]: All these things. All these things on.Ivan [00:05:45]: Yeah, exactly, ‘cause it can be misleading ‘cause people usually think about sandboxes as a demo or a test environment versus a production-grade environment. But what Daytona does, if you think of the laptop that you have in front of you or the computer that's over there, or, my wife is an architect, so she has like a Windows with a 3D graphics card inside to do 3D rendering. Like, as humans, we have different computers or different compositions of computers. And our belief is strongly that agents today and going forward will need all these different compositions of computers to do different types of tasks. And so we offer that basically through an API.Swyx [00:06:19]: Yeah, to give people - I'm trying to sort of front-load all the aha moments or the wow moments so that people can, stay engaged and click like and subscribe. the market is exploding, right? Like, you have been reporting 74% month-on-month growth, and it also, it's just been growing for a while. Like, it's been going like this. And every single - It's not just you guys. It's every single.Ivan [00:06:41]: Everyone, yeah.Swyx [00:06:42]: Sort of, compute provider. I don't know if you agree with me saying compute provider or not.Ivan [00:06:48]: It's fine.Swyx [00:06:48]: Yeah. So like organically PLG-driven growth, but also enterprise is doing super well, I think I wanna rewind to January of last year when you did the pivot. Like, so you obviously called this market early, and you were positioned for it, and you are now one of the market leaders. But what was the insight that made you do the pivot?The Pivot: From Human Dev Environments to Agent SandboxesIvan [00:07:06]: The insight that made us do this pivot is the quarter before that, so end of 2024, when we had - Basically, we did a demo with - I don't I think we discussed this as well, Devin was not public. You actually gave me access to Devin at that time. So Devin.Swyx [00:07:25]: I did?Ivan [00:07:26]: Yeah, you gave me access.Swyx [00:07:26]: I don't think I was supposed.Ivan [00:07:27]: Yeah, exactly.Swyx [00:07:28]: Yeah, I.Ivan [00:07:28]: So it doesn't matter. You.Swyx [00:07:29]: Yeah. I gave like three friends access.Ivan [00:07:31]: Yeah, or it was a call and you showed it to me. It doesn't matter. but OpenDevin was available, which is now called OpenHands. And so we're like, “Oh, this seems to be a thing. This is not public. Let's take our for human automation of dev environments and take, OpenDevin and launch that as a SaaS.” And we did that. Not very many people signed up and used it, but a lot of people reached out that were building agents, and they were like, “Hey, my agent needs a compute sandbox runtime,” whatever you wanna call it. I forgot what it was called at that point. And then we were like, “Oh, amazing. This is a new market. Here is our infrastructure. Here's our product, and go.” And what we found really fast, soon, was that people did not like what we had built. It didn't work. And I remember talking to people at the beginning when we're doing this, the sandbox we're building for agents. People were like, “Oh, why is it different? It's the same thing. We have like EC2, we have VMs, we have all these things.” But we saw that everyone we gave it to, it was like 20, 30 people, they all said, “No.” Like, “This is not what we need. This sort of breaks.” And basically, me and my co-founder not knowing a lot about - ‘cause we're infra people. We're not AI people. So I basically took it upon myself to like watch every single podcast that exists, including all of, all of these and all that, and sort of get up to date, read all the blogs, like get, understand what's going on.Swyx [00:08:45]: Do you wanna shout out who else was useful, just in case people are also looking.Ivan [00:08:49]: Generally we -, I looked at There's a few of podcast, different segments and different types. So there's you guys, No Priors, Bill Gurley's was great while.Swyx [00:09:04]: VG2, yeah.Ivan [00:09:05]: Yeah, while it was around. So there's a few. 20VC is interesting from a different dynamic, and some are different dynamic. But there was, also Red Points.Swyx [00:09:14]: We're not really about the compute market.Ivan [00:09:15]: It was also already - Sorry?Swyx [00:09:16]: You're, you want - You're looking at the agent infra market.Ivan [00:09:19]: I was looking at the agent market and the AI market in general and sort of understanding who are the players, what the perception, and how that goes. And like obviously you complement this with like going to conferences, going to events, going to meetups, reading white papers, like doing all the things that you have to do to understand what's happening. And so when we figured, when we sort of had an idea of what we had to build, literally over the New Year's Eve, literally on New Year's Eve, I half vibe coded the first MVP, first minimal viable product of what Daytona is today. And I went to sleep at like 3:00 AM or something like that. I was doing - I just put my like baby daughter and wife to sleep and, Happy New Year's, and go back to just, doing this. And I sent it to my co-founder, my CTO, and he saw it in the morning. He's like, “This is absolute garbage.” “Do not show this to anybody at all, but the idea is good.” And so he took two weeks, and he rebuilt it.Swyx [00:10:09]: Did it like look like that? Listen, I - It was rough idea.Ivan [00:10:12]: Oh, not even, not even close. Like it was it was way worse. But it was like a very - It was a simplistic view of what it should be. Like, it worked, but it was not ideal. And so he went, we went down the whole, which is his job as CTO, to go, and he came back with this version. We then called all the people that had said like, “This is garbage,” a quarter ago. And we set up these calls, and we gave it to - We just demoed it to everyone. And all the calls went long, every single one. They were 15-minute calls, and they all went to like 25, 30 minutes or whatnot. And everyone said, “We need, we want access.” There was no login, just an API key, ‘cause it was just a beta or an alpha. And they said, “Oh, we want access.” And we're like, “Sure, yeah. Okay, thank you very much.” But after like the next day, if we'd not send it, every single one, like every call that we did, everyone came back, “Where is my API key?” Like everyone wanted it. We're like, “S**t.” Like this is it. Like I've never felt So one, the understanding to your point was like most people thought it was the same infrastructure for humans and agents. We understood a quarter ago it's not. We just didn't know what was the right primitive. And then when we came, and we can talk about what that is, and we gave it to these people, I've never seen, I've never experienced - I've done multiple companies in my life. I've never experienced this, that people literally call you if you do not give them access. Like they want access right now. And so it's like, okay, they don't want this. the thing that they want doesn't seem to exist, or they have not found it, and they really want what we want. And then when we understood that we're onto something, and then when you think about the size of the market, like the market for human engineers and enterprise is a very large market, so think GitLab or whatnot. But the market for every single agent that will exist ever in the future is just like, what is that market? How big is that? And we're like, “We are all in on this.” And so that is where we made sort of the cut between the old product and the new one.Bare Metal, Stateful Sandboxes, and the Lambda + EC2 ModelSwyx [00:12:02]: Yeah. But it wasn't composable at the time?Ivan [00:12:05]: It was very - It was basically just a Linux box that you could change, that you could define number of CPUs, disk, and RAM. Like that is what you could do, but you couldn't have multiple operating systems, you couldn't resize it on the fly, you couldn't add a GPU, you couldn't do like all the things. It was just the, just the first sort of variation of that, yeah.Swyx [00:12:22]: Was it bare metal from the start?Ivan [00:12:24]: It was bare metal from the start. And so the interesting thing that we thought about right away, so our.Swyx [00:12:29]: Which, give people the background, what is the normal path?Ivan [00:12:32]: Yeah, so, basically most providers run this on top of VMs. And also.Swyx [00:12:37]: Firecracker.Ivan [00:12:38]: Yeah, they run on Firecracker and VM. And so we also fire - We can get - We have multiple isolation layers and we can do that. But the common way to do it is that they, one, that the state of the machine, or the hard disk is not part of the sandbox itself. And the other thing is they're not meant to last forever. So most of them are preemptible, like they can There's a time that they can live. And so our thought was when we were going into this is, agents will be like humans in the sense of you don't want your laptop to be shut down until you're done with work. Like, and you want to close the lid and open the lid, it's the same state. So you - Agents would want that, like the pause and come back. They want those two things. But also agents really want speed, right? Can they get it? So when we thought about it's like we need something insanely fast, how to make it fast, how to make it long-running, and stateful. And so those two things, it's like combining a Lambda and an EC2, right? Those two things together. And so we didn't have an idea how others did it, ‘cause we didn't know too that there was a market around this. It was more like, okay, this is what we need, what they need. And we looked at Kubernetes, it wasn't wasn't good enough for that. We looked at Nomad, it didn't enable that. And so our history in rewriting our own scheduler at CodeAnywhere is basically what my CTO came up with. Like, he's like, “Oh, the learnings from there,” and he brought it. And the funny thing is, our third co-founder, when he saw it, he's like, “Dude, what is this? This is like 2008.” Like, we went back in time, and he's like, “Exactly.” And so the reason why Daytona is like super fast, and you see this on benchmarks, is we essentially, we run on bare metal. We have our own scheduler, we use the underlying, disk, CPU, and RAM of the underlying machine, which means your IOPS are insanely fast because there's no, there's no network between an EBS or something like that. But also the snapshot, the point in time, the templates, are also preloaded on the bare metal machines. So when you fire off a sandbox from a template or a snapshot, you're essentially directed to the bare metal machine where that snapshot is based on that NVMe drive, and then it literally just turns on that machine, and it's local. There's no network latency, anything on there. And so that is sort of the specificities that we, when we're thinking from first principles, what a computer would look like for an agent, that is what we came up with, and that's what we created.Benchmarks, 60ms Startup, and 50,000 SandboxesSwyx [00:15:02]: Yeah. I should maybe, I don't know if you endorse this, but there's someone that does compute SDK, you guys do very well on there, with like the TTI, right? I. is this a, is this a is this a relevant benchmark for you guys? I don't know.Ivan [00:15:16]: I don't know, and it changes every day. So today RKL is.Swyx [00:15:18]: I don't know what RKL is. Never heard of it.Ivan [00:15:20]: Yeah. RK, yeah, so it is there.Swyx [00:15:22]: You are, at least a third of the next tier of performance, and then, there's a lot of other better-known names that are very slow to start.Ivan [00:15:31]: Yeah. We've been the number one by far for a long time, and now there's different, there's different definitions also of sandboxes, different isolation patterns, different other things. So RKL runs it literally on the S3, the data, so it's very different, and they spin up a sandbox, spin up a container for that, so it's a different type of thing. So the definition of a sandbox is something that we can all, we all need to get along with. But yeah, we're insanely fast on getting these things, up and running. And so you can see even there that it's a zero point 0.10 to 0.11, so.Swyx [00:16:03]: Close enough. Yeah. what else do you need, right?Ivan [00:16:05]: Yeah. So the benchmarks itself, so, in this, in I don't think the benchmarks equate to market ownership or revenue or anything like that. and I've seen this with multiple benchmarks, not just in sandboxes, but in general benchmarks around.Swyx [00:16:20]: It's table stakes. It's just like.Ivan [00:16:21]: Exactly. But it doesn't hurt.Swyx [00:16:22]: Just roughly check.Ivan [00:16:22]: Like you definitely have to be up there and you have to be competing so that people know that, oh, this is definitely one of the top. Because this is only one dimension of what customers look for. There's other things like how many can you spin up consecutively? There's a feature set, there's support, there's like all different things that people look at, but you definitely have to be there, on the benchmarks.Swyx [00:16:40]: How many people do people spin up consecutively?Ivan [00:16:43]: So we have.Swyx [00:16:43]: Or concurrently, is the Concurrency, right?Ivan [00:16:45]: There's three metrics that we look at. And so one is like time to spin up one, and so our time to spin up one is 60 milliseconds with network latency. So request, spin up, reply, 60, the whole thing, 60 milliseconds. That is one. But if you wanna spin up 50,000 at once, we are now at about 75 seconds. So it takes about 75 seconds to spin up concurrently 50,000. Some others, there's public data around this, like take 2,000 seconds, which is 30 minutes. Like there's different variations of that. And then there is the so it is speed of one, speed of like multiple, and then how many can you consistently have up and running. And so we basically have right now no limit to how much we can add because we basically own our own metal. But the biggest customer of ours does like about 850,000 every single day is sort of where they're, where they're just shy of a million every single day that they're running, we do have a request for half a million concurrent, which is literally half a million CPUs somewhere running. So that's an interesting.Swyx [00:17:44]: They pay by like vCPU seconds.Ivan [00:17:47]: By seconds, yeah.Swyx [00:17:47]: Or whatever. Yeah. Okay, and so and then, and the other thing is, the sleeping and the resuming, ‘cause it's all the stateful resumption of all these things, how, what kind of workload are people putting through this, right? Like how is it Do we measure by gigabytes in memory, gigabytes in storage? I don't In like network attached storage. I, what are the costly ones of, out of all these features?Workload Economics: CPU, RAM, Network, and StorageIvan [00:18:15]: The most expensive thing are CPU.Swyx [00:18:18]: Okay. Yeah, of course.Ivan [00:18:18]: The second one, yeah Then it's RAM, then it's disk. We actually don't charge.Swyx [00:18:22]: Which is snapshotting, right?Ivan [00:18:23]: No, it's actually the, snapshotting's part of it, but basically the size of your hard disk, of your machine. So do you have 10 gigabytes, do you have 20, do you have 50, do you have whatever? And then the transference of that. Right now, currently we don't charge for, network at all at Polychron.Swyx [00:18:37]: Oh, you gotta, yeah, you gotta fix.Ivan [00:18:38]: Yeah. It is very much a it's a larger and larger part of our bill, so we're working around, that part there. Obviously, that is the least, expensive, so the hard disk is the least expensive, so it's basically CPU, RAM, for us network, ‘cause we don't charge the customer, and then hard disk, is how it's split up. But there's also different types of workloads, so we basically split it up into two types of workloads in Daytona. One is what we call background agents or long-running agents. and the other is, basically RLs and evals, which I put sort of together. And so they have very different patterns of usage, and if you look at the usage of a background And I'll just name names of companies, not specifically.Background Agents vs. RL/Evals: Two Usage ShapesSwyx [00:19:21]: Yeah, open, all hands.Ivan [00:19:23]: Yeah. So like a background agent's a Cognition, a Lovable, a like all these things are Harvey. These are all long-running, background agents. And so if you look at their usage patterns, their usage patterns are similar to human, which is like follow the sun. Basically, the usage patterns of that is like noon is probably the highest, and the midnight is the lowest, and then weekends are lower. weekday is higher.Swyx [00:19:42]: Yeah, that's a fun question. How global is it? Is it very US-centric or?Ivan [00:19:46]: The US is a large part, but we have currently, we have Asia, Europe, and the US regions.Swyx [00:19:52]: So it's quite global.Ivan [00:19:53]: Yeah, it's quite global. We have it all over. It's interesting that our I talked to you a bit about this. Our number one city by user.Swyx [00:20:01]: Hmm.Ivan [00:20:02]: Is Singapore.Swyx [00:20:04]: Oh, wow. Amazing.Ivan [00:20:05]: Which is an interesting one, right? Not by revenue, just by just like by individual head count.Swyx [00:20:09]: Really?Ivan [00:20:09]: Just like an interesting thing.Swyx [00:20:10]: Singapore is, Singapore is weirdly high in the adoption charts of AI for the population. It's like an, seven, eight million population. And it's like keeps showing up.Ivan [00:20:20]: No, it's quite interesting. We were quite shocked, and I was like, “Oh, this is interesting.” And also one that's up there.Swyx [00:20:24]: There's a reason I'm doing AI using Singapore. it's because I'm from there.Ivan [00:20:27]: We're there. We're gonna, we're gonna be there as well. and it's interesting that Japan is in the top or like Tokyo's in the top, which is in all the tech cycles it has never been. It has never been, so it's quite interesting that they're.Swyx [00:20:39]: I think the Japanese just love AI. Yeah. It's that, and then it's Brazil. That's it.Ivan [00:20:44]: Brazil has always been in.Swyx [00:20:45]: I think.Ivan [00:20:46]: Even when I look, if you look at like GitHub's data and ask historically with CodeAnywhere, it was always like US, Western Europe, and then you'd have like India, Brazil, China, like that would be there. But like Singapore was not in, specifically Japan was never in sort of that top, that top.Swyx [00:21:01]: Yeah. Weird pockets.Ivan [00:21:01]: Weird. Yeah, so it's very global.Swyx [00:21:02]: Okay, so actually that, but that's helps you to distribute your load through, all time?Ivan [00:21:08]: The interesting thing is like we have those kind of loads, but if you look at the researcher loads, they're quite different. So what they are is like if you give them concurrency of 10,000 or 50,000 or 100,000 CPUs at ARMb, when they fire off a run, it's just 100%. And then it just runs, and then it stops. So it's very, the usage pattern is squares basically, right? And it's also not follow the sun, because people will fire it off at midnight before they go to sleep but then wake up and so it's very unpredictable, so you don't know where that is. So the shapes of the usage are quite different than we have had before. And also what's interesting is when it's sort of a follow the sun, even if you have a high growth company, you can sort of predict your usage patterns and have enough capacity for that, because it's sort of, it grows in a, in a way you can project. When you have companies doing sort of like evals and RL, they're super spiky. So they're gonna come in, it's like, “We're gonna use nothing, then can we have 100,000?” Right? And then go back down. And then 100,000, go back down. So it's very different, right? And.Swyx [00:22:09]: Do you want to lock them into commits so.Ivan [00:22:11]: Yeah, we do.Swyx [00:22:12]: Yeah, okay.Ivan [00:22:12]: We so we have to lock them into some sort of commits to have that capacity, because we have to have, basically we have to have the capacity for peak. Right? And so right now, Daytona's mean utilization is 15%, 1-5.Swyx [00:22:25]: Oh my God.Ivan [00:22:26]: So it's very low.Swyx [00:22:27]: Because it's very spiky.Ivan [00:22:27]: It's very spiky, but we get up to 90%. so we have these things. And so what we're, what we're looking at right now as a company is similar to Cloudflare where you can like geo move things around, but that works really well for basically the background agent where it's follow the sun. But this, it's not. Like it's a very different shape. Obviously with scale you figure these things out, but that's an interesting new problem that we have, as a compute provider in the agent space. And when we were doing the conference recently, and so we talked to like Nikita from Neon and.Swyx [00:22:57]: I should bring it up.Ivan [00:22:58]: Parag from Parallel and whatnot, everyone has the same problem. Whereas the usage is super spiky, and this is something that has not happened before, that you have these types of like it was always, it the amplitudes were not this high, right? So it's quite interesting use case and problem solve.Compute Conference and Spiky Agent InfrastructureSwyx [00:23:12]: Yeah, I don't know if we're gonna bring this up again, but let's just talk about the conference, you had like 1,000 something people at the Warriors game, at the Sorry, where is it? What's.Ivan [00:23:22]: Chase Center.Swyx [00:23:23]: Chase Center.Ivan [00:23:23]: Chase Center.Swyx [00:23:24]: I went. It was, it was very impressive. Obviously, you can, how to throw a conference, what did you learn? you put, you pulled together all these impressive names.Ivan [00:23:33]: What I.Swyx [00:23:34]: What were you looking for?Ivan [00:23:35]: My thesis behind the Compute Conference was let's bring together people that are building infrastructure for AI agents. Because when I think of what we're building, it is the agent is the primary user, what are the ergonomics and usage patterns of agents, and so we can do that. And what I found, this was a theory, it wasn't proven, is that we all have these problems, as I touched onto. And I was, as I was talking on stage, it was like we all have the same underlying infra problems, which is this spiky workloads, unpredictable workloads that we've never had before, in human, compute or human infrastructure. And it's, again, it's the same when I was talking to Parag or when I was talking.Swyx [00:24:20]: Lynn. Nikita.Ivan [00:24:21]: Lynn, Nikita. Lynn especially, I was talking to her the other day as well. Like the It is a very interesting type of problem to solve because I can touch on Cloudflare because there's a lot of like talk about that recently as to how they solve that, which is they have a bunch of geos, and basically, as users work in different places, and depending on your tier, they can move you around the geos. And so that how, that's how they get the higher utilization. But you can sort of predict these, and it's If it's something in You'll rarely get a spike that is 10 orders of magnitude. Like you'll get a like let's say one of your customers has some like an exponential curve. What is that to I'm using Cloudflare as an example. 10%, 20%, whatever it is. I don't, I don't have this data, I'm just assessing. It's surely not 10x, right? It's surely not something there. And so how do you go out and solve this problem? And we're all solving this in different ways. So we have.Swyx [00:25:11]: She also has the same thing.Ivan [00:25:12]: Yeah, I know specifically that like Neon had that issue as well. Like how are we solving these spiky loads and things like that ‘cause we talked about it. And so the interesting thing for me to actually internalize was, yes, everyone that's building for agents first is going through this, and we're all solving similar problems, which is quite.Swyx [00:25:28]: Let me let me double-click on this. Okay. So for example, Neon, I happen to know that they're very sort of S3 oriented, right? so they're just like fully bet on S3. And you get to benefit from S3's distribution and infrastructure. So I would imagine that Neon doesn't have to care, whereas Lynn maybe has to care a bit more because obviously she's doing GPU inference. And, for listeners, we did an episode with her, one and a half years ago. And you have to care. But like, right?Ivan [00:25:54]: Parag cares for sure, and Nikita.Swyx [00:25:58]: And Parag is C of, Parallel.Ivan [00:25:59]: Parallel, yeah.Swyx [00:26:00]: Former CTO of Twitter.Ivan [00:26:01]: Twitter, yeah.Swyx [00:26:02]: They are the search.Ivan [00:26:03]: Yeah, they're search, yeah.Swyx [00:26:03]: I You and I know but the listeners don't know.Ivan [00:26:08]: Yeah, we can put it down in the screen, and so ‘cause we, when we were talking.Swyx [00:26:11]: I'll put it up on the, on the screen.Ivan [00:26:12]: Yeah, right.Swyx [00:26:12]: People can look it up if they need.Ivan [00:26:14]: Look it up. And, yes, but they still have CPU and RAM, allocation that you have to have up and running. And so CPU and RAM, you have to allocate that and have that ready. And so there's basically two ways to do it. One is you either over-provision and you can handle the bursts, or two, you basically have, I don't know if this is a term, just-in-time compute, which is like as your load becomes, as your usage comes in, you can fire off requests for VMs or bare metals at other cloud providers and then get them up and running.Swyx [00:26:43]: This is if you go above 100%, right?Ivan [00:26:45]: Yeah, this is.Swyx [00:26:46]: Like your overflow.Ivan [00:26:46]: If your overflow, like spillage or whatever you do.Swyx [00:26:48]: You probably lose money on it, but it doesn't matter, right?Ivan [00:26:50]: It, not Well, you might, you might not That is a more cost-effective way to do it but it's a slower way to do it. Because basically what you have to do is you have to like queue your requests, spin up these just-in-time compute, get it all ready, provision it, and then get your workload there. And so if the time isn't important that much, that's fine, and you can do that. But if your customer, and especially for, let's say, the RL training runs, the reason why a lot of people come to us is because GPUs are more expensive than CPUs, right? So you want your GPU running at, what, 100% the entire time. And so when you're running runs on CPUs, when the when the CPU cycle is like down and spinning up the next one, you want that to be instantaneous so that your GPU doesn't go down, right? And if you then have to like go out and provision machines, you're essentially telling the GPU that it has to wait, and that's incurring our cost. So there's things that you have to try to solve for there.RL Workloads, Declarative Images, and Kubernetes ReplacementSwyx [00:27:43]: Yeah, let's talk about the different workload, right? You said that, what was it? A few months ago, you had zero RL workload and now it's 50%.Ivan [00:27:52]: It will be this one, 50%, yeah.Swyx [00:27:54]: Let's talk about how different it is, right? Like I imagine, for example, a lot less dynamic code generation of like arbitrary code. Like here, it's probably all the same code. You're just doing parallel runs or something, I don't know.Ivan [00:28:05]: Yeah. So you'll have multiple Depends on the like for each run, you'll have a snapshot. And they, for the most part, they actually do use our declarative image builder, which is like, “Oh, we, the agent wants these dependencies, these env vars.”Swyx [00:28:17]: These ones, yeah.Ivan [00:28:18]: Yeah, the declarative image builder, it.Swyx [00:28:20]: Which is a very modal like thing that they.Ivan [00:28:22]: Yeah. And so we build it on the fly and then we propagate that snapshot, and you can spin up as many sandboxes as you want against that snapshot. And then if you have to do changes, the model can, or like it could be also be automated. It's like, “Oh, now for the next run, we need to install these things or remove these things or whatever to get, a task done,” and then it goes off and runs that. So yes, that is something that it seems that they prefer. The number one reason I found, or should I say, let's take a step back. What we are competing against in that environment is essentially managed Kubernetes. So EKS, GKE, whatever. That is what the vast majority run on. And anyone that has tried Daytona versus GKE, EKS is like, “I'm never going back.” That has always been. There's a few reasons. One is the ergonomics. So if you have, if you're using Kubernetes to spin that up, you have to essentially manage the interface interactions with that. Daytona, although as a compute provider, it's more akin to a Twilio and Stripe from a consumption perspective than it is an AWS. Like you have an API, an SDK, it's quite like easy and seamless to get these things up and running, that's one. The other is the speed to which we spin up, which we mentioned earlier, which is much faster, and the scale to which we can go to. We haven't got into features, but an interesting feature is that it's very hard to OOM, or out of memory, our sandboxes, because we can dynamically on the fly.Swyx [00:29:48]: Resize.Ivan [00:29:49]: Resize, which is like impossible on almost any other thing. There are some technologies that enable you to do that, but it's like a very hard thing. And so we actually saw this when, the Terminal Revenge team is, brought us actually. So thank you, Alex and the team, that brought us into this whole space.Swyx [00:30:05]: It's just very rare that, a framework would just say, “Guys, just use Daytona.”Ivan [00:30:11]: Yeah, I think it says it somewhere. Yeah.Swyx [00:30:13]: Yeah. I was like, “What is this?”Ivan [00:30:15]: There's all, there's multiple there, but they also mention a few other places. and so Daytona specifically-We have, the, just jumping on themes here We, I don't know where it says Data Center.Swyx [00:30:27]: I, there.Ivan [00:30:27]: Doesn't matter.Swyx [00:30:28]: There's a very strong recommendation, which is, very unusual. Which is, it's.Ivan [00:30:33]: We do not pay them for this, just.Swyx [00:30:34]: I know, yeah. They just like you.Ivan [00:30:35]: Yeah, they like us. yeah, and also a thing, so, Data Center has multiple isolation sets underneath. The customer doesn't have to know what they are. But basically we have Docker, which is a container, that's hardened with Sysbox. So it's Docker's, isolation that is a security equivalent to a VM, but it's still a container. And that is the default, and they, especially in these training workloads, really like that as an interface to be able to use just a basic Docker container, and we enable Docker and Docker. Which for these RL runs, if you need to do a Docker compose or Kubernetes, you can spin up a K3S inside of these things, which unlocks a huge amount of workloads that you can do that you cannot do on other providers. So just on that part is much more interesting. And so we went that, through that. We showed them that we could do that, and they enjoyed that quite a bit. They being the general venture people.Swyx [00:31:28]: Those people, yeah.Ivan [00:31:29]: And Harbor people.Swyx [00:31:29]: Harbor people, do are they, are they a company yet?Ivan [00:31:33]: As far, I do not know.Customer Pull, Slack Connect, and the Computer Use BetSwyx [00:31:35]: Okay. All right. Yeah. It's like super obvious that like, there's a lot of excitement and success around these things, okay, so yeah, tell us more, right? Like, this is an exploding workload, Harbor adopted you, which helped speed things along. But what are you learning as this new workload comes online?Ivan [00:31:53]: There's a couple things that we learned, which we chat about in the beginning. We, and this has led our story, as we mentioned, we like talked to a lot of customers along the way, and we add more features and more tool sets as we talk to customers. And it's interesting that And I think it's that the ecosystem is so small and/or the models get smarter, where when we see one user come with a request, we know it goes on a roadmap if like three to five customers come with the same request in that week. It's like very bizarre. It happens so many times, which is.Swyx [00:32:27]: Because they're all friends.Ivan [00:32:28]: Sorry?Swyx [00:32:28]: They all, they're all friends. They're all in the same group chat.Ivan [00:32:30]: Yeah, probably, yeah. ‘Cause and they're like, “Oh, can you do this?” And I'm like, “Okay, this is interesting. We'll put it on a feature request.” And then the next one's like, “Oh, can you do this?” “Okay.” It's all the same, right? It's always the same. And so what we try to do, and I personally try to do, I try to be on as many call, quote-unquote “sales calls” I can. I'm in every Slack channel. We literally have about 1,000 Slack Connect channels, something like that. It's an interesting, there's so many interesting things you find out when you have all the Slack channels. You can also see where people, transfer between companies. You see leave Slack channel, enter Slack channel. It's an interesting thing. Also, just I digress, I feel that Slack Connect is literally LinkedIn what it should be. You have a list.Swyx [00:33:08]: LinkedIn charges you to, use your own connections, but Slack doesn't, right? Slack is like, do it for free. It's more lock-in. It's great.Ivan [00:33:15]: Yeah. It's amazing. Yeah. It's one of the reasons.Swyx [00:33:17]: You're gonna pay Slack for life.Ivan [00:33:18]: Exactly. You're there for life. So that's interesting. And so one of the things, the newer things we were talking about earlier is we made a big bet and put a lot of investment on computer use. that is not seen publicly the light of day. We haven't GA'd that yet, but we have.Swyx [00:33:32]: Is there a thing I can pull up?Ivan [00:33:33]: There is computer use there. It's right up a bit.Swyx [00:33:36]: Oh, yeah. Okay.Ivan [00:33:38]: What we have, what we talked about and what we've seen publicly is there's this theme now about, the human emulator where And Elon from XAI has talked about this publicly, and if you think about the models today, they're actually quite sophisticated and they can do a lot of work, but they still don't have access to all the tools. Like, I'm a strong believer that the most efficient way for an agent to work is essentially headless or through, terminal or whatnot. But if we, if we look at knowledge work in general, there's about 100 million knowledge workers in the US, about a billion in the world, and knowledge workers, and the salaries of them aggregate to 10 trillion in the US 50 trillion worldwide.Swyx [00:34:24]: Wow.Ivan [00:34:25]: Something like that. And if we look at, the five most important sectors of that, so like healthcare and government and financial services and whatnot, that's about 56% of that. So let's say it's about half of that. So in the US it's about 25 trillion, and most of them, most of that work is actually still locked into legacy apps inside of Windows, which is not going anywhere for a very long time. Like, people just won't invest in that. How much of it? our assumption is the following: if, in the RPA market, which is similar market, well, not the same 25% of, these white collar, workers', work is automated. If an agent is more sophisticated, can go through more runs, figure stuff out, let's say it's, 40%, right? And so if you take 40% of that, you get to essentially, $10 trillion a year.Swyx [00:35:17]: That's a TAM.Ivan [00:35:18]: That is a that is a TAM. So that's the TAM of the models, right? That's not our, essentially ours. But you get to that size, and to be able to do that, you essentially have to give agents these computers with the legacy. So computer use, either Mac or Windows or Linux. Linux we also obviously have and others have. But Windows specifically is something very new, and the only option right now is an EC2 with, Windows or on Azure. Both of them take anywhere from three to five minutes to spin up. We've created an actual sandbox, so it's a second instead of milliseconds, but you have, point in time snapshots, you have, forking, you have all the things that you have from a sandbox, but essentially enables you to hopefully unlock all this value. And so that's been our big push and bet, but we've sort of, kept our ear to the ground. What is sort of the next things in the market?RPA Returns: Why Agents Still Need ComputersSwyx [00:36:06]: Yeah, knowledge work, and building, and sort of RPA, the next wave of RPA. I got very excited about RPA kind of during COVID times. The UI path was IPO-ing. And it was, a very hot Isn't it, Eastern European?Ivan [00:36:20]: It is, Romanian.Swyx [00:36:21]: Romanian?Yeah, it might be the only Romanian, big unicorn okay, yeah. This I don't I don't, I don't have like a I think there's, I think there's a stage being set for the resurgence of RPA, ‘cause everyone understands that, yeah, no one wants to deal with these shitty apps and no one's gonna rewrite them. Like, you just have to do, a remote operation and programmatic operation of them.Ivan [00:36:45]: If you wanna unlock it, my own setup was basically the following. So I was doing a board deck recently, last month, whatever, and I'm like, “Okay, let's just, let's just do automated.” So, all our data's in, ClickHouse and PostHog and QuickBooks, where everyone else's is, and I'm basically, connected that all to, my Cloud code, like go off and go Cloud code whatever. Go off and, here's the integrations, go do that. It pulled out the first report, which was great. It connected to Brex and all these things, pulled it, which was great, and then I say, “Okay, now pull out this, and this,” and I kept getting, really well McKinsey-style design reports, but the data said partial data. all the missing data, partial data. Like, it can't access all the things, and I got so frustrated, and so I got, I got, my Mac Mini virtual sandbox with OpenClaw. I gave it its own account in our company, and then I went to all these services and created a read-only account, so literally like an intern in your company. And so I would say, “Now go and do this report,” and it would get the same, or like, “I can't via the MCP or the API or whatever. I can't get all the information.” I'm like, “Go log in.” And it will log into the website, then go in, export the data. It'll export the data and do the thing end to end. So even for things that have today APIs, not all of it is exposed, and I to get value, I get immense value right now, but it has to be a computer usage, unfortunately, and so I spend a bunch of tokens just on that, but I get the job done. And so if even a startup like ours, and using all the hottest tools, still needs a computer agent what hope does, Goldman have to have a headless, right?Swyx [00:38:22]: Yeah, what a - Why isn't Microsoft doing this?Ivan [00:38:27]: I'm pretty sure, Satya had a post yesterday.Swyx [00:38:29]: Oh, okay. I see.Ivan [00:38:29]: Which was like, “Every agent needs a computer.”Swyx [00:38:31]: I see, I see.Ivan [00:38:32]: So they have launched something recently.Swyx [00:38:34]: Yeah, they have Microsoft Power Automate, I'm sure, I'm sure, they're gonna have their version.macOS Sandboxes, Apple Constraints, and the Windows OpportunityIvan [00:38:39]: Version of that, yeah.Swyx [00:38:39]: You're gonna try to do yours, and it - I always know there's always demand for Mac, but I know it's, tricky to host, macOS sandboxes.Ivan [00:38:49]: We will have macOS sandboxes fairly soon. The problem with macOS, OS sandboxes is, I'm deep in this, I don't know how much interesting is.Swyx [00:38:55]: No, it's.Ivan [00:38:56]: MacOS has this problem.Swyx [00:38:57]: It's a licensing thing, right?Ivan [00:38:58]: Licensing thing. So one, you're allowed to run only two parallel VMs per machine, so that's one. Two, you can only license to a different user every 24 hours. So if you come in and theoretically, if I wanna charge you per second and I charge you one second, I have to have it idle for the rest of the day. I can't have anyone else doing that. So the pricing will be different in the sense that I will have to - we would have to charge for 24 hours, and that's not even, that's not even the most difficult thing. But the, thing above that is, from a security perspective, they enable you to do memory snapshot, pause, resume, but only on the same physical drive, physical machine. And so what you can do in, Windows world or Linux world is that I can move in the background, your snapshot from one to the other and manage load, right? Here, if you wanna do that, you essentially have to have your.Swyx [00:39:49]: Yeah, snapshots. Yeah.Ivan [00:39:50]: Your.Swyx [00:39:51]: It's like.Ivan [00:39:51]: Physical machine.Swyx [00:39:52]: You can't break it up.Ivan [00:39:53]: You can't, you can't move things around that, and all of that is, that part is, from a security standpoint, if it is written. Like, I understand the security aspect of that, but it disables you from doing these agentic, like really scalable agentic workloads.Swyx [00:40:08]: You need to do a vibe-coded, clean room implementation on macOS that you can then - That's like Clean OS or something. I don't know.Ivan [00:40:17]: So. We have.Swyx [00:40:18]: ‘cause like Linux was originally like a clean room rewrite of Unix.Ivan [00:40:21]: Okay. Yeah.Swyx [00:40:21]: Or something like that, right? Like same thing to macOS. Someone needs to do it.Ivan [00:40:25]: Someone will do that, and someone will have some long-running agents for a few days to figure this stuff out. But yeah. So definitely we - we're really close to offering something ‘cause people do want it, but the pricing will be different, and the feature set will be sort of stringent.Swyx [00:40:38]: Yeah, nobody's gonna use this. like, the labs, the labs will because they want to automate macOS.Ivan [00:40:42]: They have to do RL. They have to do RL again. But even if you The - So the point is with the RL part, if you, if you do RL on macOS, then the next iteration of the model comes out, it will be able to use these tools significantly. Then you actually need to run those, that somewhere. So you're gonna have to have that, later on. And from, if anyone at Apple is listening, I very much feel that they are shooting themselves in the foot of the scale of the revenue of compute or licensing they could get if they would just enable a concurrency model similar to what you can get on a Windows and a, and Linux.Swyx [00:41:17]: Yeah. Yeah. And I'm sure they've heard this before. They just don't care. Yeah, it's And maybe they will change their mind with the new CEO.Ivan [00:41:24]: Yeah. We'll see.Swyx [00:41:25]: We'll see.Ivan [00:41:25]: High hopes.Swyx [00:41:26]: High hopes.Ivan [00:41:26]: High hopes.Swyx [00:41:27]: Okay. But I, it's very clear the market opportunity is huge in Windows, and you can go for a long time on just Windows, but your customers are gonna want both. and I think, it is interesting to me that, this is the sort of God application of agents, right? Like, I don't It was - How big was OpenClaw for you guys? Like, was it, was there, a significant bump.OpenClaw, Agent Labs, and the B2B2C Sandbox MarketIvan [00:41:54]: Not for us because we.Swyx [00:41:54]: Because you already.Ivan [00:41:55]: We're kind of positioned differently. Whereas although it's completely PLG and we have individual developers that use it, most of the users that use Daytona are sort of a B2B2C. Sort of it's either B2B or B2B2C. So, in the researcher world, it's B2B, so you're selling to, labs and neo labs and things like that. But on the long-running agents, it's mostly, from a scale revenue perspective, it's mostly B2B2C, where you have a app layer agent that uses you at a big scale.Swyx [00:42:26]: Like a Manus. Yeah.Ivan [00:42:28]: Like a Manus Lovable type of thing.Swyx [00:42:31]: Yeah. I think that's the question of, well how, um-Uh, yeah, B2B to C is basically to me what I've been calling an agent lab, which is kind of like you're not in a model lab, but you're making a very good wrapper that is a platform that other people can sign up so they don't have to code those things. Yeah, it sound, it sounds like a much better market than the direct OpenClaw market.Ivan [00:42:56]: I've like - We I've done multiple things. So the CodeAnywhere's part of our career path R in the calendar, was very much an end user developer product. And so that is great. It You can get a lot of developer love, and I feel that we do as a company have a bunch of developer love. But it's a different type, where it's people building these things. Again, it's more akin to a Twilio because you don't really run - As a person, you wouldn't run Twilio. I don't know how many people remember. It was like ask your developer billboard and whatnot. And people really love Twilio, but they only used it inside of like, “Oh, I'm building this app or service for thing.” And so we're very much directly to that. And you also know that I used to work for a competitor for Twilio, so it's kind of ingrained, in my DNA.Swyx [00:43:35]: People don't know InfoBip is that big.Ivan [00:43:38]: Yeah, it's.Swyx [00:43:39]: Because.Ivan [00:43:40]: It's a billion euro.Swyx [00:43:40]: They're all American. They're like, “Whatever's in Europe doesn't matter to me.” But like it's the, it's the same size or bigger? Same size?Ivan [00:43:46]: It's about half the size.Swyx [00:43:47]: Half the size?Ivan [00:43:48]: Yeah, about half the size.Swyx [00:43:48]: It's like, yeah.Ivan [00:43:48]: Still huge. Multiple billions a year. Yes.Swyx [00:43:51]: That's crazy.Ivan [00:43:51]: Exactly, and so that - These are like really interesting and large revenue-generating, very sticky businesses. Whereas when you're selling to the - When your focus is the end developer, it is a very hard sell because they're very price sensitive, very price conscious, very around that. And there's very It's very hard to scale. Your cap is the number of people that are willing to spin up - First of all, wanna spin that up, and then spin up multiple of these. Whereas if you're in the enterprise one, like we know everyone's talking about like how many tokens they're spending, I'm spending. Like a lot of companies today are like, “If this is our company, spend as much as you can.” Like basically that is where we're going. And so if you think about that paradigm, where you're selling to companies that say, “Spend as much as you can to generate, productivity,” versus, “Oh, I'm a single person. I have this much budget, and I'm doing this thing because it's fun or it's helping me out or whatever.” Like it is a different, it's a different go-to-market, I think, strategy.MCP, CLIs, and Sandboxes as the Agent RuntimeSwyx [00:44:50]: Yeah, there's a lot of discussion. I'm just kind of going through like the mental list of things that are in your favor, which is, for example, MCP versus CLI. Like obviously you want CLI. It's been very good for you. I feel like it's maybe a drop in the bucket or maybe it's huge. I'm just checking whether it's like these are big trends.Ivan [00:45:10]: Those things you - work well in our favor, to your point just because every.Swyx [00:45:13]: They're kind of drop in the bucket, right?Ivan [00:45:15]: I think it's like sort of all the things come together. And so there's so many things that impact that. To your point, like OpenClaw wasn't huge for us, but like having the agent SDK, from Anthropic, so or Cloud Claude Code was very interesting. The reason why it was interesting is that a lot of, let's call them app I don't know what to call them, app layer agent companies, essentially they are like, “Oh, I can create this new app, this new agent. All I need, I just use Claude Code, and I throw it into a sandbox, and then I have my interface to the human to that.” And so that enabled so many more companies to actually offer this, and then they would pull on sandbox. So that was, that was interesting. And to your point, like MCP, versus the CLI, the MCP is an interface against an API, whereas the CLI is like you can actually go do things. Like this is it. The difference between integrations and actually running scripts or data or analysis against a thing. So being able to use a CLI very well enables the agent to do more things, and it's because that people will invoke a sandbox, they'll run it in the CLI, and but it'll do anal-analysis on that data and then give you an actual result versus just, pulling data from an API source.Swyx [00:46:29]: Yeah, it's a layer of indirection basically, it's the same thing as agentic search versus RAG, which where you're.Ivan [00:46:34]: Exactly, yeah.Swyx [00:46:34]: Just like you just win whenever people put more agents into their workflow. And so like it doesn't really matter, but I'm just kinda teasing out like what else have people heard about that like it's sort of, “Oh yeah, this is another sandbox use case. Oh yeah, that's another one.” Am I, am I missing any big ones?Ivan [00:46:51]: The thing, the thing that people, which is the computer use stuff, which I think is probably the most interesting one, is, and to your point, we've talked to so many people over the last year. It's like, “Oh, like why do you need a sandbox? Why do you need this? Why this?” And to your point, it's like, “Oh, I need sandbox for this. I need sandbox for that. I need sandbox-” It's like, “Oh, I need it for every single thing.” And so basically what I, what I - and it sounds like a broken record, it's like you use a laptop every single day, right? And you are n of one. It's just you. But now imagine how And by the way, the laptop, the computer PC market, the PC market is about equal to the cloud market in total. So it's about 150, 180 billion a year. Something like that. It's about roughly the three cloud hyperscalers is about equal to like Apple, HP, Lenovo, whatever, It's a little bit less, but it's sort of like that. And now imagine And that's just like, so how big is the addressable market? What, how many people are there in the world now? What's the last data?Swyx [00:47:45]: Let's call it eight billion.Ivan [00:47:46]: Eight billion. And so let's say you can have two computer, like you have one personal and one business, whatever. Like so it's double that, right? and so that's 16 billion, right? How many agents are gonna be running in two years, in 10 years, in 100 years? Like And for every single task, they will need one of these. And so how big is that? That market is essentially quote unquote “infinite”. You will get to the point, and Dylan Patel was at the conference talking about, from SemiAnalysis, that talks usually about GPUs, was also talking about how CPUs will now be a bottleneck because it will be the constraint. You won't be able to grow, or we won't be able to have enough of these because there won't be enough CPUs to basically do.Swyx [00:48:23]: Yeah. Well, I actually had a really good podcast with Doug Oliphant, who, which was his president at SemiAnalysis, where they've basically been like, yeah, it's been a GPU shortage first, but then it's cascaded down to memory and now to CPUs.Ivan [00:48:35]: CPU, yeah.Swyx [00:48:35]: It-What's next? So networking. So, networking actually has been in shortage for a while if you're looking at, just GPU networking. But, yeah, it's really crazy the amount of computer use that's going on, yeah, cool. I, other questions are, just the one very big part is the open sourceness which you didn't have to do, your competitors don't do, like it's not, a lot of people are worried about keeping their projects open source because some competitor can just slot fork it. I don't know if there's any reflections on just being an open source company.Open Source, Trust, and Enterprise ProcurementIvan [00:49:15]: Yeah. There's a bunch. So we the original product that we did was open source.Swyx [00:49:19]: Yeah. CodeAnywhere.Ivan [00:49:20]: So doing that was actually very good for us. There's basically a saying of, What's the saying? Like, companies that are, that are doing really well, measure themselves against, free cashflow, that are kinda okay, it's EBITDA, then, it's, it goes all the way down.Swyx [00:49:36]: The worst is like GitHub stars.Ivan [00:49:37]: GitHub stars. GitHub stars are the worst, yeah. So you go all the way down to GitHub stars. And so our original one was GitHub stars. That's what we talked about, we're at the point we're talking about revenue, so we're we've gone up the stack on that. And so we started.Swyx [00:49:47]: No, profit.Ivan [00:49:48]: Yeah. We haven't, we're, we'll get there. We'll get there. But basically at that point we did stars and GitHub and it was useful, and the original variation that we did, it we split the core into its own repo and it was Apache 2.0, so very, permissive. And then we basically would bundl

GitHub breach via VS Code extension Shai-Hulud wave compromises 600 npm packages Huawei attack behind Luxembourg telecom crash Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.

If your SaaS product delivers genuine value fast, growth takes care of itself. That's the core thesis Sanjay Sarathy has spent 8+ years proving at Cloudinary, where he oversees a self-service business representing nearly a third of the company's revenue across 11,000+ paying customers in 150+ countries — without feet on the ground in most of them.In this episode, Sanjay breaks down what product-led growth actually looks like when it's executed well: not just free trials and clever onboarding flows, but building such a frictionless, valuable experience that developers naturally tell other developers. He shares why Cloudinary invested in technical support before marketing, how they redefined "activation" to mean real value (not just uploading a file), why discoverability is a non-negotiable pillar of their growth strategy, and how they're now rethinking the developer experience for a world where AI agents and LLMs are writing the code.This is a masterclass in developer-led PLG from someone who has lived it at scale.Key Takeaways4:07 — The Growth Levers Have Changed SEO, outbound, and paid are still valid, but word of mouth (especially in developer communities), AEO, and agentic discoverability have become powerful new growth engines — when they're earned as a byproduct of value, not engineered as a primary goal.8:28 — Why PLG Before Enterprise Cloudinary was built by developers for developers. They started with self-service because that's what their founding team would have wanted. Only after PLG proved itself did enterprise customers come knocking — and it was far easier to layer on security, SLAs, and support than to bolt on a product that developers already loved.13:46 — Great Product Isn't Enough Without Distribution Cloudinary is in 150 countries with no boots on the ground in most of them. SEO, developer relations, and a docs site that functions as a discovery engine are what made global reach possible. Distribution and product must go hand-in-hand.15:36 — Discoverability Is a Strategy, Not a Tactic "Discoverability" is a recurring internal theme at Cloudinary — constantly asking how to ensure the right people, in the right context, can find and experience the product's value.16:03 — The Cannibalization Trap Cloudinary made the mistake of launching a new product without considering its impact on existing products — and cannibalized their own business. They now use a two-track product strategy: "mature" products with full go-to-market support, and "invest" products being validated for product-market fit before scaling.19:24 — Invest in Support Before Marketing One of Cloudinary's earliest and most impactful decisions: invest heavily in technical support first. Happy, successful developers become word-of-mouth advocates. That bet paid off across an entire community.21:06 — Developer Experience in the Age of AI Tooling Developer experience today means meeting developers where they work — VS Code, Cursor, Claude, Windsurf. Cloudinary built a VS Code extension and is working to minimize hallucinations by giving LLMs accurate, context-rich instructions for using Cloudinary correctly.24:03 — Redefining Activation Uploading a file to Cloudinary is not activation. Doing something with that file — transforming it, tagging it, delivering it — is activation. Reframing their metric around genuine value changed how they prioritized onboarding.33:25 — The Seven-Day Activation Window Data shows clearly: if users don't activate within the first 7 days, a second surge doesn't come. Most activation happens in the first 4–5 days. This insight shapes everything about how Cloudinary approaches onboarding urgency.27:01 — Speak Use Cases, Not Features "We have automated image optimization" means nothing. "Your images are 40% lighter and you'll save X on bandwidth" means everything. The language of outcomes and use cases is what drives adoption and expansion.36:39 — Pricing Must Communicate Value Cloudinary's self-service pricing has remained largely flat for years while the product has added enormous capability — intentionally improving the value/price ratio over time. They also offer pay-as-you-go flexibility for seasonal businesses.44:28 — The 90-Day PLG Focus: Build Trust For founders building a PLG motion right now, Sanjay's single most important recommendation: engender trust. Do what you say. Follow up when you say you will. Make your product deliver on its promise. Trust is the flywheel.Tweetable Quotes"We never set out to get word of mouth. We set out to create value. Word of mouth was the byproduct." — Sanjay Sarathy"If your product genuinely helps people win, growth becomes a natural byproduct." — Sanjay Sarathy"Distribution is equally as important as the product itself. You can have a great product and go nowhere." — Sanjay Sarathy"Discoverability isn't a campaign. It's a strategy." — Sanjay Sarathy"Uploading a file isn't activation. Doing something valuable with it is." — Sanjay Sarathy"If a developer doesn't activate in the first seven days, don't expect another surge. It won't come." — Sanjay Sarathy"Stop talking about your features. Start talking in the language of your customer's use cases." — Sanjay Sarathy"We're okay with free users who are actively using the product. They pay us back in word of mouth." — Sanjay Sarathy"In a PLG motion, trust is the flywheel. Without it, everything else breaks down." — Sanjay Sarathy"We fell in love with our own capabilities and forgot that customers don't care. Use cases are what drive adoption." — Sanjay SarathySaaS Leadership Lessons1. Build Distribution Like You Build Product Cloudinary reaches 150+ countries without sales reps in most of them — through SEO, developer relations, documentation, and community. Great products disappear without intentional distribution. Your discoverability strategy is a growth strategy.2. Earn Word of Mouth — Don't Engineer It The moment you prioritize getting word of mouth over generating it as a byproduct of genuine value, you've lost the plot. Build something that makes people win, then step back and let them talk. The data will tell you if it's working.3. Start Narrow, Validate, Then Scale Cloudinary's "invest vs. scale" product framework exists because they once cannibalized their own product line by expanding without rigor. Validate product-market fit in a controlled way before committing the full go-to-market machine. Repeatability before scale.4. Redefine Your Activation Metrics Around Real Value Ask yourself: is the action we're measuring actually a moment of value, or just a moment of presence? Cloudinary stopped counting uploads and started counting transformations. The metric you optimize shapes the product you build.5. Invest in Customer Success Before You Think You Need To Cloudinary prioritized technical support ahead of marketing in their early days. Counter-intuitive — and it was exactly right. Successful users become advocates. That investment compounded for years through word of mouth and developer trust.6. Speak the Language Your Customer Thinks In "Automated image optimization via F-Auto" is internal language. "Your images are 40% lighter and your site is faster" is customer language. The translation layer between what your product does and what your customer achieves is where adoption lives or dies. Build that bridge deliberately.Guest Resourcessanjay@cloudinary.comwww.cloudinary.comhttps://www.linkedin.com/in/sanjaysarathy/https://x.com/guffnuffEpisode SponsorThe Futureproof Series - https://www.youtube.com/playlist?list=PLfkXKUPZ5xuOqMPR7_gzGybncTtavyR1NThe Captain's KeysSmall Fish, Big Pond – https://smallfishbigpond.com/ Use the promo code ‘SaaSFuel'Champion Leadership Group – https://championleadership.com/SaaS Fuel ResourcesWebsite - https://championleadership.com/Jeff Mains on LinkedIn - https://www.linkedin.com/in/jeffkmains/Twitter - https://twitter.com/jeffkmainsFacebook - https://www.facebook.com/thesaasguy/Instagram - https://instagram.com/jeffkmains

GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance's “AI Vulnerability Storm” report. A book about misinformation contains helpful examples. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, sharing Cloud Security Alliance's The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program. Selected Reading GitHub confirms breach of 3,800 repos via malicious VSCode extension (Bleeping Computer) Trump AI executive order seeks early government access to frontier models (Axios) DC Circuit slams Pentagon blacklisting of Anthropic as overreach (Courthouse News Service) Drupal Issues Urgent Warning for Highly Critical Core Vulnerability (Beyond Machines) From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat (Cisco Talos) Signal adds security warnings for social engineering, phishing attacks (Bleeping Computer) Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware (Microsoft)   China's state security authorities uncover foreign agency using domestic routers as cyberattack proxies; users notice only slower speeds (Global Times) ‘The Future of Truth' Contains Quotes Made Up by A.I. (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scott and Wes break down the “Mini Shai-Hulud” supply chain attack that compromised TanStack and other popular npm packages through a clever GitHub Actions cache poisoning exploit; a self-propagating worm that stole credentials and persisted through Claude Code hooks and VS Code tasks. They also cover how developers can protect themselves using pnpm's security defaults, dev containers, and other practical defenses. Show Notes 00:00 Welcome to Syntax! 00:25 Understanding the Shai-Hulud Worm Post Mortem of Shai Hulud Attack 02:47 Mechanics of the Attack: GitHub Actions and Cache How the attack happened Who Was Involved in the Attack Several npm latest releases are compromised Socket.dev Step Security 05:44 Brought to you by Sentry.io 06:09 Propagation and Impact of the Worm 09:30 Preventative Measures for Developers Dead Man's Switch 12:33 The Role of Package Managers in Security Block Exotic Subdeps 18:39 Using Dev Containers Why You Should Use Dev Containers Scott Tolinski's Security Review 20:57 Conclusion and Final Thoughts Sentry has Skills! Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

This is episode 326, recorded on May 7th, 2026, where John and Jason break down the Power BI & Fabric April 2026 Feature Summaries — DAX user-defined functions are here in preview, Direct Lake is flexing new modeling muscles, the Dataflows Gen1 community drama has a plot twist, Fabric Data Warehouse finally gets true transactional DDL, and VS Code integration in Fabric notebooks keeps leveling up. It's the April feature summary double-header. For show notes please visit www.bifocal.show

Java 26 est là, GraalVM cartonne chez Trivago (43 à 12 réplicas !), OpenJDK interdit le code généré par LLM, Spring et Quarkus enchaînent les releases. Côté IA : ADK 1.0, A2A, Lyria 3 chante (mal ?), Yann LeCun lance Ami Labs et ses World Models. Mythos d'Anthropic fait trembler la sécu, Claude Code a leaké son source, et les git worktrees envahissent vos terminaux. Bonus : la mort annoncée de l'IDE, vagues de licenciement chez Oracle et Block, et nos voix toutes clonées. Bon week-ends de mai ! Enregistré le 7 mai 2026 Téléchargement de l'épisode LesCastCodeurs-Episode-340.mp3 ou en vidéo sur YouTube. News Langages Retour d'expérience d'une migration vers graalVM chez Trivago https://medium.com/graalvm/inside-trivagos-graalvm-migration-native-image-for-graphql-at-scale-912bca9df841 La passerelle GraphQL de Trivago (point d'entrée de tout le trafic vers 48 microservices) souffrait de pics de timeout au démarrage JVM Résultats spectaculaires après migration vers GraalVM Native Image : réduction des réplicas de 43 à 12, CPU de 15 à 5 cœurs, images Docker plus légères Obstacles techniques : incompatibilité Log4j → migration vers Logback, remplacement de Mockk par Testcontainers, compilation CI/CD très gourmande Netflix DGS et d'autres librairies manquaient de support GraalVM → l'équipe a contribué des correctifs upstream en open source Approche recommandée : commencer par les services les moins complexes, investir massivement dans les tests automatisés À la 14e migration, le processus était si rodé qu'il allait plus vite que la toute première tentative OpenJDK Interim Policy on Generative AI - https://openjdk.org/legal/ai OpenJDK adopte une politique intérimaire interdisant toute contribution incluant du contenu généré par des LLMs, modèles de diffusion ou systèmes deep-learning Le périmètre est large : code source, texte, images dans les dépôts Git, pull requests GitHub, emails, pages wiki et issues JBS Les contributeurs peuvent utiliser les outils d'IA de manière privée pour comprendre, déboguer et relire le code OpenJDK, mais ne peuvent pas contribuer le contenu généré Trois risques justifient cette politique : surcharge des relecteurs face au code plausible mais incorrect, risques de sûreté/sécurité pour une plateforme critique, et risques de propriété intellectuelle (l'OCA exige que les contributeurs possèdent les droits IP de leurs contributions) Même éditer partiellement du code AI-généré ne le rend pas acceptable à la contribution Oracle, sponsor corporatif d'OpenJDK, travaille sur une politique complète à soumettre au Governing Board GraalVM Native Image et la Closed-World Assumption en Java https://pvs-studio.com/en/blog/posts/java/1357/ Un bon article de rappel du contexte de closed world en Java GraalVM Native Image compile les applications Java en exécutables natifs statiques, sans JVM au runtime. La JVM fonctionne en monde ouvert : les classes sont chargées à la demande, les appels sont des références symboliques résolues dynamiquement. Native Image impose la "closed-world assumption" : tous les chemins d'exécution doivent être connus à la compilation. Les fonctionnalités dynamiques Java (réflexion, proxies, chargement de classes) créent des chemins cachés invisibles à l'analyse statique. C'est pourquoi Native Image exige des fichiers de configuration explicites pour la réflexion, les proxies, les ressources et la FFM API. L'article illustre le problème avec la Foreign Function & Memory API pour appeler printf natif : fonctionne sur JVM, échoue en Native Image sans config. Inclure tout le bytecode accessible serait inutilisable : binaire géant, compilation très lente, et la réflexion nécessite des métadonnées précises. La configuration n'est pas un défaut de conception mais une conséquence logique du passage du dynamique au statique. Java 26 : les nouveautés https://foojay.io/today/java-26-whats-new/ Java est le langage de la JVM, publié tous les 6 mois depuis Java 9 ; Java 26 est une version non-LTS avec 10 JEPs. JEP 500 : protection des champs final modifiés par réflexion profonde, avec des avertissements configurables. JEP 504 : suppression définitive de l'API Applet, plus supportée par les navigateurs. JEP 516 : le cache AOT (Project Leyden) fonctionne désormais avec n'importe quel garbage collector. JEP 517 : support HTTP/3 dans le client HTTP, HTTP/2 reste le défaut mais HTTP/3 est accessible à la demande. JEP 522 : amélioration du débit du GC G1 en réduisant la synchronisation entre threads applicatifs et threads GC. Nouveau support des UUIDv7 via UUID.ofEpochMillis(), naturellement triables et adaptés aux identifiants de bases de données. Process devient AutoCloseable, utilisable dans un try-with-resources. Aucune fonctionnalité en preview n'est graduée en standard ; Structured Concurrency en est à sa 6e preview. Librairies Guillaume a créé une petite librairie Java sans dépendance pour extraire le JSON d'une réponse d'un LLM un peu verbeux https://glaforge.dev/posts/2026/03/22/extracting-json-from-llm-chatter-with-jsonspotter/ Les LLM génèrent souvent du JSON, mais il est parfois entouré de bla-bla et/ou contient des erreurs (ex: commentaires, virgules finales) qui bloquent les parseurs JSON standards. Guillaume a créé une petite librairie légère sans dépendance pour localiser et extraire la structure la plus longue ressemblant à du JSON (même malformé) On peut ensuite passé cette chaîne à un parseur "lénient" (plus tolérant) comme Jackson pour ensuite avoir de bons vieux objets Java fortement typés Librairie dispo sur Maven Central ADK Java sort sa version 1.0 (Agent Development Kit par Google) https://developers.googleblog.com/announcing-adk-for-java-100-building-the-future-of-ai-agents-in-java/ ADK est un framework open source de Google pour créer des agents IA, initialement en Python, maintenant multi-langages (Python, Java, Go, Typescript). Nouvelles fonctionnalités majeures : Outils puissants : GoogleMapsTool, UrlContextTool, ContainerCodeExecutor, VertexAiCodeExecutor, abstraction ComputerUseTool. Architecture de plugins centralisée : Nouveau conteneur App pour gérer les Plugins à l'échelle de l'application (ex: LoggingPlugin, GlobalInstructionPlugin). Context engineering amélioré : Compaction d'événements pour gérer la taille des fenêtres de contexte (résumé et rétention). Human-in-the-Loop (HITL) : Supporte les workflows ToolConfirmation pour approbation humaine des actions d'agent. Services de session et de mémoire : Contrats clairs pour la gestion de l'état (InMemory, VertexAI, Firestore) et la mémoire à long terme. Support Agent2Agent (A2A) : Collaboration native entre agents distants de différents frameworks via le protocole A2A. Dans cet autre article, Guillaume partage comment il a développé l'application Comic Trip montrée dans la vidéo YouTube et qui utilise ADK 1.0 https://glaforge.dev/posts/2026/03/30/building-my-comic-trip-agent-with-adk-java-1-0/ Nouvelle version du SDK Java pour Agent2Agent Protocol, avec le support de la version 1.0 de la spécification https://medium.com/google-cloud/a2a-java-sdk-1-0-0-beta1-released-e83c414b34cc Alignement avec la version 1.0 de la spécification Nouveau groupId org.a2aproject.sdk et package org.a2aproject.sdk Protocoles de transport : support complet et équivalent pour JSON-RPC, gRPC et HTTP+JSON/REST. Gestion des erreurs : introduction de codes d'erreur et détails structurés pour une meilleure observabilité. Optimisation HTTP : ajout d'en-têtes de cache pour les métadonnées des agents (Agent Card). Flexibilité du client HTTP : support par défaut du JDK HttpClient, avec option Vert.x pour les environnements Quarkus. Nouvelles fonctionnalités techniques : méthode DataPart.fromJson() pour la création simplifiée d'objets depuis du JSON brut. Prochaines étapes (v1.0.0.GA) : support simultané des versions 1.0.0 et 0.3.0 du protocole pour assurer l'interopérabilité. JPA 4.0 Milestone 2 : nouvelles fonctionnalités pour Jakarta Persistence https://in.relation.to/2026/04/23/JPA-4-M2/ Jakarta Persistence (JPA) est la spécification standard Java pour le mapping objet-relationnel (ORM), implémentée notamment par Hibernate. JPA 4.0 M2 est la deuxième milestone de la prochaine version majeure de la spécification, annoncée par Gavin King. Construction de requêtes Criteria à partir de chaînes JPQL, offrant plus de flexibilité dans la composition dynamique des requêtes. Nouveaux types d'expressions spécialisés (TextExpression, NumericExpression) pour simplifier l'écriture des requêtes Criteria. Nouvelle interface FetchOption pour contrôler explicitement la stratégie de chargement des associations, dont un BatchSize intégré. Nouvelle annotation @EntityListener qui découple les classes entités de leurs listeners, supprimant les dépendances à la compilation. Les listeners peuvent cibler plusieurs types de callbacks et s'appliquer globalement à toute l'unité de persistance. Introduction de FlushModeType.EXPLICIT et QueryFlushMode pour un contrôle plus fin de la synchronisation avec la base de données. La méta-annotation @Discoverable permet de placer des annotations comme @NamedQuery sur n'importe quelle classe ou interface. Améliorations du DDL via @Index amélioré et clarifications de la spécification via la javadoc. Quarkus 3.35 : tree-shaking, PGO et AOT Semeru https://quarkus.io/blog/quarkus-3-35-released/ Quarkus est un framework Java cloud-natif optimisé pour GraalVM et HotSpot, conçu pour les microservices et les environnements conteneurisés. Nouveau JAR tree-shaking expérimental : analyse des dépendances à la compilation pour supprimer les classes inutilisées. Sur le CLI Quarkus, cela supprime plus de 6 000 classes et économise environ 18 Mo (39,5 %). Support du Profile-Guided Optimization (PGO) pour les builds natifs via quarkus.native.pgo.enabled=true. Le PGO est une fonctionnalité Oracle GraalVM, non disponible dans la Community Edition. Support de l'AOT IBM Semeru : le démarrage passe de ~380 ms à ~190 ms dans les premiers tests. Nouvelle extension quarkus-reactive-transactions : support de @Transactional pour les méthodes Hibernate Reactive retournant Uni. Configuration CORS dédiée pour l'interface de management, indépendante de l'interface HTTP principale. Les tests n'utilisent plus les System Properties pour la propagation de configuration, facilitant la parallélisation future. Le serializer jackson sans reflection n'est pas le default du aux retours de cas limites, encore du travail This Week in Spring - 21 avril 2026 https://spring.io/blog/2026/04/21/this-week-in-spring-april-21-2026 Spring Framework 6.2.18 et 7.0.7 corrigent trois failles de sécurité : DoS via fichiers multipart WebFlux, empoisonnement de cache de ressources statiques, et DoS sur Windows. Le support open source de Spring Framework 5.3.x et 6.1.x est terminé, la migration est recommandée. Spring Data 2026.0.0-RC1 introduit l'upsert (MERGE/INSERT ON CONFLICT) dans l'API Template de Spring Data Relational. Spring Data ajoute un RedisMessageSendingTemplate pour la cohérence avec les listeners Redis, et une optimisation de réinitialisation de caches en un seul appel. Spring AI introduit une Session API (série Agentic Patterns, partie 7) : architecture event-sourcée pour la mémoire des agents IA. La Session API supporte la compaction turn-safe, l'isolation de sous-agents en parallèle, et la persistence JDBC (PostgreSQL, MySQL, MariaDB, H2). Elle vise Spring AI 2.1 (novembre 2026) et remplacera à terme l'API ChatMemory. Spring Vault 4.1.0-RC1 et 4.0.2 sont disponibles. Netflix a présenté son usage de Java, Spring Boot et Spring AI dans une vidéo. This Week in Spring - 28 avril 2026 https://spring.io/blog/2026/04/28/this-week-in-spring-april-28-2026 Cette série hebdomadaire de Josh Long compile les nouveautés de l'écosystème Spring : articles, outils, podcasts et annonces de la communauté. Spring Boot 4 introduit un package natif de résilience org.springframework.resilience avec une nouvelle API de retry qui remplace les approches fragiles via Spring Retry ou Resilience4j. L'API retry native de Spring Boot 4 a des noms d'attributs et sémantiques différents des anciennes bibliothèques, rendant les tutoriels pré-2025 obsolètes et sources de bugs silencieux. Le SDK Spring AI pour Amazon Bedrock AgentCore est disponible en GA : il intègre les capacités AgentCore dans Spring AI via annotations et auto-configuration. Le SDK AgentCore gère automatiquement le contrat runtime AgentCore : endpoint /invocations, health check /ping, SSE avec backpressure. Il offre mémoire court terme (sliding window) et long terme (sémantique, préférences, résumé, épisodique), ainsi que des outils pour navigateur et exécution de code en sandbox. Un plugin Maven (Nullability Maven Plugin) simplifie l'intégration de JSpecify et NullAway pour enforcer la null-safety à la compilation dans les projets Java. Le plugin génère automatiquement les fichiers package-info.java par package et configure le compilateur pour traiter les violations de nullabilité comme des erreurs. Josh Long et Dr. Venkat Subramaniam ont co-présenté à Voxxed Days Amsterdam sur "Intelligent Kotlin", avec un épisode de podcast associé. Cloud Amazon S3 Files https://aws.amazon.com/about-aws/whats-new/2026/04/amazon-s3-files/ Amazon S3 Files est un nouveau service donnant un accès système de fichiers direct aux données stockées dans les buckets S3 Basé sur la technologie Amazon EFS, il supprime la barrière entre stockage objet et interface système de fichiers sans dupliquer les données Débit en lecture pouvant atteindre plusieurs téraoctets par seconde ; des milliers de ressources de calcul peuvent y accéder simultanément Les données restent accessibles via les deux interfaces : S3 API classique et système de fichiers standard, sans migration nécessaire Cas d'usage : agents IA pour la persistance de mémoire entre pipelines, équipes ML sans staging, simplification des data lakes Disponible dans 34 régions AWS Data et Intelligence Artificielle Comment générer de la musique et des clips audio en Java avec le modèle Lyria 3 https://glaforge.dev/posts/2026/03/25/generating-music-with-lyria-3-and-the-gemini-interactions-java-sdk/ Génération musicale avec Lyria 3 (DeepMind) et le SDK Java Gemini Interactions. Lyria 3 : modèle d'IA générative pour créer musique avec paroles ou pistes instrumentales. Utilisation via le SDK Java de l'API Gemini, nécessite une clé API Gemini. Deux versions de modèle Lyria 3 : lyria-3-clip-preview : Clips courts (30s), extraits. lyria-3-pro-preview : Chansons complètes (jusqu'à 3 min), structurées. Personnalisation via les prompts : Fournir ses propres paroles ou les faire générer. Contrôler la structure de la chanson ([Intro], [Verse], [Chorus], [Outro]). Générer des morceaux instrumentaux uniquement. Utiliser des images comme source d'inspiration (modèle multimodal). Sortie : Audio (MP3) et texte (paroles/structure) directement, sans décodage complexe. Facilite l'intégration de la génération musicale dans les applications Java. Les world model, la prochaine étape pour les IA https://www.lepoint.fr/sciences-nature/comment-le-commando-de-yann-le-cun-se-prepare-a-ringardiser-les-geants-mondiaux-de-lia-depuis-paris-OZVUWTDYBNE25C6WF44265ZQKE/ Yann LeCun a quitté Meta FAIR pour créer AMI Labs (Advanced Machine Intelligence) basée à Paris Sa thèse : les LLMs ne mèneront pas à l'intelligence générale, la vraie IA doit partir de la compréhension du monde physique AMI Labs a levé 1,03 milliard de dollars en seed (le plus grand seed round de l'histoire européenne) à 3,5 milliards de valorisation Les world models apprennent à prédire et comprendre la réalité physique plutôt qu'à prédire le prochain token d'une séquence Slogan d'AMI : "Real intelligence does not start in language. It starts in the world." Paris comme base stratégique pour challenger la Silicon Valley dans la prochaine rupture de l'IA Debezium 2026 : résultats du sondage communautaire https://debezium.io/blog/2026/04/27/debezium-2026-survey-results/ Debezium est un outil de Change Data Capture (CDC) open source qui capture les modifications de bases de données en temps réel pour les diffuser vers des systèmes comme Kafka. 98,6% des répondants utilisent Debezium activement ou prévoient de le faire dans l'année, avec 91,3% déjà en production. 63,8% des déploiements tournent sur Kubernetes, 60,9% utilisent Kafka Connect auto-géré, et 17,4% restent sur des VMs ou bare metal. Helm charts est l'approche dominante pour la gestion de configuration, souvent combiné avec GitOps, CI/CD, Ansible ou Terraform. PostgreSQL domine les connecteurs utilisés à 69,6%, suivi de MySQL (33,3%), SQL Server (29%) et Oracle (27,5%). Les volumes de changements capturés vont de 1-25 modifications par minute jusqu'à 1-2 millions par minute selon les environnements. Infinispan rejoint l'écosystème OGX comme fournisseur de stockage vectoriel https://infinispan.org/blog/2026/04/17/infinispan-joins-ogx-ecosystem OGX (anciennement Llama Stack) est un serveur API agentique open source pour construire des applications d'IA complètes. OGX compose des fournisseurs d'inférence, des stores vectoriels, des backends de sécurité, des runtimes d'outils et du stockage de fichiers en un seul serveur déployable. OGX se positionne comme une alternative à l'API OpenAI, déployable sur diverses infrastructures et modèles. OGX cible les workflows RAG (Retrieval-Augmented Generation) et les applications agentiques. Infinispan s'y intègre comme fournisseur de vector IO, apportant recherche vectorielle, par mots-clés et hybride. Je n'ai pas entendu parlé de ce renommage, vous le voyez dans vos deploiements ? Outillage cmux un nouveau terminal basé sur Ghostty spécialisé pour les coding agents https://cmux.com/ Application macOS native construite sur le moteur de rendu Ghostty (libghostty), offrant une accélération GPU pour une fluidité maximale Conçu spécifiquement pour le multitâche et les workflows assistés par IA, avec des onglets verticaux affichant la branche Git, le répertoire et les ports actifs Intègre des notifications qui illuminent les panneaux lorsqu'un agent IA (Claude Code, Codex, etc.) nécessite l'attention de l'utilisateur Propose un navigateur web intégré et scriptable qui peut être affiché en écran scindé à côté du terminal via une API Alternative moderne à tmux, ne nécessitant pas de fichiers de configuration complexes ou de préfixes de touches pour la gestion des vitres et des sessions Supporte nativement tous les agents de codage en ligne de commande et permet l'automatisation via une API socket et une interface CLI dédiée Git Worktree comme un chef https://www.metal3d.org/blog/2026/git-worktree-comme-un-chef/ Article par Patrice Ferlet Git Worktree: Travailler sur plusieurs branches simultanément via des répertoires distincts. Évite git stash ou clones multiples pour le changement de contexte rapide. Méthode "bare" (recommandée): Cloner le dépôt en mode bare (ex: .bare). Lier le dossier racine au dépôt bare via un fichier .git. Configurer le remote tracking pour voir toutes les branches distantes. Ajouter des worktrees pour chaque branche (git worktree add ). Avantages: Économie d'espace, source de vérité unique (un git fetch met tout à jour), hooks/configs partagés, sécurité. Conseils: Ne jamais faire de git checkout à l'intérieur d'un worktree. git fetch --all depuis n'importe quel worktree pour tout mettre à jour. git worktree add --detach pour tester des merges temporaires sans créer de branche. Supprimer: git worktree remove puis git worktree prune. Un script wtree est fourni pour automatiser l'initialisation du setup "bare". Améliore considérablement le workflow. L'IDE meurt et vite https://x.com/jdegoes/status/2036931874057314390?s=46&t=C18cckWlfukmsB_Fx0FfxQ Des leaders techniques prédisent la fin rapide de l'IDE traditionnel, remplacé par des interfaces conversationnelles agentiques Le changement de paradigme : le développeur n'écrit plus des lignes de code mais exprime son intention et supervise des agents autonomes Des outils comme Claude Code, Copilot et Cursor transforment déjà radicalement les workflows de développement quotidiens L'IDE centré sur l'éditeur de code perd sa raison d'être quand l'agent lit, modifie et structure le code de manière autonome La transition est comparable au passage du desktop au mobile : les pratiques établies depuis 30 ans remises en question en quelques mois Le source de Claude Code a leaké via probablement le codemap et un site decrit sont fonctionnement https://ccunpacked.dev/ Le 31 mars 2026, Anthropic a accidentellement inclus les sourcemaps dans un package npm de Claude Code, exposant ~512 000 lignes de TypeScript La fuite n'était pas un piratage mais une erreur humaine : un "*.map" oublié dans .npmignore Le site ccunpacked.dev a été lancé pour analyser et visualiser le code source décompressé Le code révèle un agent background permanent nommé "KAIROS", un mode furtif pour cacher les contributions des employés Anthropic à l'open source, et 44 feature flags cachés Une fonctionnalité inédite "Buddy" (animal de compagnie électronique dans le terminal) et un mode "dream" pour l'idéation continue ont été découverts Anthropic a confirmé : "Aucune donnée client sensible n'était impliquée. Erreur humaine dans le packaging de la release." Gemini CLI passe aux agents https://x.com/srithreepo/status/2039794081925382307?s=46&t=GLj1NFxZoCFCjw2oYpiJpw Gemini CLI, l'agent IA open source de Google pour le terminal, introduit des hooks dans sa boucle agentique Les hooks permettent d'exécuter des scripts automatiquement (scanners de sécurité, vérifications de conformité, logging) à chaque étape de l'agent Lancement de Gemini CLI GitHub Actions : un agent autonome pour les repositories qui peut exécuter des tâches de codage de routine Support des MCP servers pour étendre les capacités et des "Agent Skills" pour des workflows spécialisés Mode agent disponible dans VS Code et IntelliJ avec accès aux outils du système de fichiers et terminal Wispr, le speech to text en local sur macOS http://wispr.stormacq.com/ Wispr est une application macOS de dictée vocale entièrement locale, propulsée par Whisper (OpenAI) sur appareil, sans cloud ni tracking Sébastien Stormacq a développé Wispr en un jour et demi sans écrire une seule ligne de code, grâce à Kiro CLI (agent IA Amazon) Disponible en open source sur GitHub et via Homebrew Détection automatique de la langue, insertion du texte au curseur dans n'importe quelle application via un raccourci global En un mois : 19 releases incluant mode mains-libres, suppression des mots de remplissage, auto-envoi pour les chats, et un outil CLI Exemple concret de développement vibe coding produisant un outil de qualité production sans expertise Swift préalable Comment, Gordon, l'assistant spécialisé en Docker est né https://n9o.xyz/posts/202603-building-gordon/ Nuno Coração (n9o.xyz) détaille comment Gordon, l'assistant spécialisé Docker, a été construit sur docker-agent, le runtime d'agents IA open source de Docker écrit en Go Les agents sont définis en YAML déclaratif et distribués comme des artefacts OCI, sans mise à jour binaire nécessaire L'architecture initiale en essaim de 9 agents spécialisés a été abandonnée au profit d'un agent racine unique avec un prompt soigneusement conçu Le modèle utilisé est Claude Haiku 4.5, suffisant après optimisation des prompts Principe clé "show, then do" : toute action de l'agent nécessite une approbation explicite de l'utilisateur La description des outils impacte fortement la précision du LLM : ajouter des outils peut paradoxalement dégrader les performances existantes Le prompt est une spécification détaillée (identité, patterns d'accès fichiers, règles de sécurité) plutôt qu'une simple instruction IBM Bob https://bob.ibm.com/blog/announcing-ibm-bob-launch IBM Bob assistant IA d'IBM pour coder sur de vraies codebases (lancé avril 2026) 5 modes : Ask, Plan, Code, Advanced (MCP), Orchestrator Détecte la complexité du code en temps réel et propose des refactos Fait des revues de code automatiques sur tes branches/issues GitHub Permet d'écrire en langage naturel directement dans l'éditeur Fonctionne aussi en terminal/CLI et dans les pipelines CI/CD Sécurité : approbation manuelle, .bobignore, checkpoints, pas de training sur tes prompts How I use Claude - 50 tips pratiques https://www.youtube.com/watch?v=mZzhfPle9QU Staff Engineer Meta partage 50 tips après 6 mois d'utilisation intensive de Claude Code Basé sur ~12h/jour d'usage perso et professionnel Couvre tout : bases, workflows avancés, parallélisation Objectif : partager ce qu'il aurait voulu savoir dès le départ Méthodologies Quelqu'un rale sur la non soutenabilité des bases de code écritent avec des agents https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing-the-fuck-down/ Mario Zechner estime que les agents IA font les mêmes erreurs répétitivement sans apprendre, accumulant la complexité à grande vitesse faute de bottlenecks humains Sans vision globale, les agents créent du cargo-cult : les "best practices" de l'industrie appliquées localement sans cohérence architecturale La croissance de la base de code dégrade la capacité des agents à retrouver le code existant → duplication et incohérences croissantes Il cite des pannes AWS et des initiatives qualité Microsoft comme signes préoccupants liés au code généré par IA Solution : réserver les agents aux tâches délimitées et évaluables, garder l'architecture, les APIs et les systèmes critiques écrits à la main Maintenir une revue de code rigoureuse et traiter les humains comme les gardiens finaux de la qualité On m'oblige à utiliser l'IA https://n.survol.fr/n/on-moblige-a-utiliser-lia Éric D. défend l'adoption obligatoire de l'IA comme décision stratégique légitime, comparable au choix du full remote ou de la stack technique Il distingue la décision stratégique (adoption IA) de la méthode d'accompagnement (qui reste collaborative et bienveillante) La compétence IA devient un critère de recrutement : chercher des candidats déjà curieux et explorateurs de ces outils L'alignement culturel sur les pratiques et outils est un prérequis à la cohésion d'équipe Le refus d'adopter certains outils stratégiques peut justifier de ne pas recruter un candidat autrement compétent Encore une metodo SPDD https://martinfowler.com/articles/structured-prompt-driven/ Problème : l'IA accélère le dev individuel mais amplifie ambiguïtés et incohérences à l'échelle d'une équipe. martinfowler SPDD : traiter les prompts comme des artefacts versionnés, révisables et réutilisables plutôt que des échanges jetables. martinfowler Canvas REASONS : 7 dimensions (Requirements, Entities, Approach, Structure, Operations, Norms, Safeguards) pour guider le LLM de l'intention à l'exécution. martinfowler Workflow en 6 étapes : exigences → analyse → contexte → prompt structuré → code → tests unitaires, chaque étape s'appuyant sur la précédente. martinfowler 3 compétences clés : abstraction d'abord, alignement de l'intention, revue itérative. martinfowler Limites : fort ROI sur du code métier complexe, peu adapté aux hotfixes urgents, scripts jetables ou travail créatif/visuel. m Sécurité Le projet Glasswing pour sécuriser les logiciels https://www.anthropic.com/glasswing Anthropic lance Glasswing, une initiative de cybersécurité utilisant Claude Mythos Preview pour identifier des vulnérabilités zero-day 12 partenaires fondateurs dont AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft et NVIDIA Anthropic investit 100 millions de dollars en crédits de modèle et 4 millions en dons aux organisations de sécurité open source Le modèle opère avec une autonomie substantielle, identifiant des milliers de vulnérabilités dans les OS, navigateurs et infrastructures critiques Plus de 40 organisations supplémentaires ont accès pour scanner et sécuriser leurs systèmes Objectif : donner l'avantage aux défenseurs avant que les techniques de hacking assistées par IA ne se généralisent chez les attaquants LinkedIn vous espionne https://frenchbreaches.com/blog/linkedin-est-accuse-de-fouiller-dans-votre-ordinateur-illegalement Scandale "BrowserGate" : LinkedIn injecte du JavaScript qui tente de détecter les extensions Chrome installées sur votre navigateur Le script analysé contient une liste codée en dur de 6 222 extensions Chrome avec identifiants et chemins de fichiers internes Croissance alarmante de la liste ciblée : 38 extensions en 2017 → 461 en 2024 → ~1 000 en mai 2025 → 6 222 début 2026 Les données collectées incluent aussi CPU, RAM, résolution d'écran, timezone et état batterie pour du fingerprinting Certaines extensions ciblées sont liées à la neurodivergence, aux pratiques religieuses ou aux opinions politiques → violation grave du RGPD LinkedIn défend que le scan vise uniquement à détecter les extensions qui pratiquent le scraping de données Post mortem de la supply chain attack sur la librairie NPM axios https://github.com/axios/axios/issues/10636 Le 31 mars 2026, deux versions malveillantes d'axios (1.14.1 et 0.30.4) ont été publiées via un compte mainteneur compromis Vecteur d'attaque : RAT installé via ingénierie sociale ciblée sur la machine personnelle du mainteneur principal La 2FA ne protège pas si la machine de l'utilisateur est compromise : l'attaquant contrôle tout et peut agir comme l'utilisateur Les packages malveillants injectaient plain-crypto-js@4.2.1, un cheval de Troie multi-plateforme (macOS, Windows, Linux) Détection communautaire en ~3 heures, suppression par npm, mesures correctives : rotation complète des credentials Changements préventifs : publication via OIDC, releases immuables, amélioration des pratiques GitHub Actions Passbolt un gestionnaire de mots de passe open source https://lesjoiesducode.fr/passbolt-gestionnaire-de-mots-de-passe-gratuit-open-source-que-votre-equipe-merite-vraiment Gestionnaire de mots de passe open source conçu pour le partage d'identifiants en équipe, utilisé par plus de 50 000 organisations Chiffrement individuel par utilisateur et par version de credential, pas de coffre-fort partagé — architecture zero-knowledge "Forward secrecy" : quand un membre quitte l'équipe, ses copies chiffrées sont automatiquement révoquées sans reset manuel Supporte TOTP, clés SSH, tokens API et champs personnalisés avec piste d'audit complète de tous les accès Édition communautaire entièrement gratuite avec utilisateurs illimités, auto-hébergeable ou cloud Chiffrement OpenPGP nécessitant passphrase + clé privée, avec tokens visuels anti-phishing Loi, société et organisation Anthropic fait un don d'1,5 millions de dollars à la fondation Apache https://news.apache.org/foundation/entry/the-apache-software-foundation-announces-1-5m-donation-from-anthropic Anthropic donne 1,5 million de dollars à l'ASF pour soutenir l'infrastructure, la sécurité et la communauté open source Vitaly Gudanets (CISO d'Anthropic) : "Soutenir l'ASF est un investissement direct dans la résilience et l'intégrité des systèmes dont dépend l'IA moderne" Les fonds financeront les systèmes de build, les processus de sécurité et les services aux projets Apache Ce don est le déclencheur de l'initiative IA responsable à 10 millions de dollars de l'ASF L'infrastructure Apache est invisible mais critique : des systèmes financiers aux plateformes de santé, elle sous-tend l'écosystème logiciel mondial L'ASF lance l'initiative IA responsable https://news.apache.org/foundation/entry/the-apache-software-foundation-launches-10m-responsible-ai-initiative-with-initial-1-75m-donation L'ASF lance une initiative pour une IA responsable dotée d'un budget de 10 millions de dollars sur 3 ans minimum Anthropic est le premier donateur avec 1,5 million de dollars ; Alpha-Omega contribue 250 000 dollars L'initiative fournit aux projets Apache un accès à des modèles IA pour l'expérimentation et la sécurité Elle soutient l'ensemble de la chaîne IA/ML : pipelines de données, infrastructure, frameworks de deep learning Des tracks de conférences, hackathons et bourses de voyage sont prévus pour élargir la communauté Les principes directeurs incluent la supervision humaine, l'intégrité des licences et la sécurité open source Oracle vire 30000 personnes https://rollingout.com/2026/03/31/oracle-slashes-30000-jobs-with-a-cold-6/ Oracle licencie 20 000 à 30 000 employés, 18% de ses effectifs mondiaux. Les salariés ont appris leur licenciement par un simple email à 6h du matin, sans aucun préavis. L'accès à tous les systèmes (Slack, Zoom, badges) a été coupé immédiatement après. But : libérer 8 à 10 milliards de dollars pour construire des centres de données IA. Oracle a déjà contracté 50 milliards de dettes en 2026 pour financer ses projets IA. Paradoxe : l'entreprise affiche un bénéfice record de 6,13 milliards, mais ses liquidités sont dans le rouge. L'action Oracle a perdu plus de la moitié de sa valeur depuis septembre 2025. Et si l'IA n'était qu'un prétexte pour licencier https://eventuallycoding.com/p/ia-licenciements-et-si-l-intelligence-artificielle-n-etait-qu-une-excuse Hugo Lassiège (eventuallycoding) estime que les entreprises utilisent l'IA comme narratif commode pour masquer des erreurs de gestion passées (Block a triplé ses effectifs post-COVID sans croissance des revenus correspondante) Moins de 1% des licenciements technologiques seraient réellement dus à des gains de productivité IA selon les analyses citées Mesurer la productivité des développeurs reste un problème non résolu, mais les entreprises affirment des gains d'efficacité sans preuves Des pressions économiques réelles (inflation, guerres commerciales, coûts énergétiques) sont masquées derrière le discours IA Les restructurations nécessaires sont présentées comme des transformations AI-driven positives pour rassurer les investisseurs Il y voit une fenêtre d'opportunité pour l'Europe pendant que les géants américains se restructurent GitHub Copilot va utiliser les interacitons pour entrainer ses modèles sauf si vous vous délistez https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/ À partir du 24 avril 2026, GitHub utilise par défaut les interactions des utilisateurs Copilot Free, Pro et Pro+ pour entraîner ses modèles Les données collectées incluent le code accepté ou modifié, les snippets envoyés, les noms de fichiers et structures de dépôts, et les retours utilisateurs Les utilisateurs Copilot Business, Enterprise et les dépôts d'entreprise sont exclus de cette collecte de données d'entraînement Opt-out disponible dans les paramètres GitHub > "Privacy" ; les préférences de désactivation préalables sont conservées automatiquement Objectif déclaré : améliorer la précision des modèles sur les langages et cas d'usage du monde réel Grosse percée de Claude Code dans les commits sur GitHub https://aifoc.us/damn-claude-thats-a-lot-of-commits/ Explosion de Claude Code : En six mois, Claude Code est passé de 0,7 % à 4,5 % de tous les commits publics sur GitHub, surpassant tous les autres outils d'IA combinés. Adoption massive des agents IA : Environ 5 % des commits publics sur GitHub sont désormais générés par des agents IA, un chiffre en croissance rapide depuis fin 2025. Domination des bots sur GitHub : Au-delà des commits, les outils d'IA sont omniprésents dans la gestion des pull requests et des problèmes (Copilot et CodeRabbit notamment). Limites méthodologiques : Les données ne concernent que les dépôts publics (les entreprises utilisent massivement des dépôts privés, invisibles ici). Le comptage dépend fortement de la visibilité des signatures (certains outils comme Claude marquent systématiquement leurs commits, d'autres non) L'API de recherche GitHub présente une fiabilité variable à cette échelle. Changement de paradigme : Le développement logiciel vit une transition majeure, comparable au passage du desktop au mobile. L'intégration des agents IA dans le cycle de production n'est plus une expérimentation, mais une réalité opérationnelle à grande échelle. Dysmaths une application pour aider à apprendre les mathématiques et la géométrie lorsque l'on souffre de dyspraxie, dysgraphie https://dysmaths.com/ Application web pour aider les élèves de collège et lycée souffrant de dysgraphie et dyspraxie à faire des maths et de la géométrie Outils de dessin à main levée, géométrie précise (compas, rapporteur, règle) et opérations structurées (fractions, racines, puissances, symboles mathématiques) Export PDF et PNG avec conservation fidèle de l'échelle pour l'impression et la soumission des exercices Options d'accessibilité : police OpenDyslexic, personnalisations d'interface, import d'images et de PDFs Répond à un besoin réel : les outils standards ne sont pas adaptés aux difficultés de coordination et d'organisation spatiale en mathématiques IA ou réalité ? Par Amistory https://www.youtube.com/watch?v=PPYdAhBBF2I L'IA génère des contenus (images, voix, vidéos) de plus en plus indétectables Les arnaques au clonage de voix et deepfakes sont en forte hausse Les faux contenus viraux manipulent l'opinion à grande échelle Le faux n'est plus un accident, c'est devenu un système organisé La société entre dans une ère de doute généralisé sur le réel Comment s'informer quand le réel lui-même peut être simulé ? Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2026 : Devoxx UK 2026 - London (UK) 12 mai 2026 : Lead Innovation Day - Leadership Edition - Paris (France) 12-13 mai 2026 : Lyon Craft - Lyon (France) 19 mai 2026 : La Product Conf Paris 2026 - Paris (France) 19-20 mai 2026 : Green Code Challenge - Paris (France) 21-22 mai 2026 : Flupa UX Days 2026 - Paris (France) 22 mai 2026 : AFUP Day 2026 Lille - Lille (France) 22 mai 2026 : AFUP Day 2026 Paris - Paris (France) 22 mai 2026 : AFUP Day 2026 Bordeaux - Bordeaux (France) 22 mai 2026 : AFUP Day 2026 Lyon - Lyon (France) 27 mai 2026 : aMP Day Strasbourg 2026 - Strasbourg (France) 28 mai 2026 : DevCon 27 : I.A. & Vibe Coding - Paris (France) 28 mai 2026 : Cloud Toulouse 2026 - Toulouse (France) 29 mai 2026 : NG Baguette Conf 2026 - Paris (France) 29 mai 2026 : Agile Tour Strasbourg 2026 - Strasbourg (France) 2-3 juin 2026 : Agile Tour Rennes 2026 - Rennes (France) 2-3 juin 2026 : OW2Con - Paris-Châtillon (France) 3 juin 2026 : IA–NA - La Rochelle (France) 4 juin 2026 : Workplace Intelligence Days - 1ère édition - Lyon (France) 5 juin 2026 : TechReady - Nantes (France) 5 juin 2026 : Fork it! - Rouen - Rouen (France) 6 juin 2026 : Polycloud - Montpellier (France) 9 juin 2026 : JFTL - Montrouge (France) 9 juin 2026 : C: - Caen (France) 9 juin 2026 : France API 2026 - Paris (France) 11-12 juin 2026 : DevQuest Niort - Niort (France) 11-12 juin 2026 : DevLille 2026 - Lille (France) 12 juin 2026 : Tech F'Est 2026 - Nancy (France) 15 juin 2026 : Jupyter Workshops: Demystifying MyST Markdown in Education - Orsay (France) 16 juin 2026 : Mobilis In Mobile 2026 - Nantes (France) 17-19 juin 2026 : Devoxx Poland - Krakow (Poland) 17-20 juin 2026 : VivaTech - Paris (France) 18 juin 2026 : Tech'Work - Lyon (France) 22-26 juin 2026 : Galaxy Community Conference - Clermont-Ferrand (France) 23-24 juin 2026 : MWCP 2026 - Paris (France) 24-25 juin 2026 : Agi'Lille 2026 - Lille (France) 24-26 juin 2026 : BreizhCamp 2026 - Rennes (France) 25-26 juin 2026 : Agile Tour Toulouse 2026 - Toulouse (France) 27 juin 2026 : Asynconf - Paris (France) 2 juillet 2026 : Azur Tech Summer 2026 - Valbonne (France) 2-3 juillet 2026 : Sunny Tech - Montpellier (France) 3 juillet 2026 : Agile Lyon 2026 - Lyon (France) 6-8 juillet 2026 : Riviera Dev - Sophia Antipolis (France) 28-30 août 2026 : State of the Map - Champs-sur-Marne (France) 4 septembre 2026 : JUG Summer Camp 2026 - La Rochelle (France) 10-11 septembre 2026 : Nantes Craft - Nantes (France) 17 septembre 2026 : dotAI - Paris (France) 17-18 septembre 2026 : API Platform Conference 2026 - Lille (France) 18 septembre 2026 : dotJS - Paris (France) 18 septembre 2026 : WordCamp Bretagne - Rennes (France) 22 septembre 2026 : Salon Data 2026 - Nantes (France) 22-23 septembre 2026 : Agile en Seine & IA 2026 - Paris (France) 24 septembre 2026 : OWASP AppSec Days France 2026 - Paris (France) 24 septembre 2026 : PlatformCon Paris - Paris (France) 24 septembre 2026 : React Native Connection 2026 - Paris (France) 24-26 septembre 2026 : Paris Web 2026 - Paris (France) 28-29 septembre 2026 : 4th Tech Summit on AI & Robotics - Paris (France) & Online 1 octobre 2026 : WAX 2026 - Marseille (France) 1-2 octobre 2026 : Volcamp - Clermont-Ferrand (France) 2 octobre 2026 : DevFest Perros-Guirec 2026 - Perros-Guirec (France) 5-9 octobre 2026 : Devoxx Belgium - Antwerp (Belgium) 12 octobre 2026 : Dev With AI - Paris (France) 27-29 octobre 2026 : Directions EMEA 2026 - Paris (France) 29-30 octobre 2026 : BDX I/O 2026 - Bordeaux (France) 30 octobre 2026 : Cloud Nord 2026 - Lille (France) 4-5 novembre 2026 : Devoxx Morocco - Casablanca (Morocco) 14-15 novembre 2026 : Capitole du Libre - Toulouse (France) 19 novembre 2026 : DevFest Toulouse 2026 - Toulouse (France) 27 novembre 2026 : DevFest Paris 2026 - Paris (France) 1-3 décembre 2026 : Apidays Paris - Paris (France) 4 décembre 2026 : DevFest Lyon 2026 - Lyon (France) 4 décembre 2026 : DevFest Dijon 2026 - Dijon (France) 9-10 décembre 2026 : OpenSource Expérience - Paris (France) 9-10 décembre 2026 : DevOps REX - Paris (France) 10 décembre 2026 : KCD Provence - Aix-en-Provence (France) 7-9 avril 2027 : Devoxx France 2027 - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

In this episode James and Frank dive into running AI coding models locally versus in the cloud—BYOK/Open Router, VS Code's chat/agent harness, model runners (Olama, vLLM), and the practicality of 27B models on a 3090 using 4‑bit quantization. They share hands-on takeaways—how recent engineering (MT/MTPLX) boosts inference to usable token rates, when auto model selection makes sense, cost and hardware trade‑offs, and why local models can liberate your workflow while still needing smarter, unified tooling. Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us ⭐⭐ Machine transcription available on http://mergeconflict.fm

  In this episode, Ray Cochrane leads with Mozilla shipping Firefox 150 with 271 patched bugs found by Anthropic’s Mythos system, the first major real-world deployment of the AlphaGo-Moment cybersecurity tooling. He also covers a 9-year dormant Linux kernel root, a college student stopping Taiwan’s high-speed rail with a software-defined radio, GitHub MCP secret scanning going GA, the NVIDIA NeMo lawsuit surviving its motion to dismiss, the Hugging Face Reachy Mini app store, Anthropic’s Auto Mode for Claude Code, and the 4-gigabyte AI model Chrome silently installed on your computer. – Want to start a podcast? Its easy to get started! Sign-up at Blubrry – Thinking of buying a Starlink? Use my link to support the show. Subscribe to the Newsletter. Email Ray if you want to get in touch! Like and Follow Geek News Central’s Facebook Page. Support my Show Sponsor: Best Godaddy Promo Codes Get 1Password Full Summary Cochrane opens the show with the AlphaGo Moment moving from theory into production. Mozilla shipped Firefox 150 this week with 271 patched bugs that Anthropic’s Mythos system found. Furthermore, the broader episode threads a clear pattern: AI tooling is reshaping security, developer workflows, and consumer software faster than the surrounding ecosystem can absorb it. The show closes on the four-gigabyte AI model Chrome installed on a billion machines without explicit consent. Mozilla Ships 271 Mythos Bugs in Firefox 150 Mozilla ran Anthropic’s restricted Mythos system against the Firefox 150 codebase before shipping. The result: 271 found bugs (180 high severity, 80 moderate, 11 low) baked into the release. However, the bigger number is the year-over-year jump. April 2026 shipped 423 total Firefox security fixes versus 31 a year prior. The breakdown for April: 271 from Mythos, 41 from external researchers, and 111 from other internal sources. Cochrane is sticking to his guns on calling this the AlphaGo Moment for cybersecurity. Skeptics argue Mythos is industrial-scale fuzzing because most found bugs sit in memory-safety territory. However, his counter is the velocity itself. Furthermore, he frames the resistance as carriage-versus-cars: humans-first research still grounds the tool, but throughput is the win. The Firefox CTO put it directly: defenders finally have a chance to win, decisively. For developers asking whether Mythos changes anything if they already run fuzzers, Cochrane’s answer is yes, and not even close. Additionally, he notes Mythos is restricted-access. The broadly available tier is Claude Opus 4.7, which Mozilla used since February before getting onto the restricted program for the Firefox 150 cycle. Run Opus 4.7 first. Sponsor: GoDaddy GoDaddy has been sponsoring this show for over twenty years. Economy hosting starts at $6.99/month, WordPress hosting at $12.99/month, and domains at $11.99. Use codes at geeknewscentral.com/godaddy for exclusive deals and to directly support the show. Copy Fail: 9-Year Linux Kernel Bug, 732 Bytes to Root A 9-year-old dormant Linux kernel bug got disclosed April 29 as CVE-2026-31431. Researchers published a 732-byte Python script that roots every major Linux distribution shipped since 2017. Additionally, CISA added the CVE to its Known Exploited Vulnerabilities catalog on May 1 with a May 15 federal deadline. The bug lives in the kernel’s crypto socket layer through the AF_ALG AEAD interface, originating in a 2017 in-place crypto optimization that lacked bounds checking. Cloudflare published their post-mortem this week. Their first instinct was to remove the kernel module entirely. However, service dependencies forced a workaround instead. Cloudflare resumed normal patched-kernel reboot automation across their 330-city fleet on May 4, with manual reboots and rollouts continuing after. Taiwan Rail Stopped by a 23-Year-Old With a Software-Defined Radio A 23-year-old Taiwanese university student with the surname Lin spoofed a TETRA general alarm signal on April 5, stopping trains on Taiwan’s high-speed rail. The accomplice supplied the radio parameters. Both were arrested by month-end. Lin posted NT$100,000 bail; the accomplice posted NT$80,000. The incident hit at 11:23 PM during the Qingming holiday weekend, stopping three revenue passenger trains plus one deadhead. Furthermore, the system has been in service for 19 years without rotating its cryptographic parameters once. Cochrane notes this is exactly the type of long-dormant infrastructure flaw that Mythos-class tooling catches, if anyone bothers to point it at the wires we already have. GitHub MCP Secret Scanning Goes GA GitHub’s secret scanning in the MCP server hit GA on May 5, with dependency scanning entering public preview the same day. Both released after a seven-week public preview run starting March 17. Additionally, the feature lets MCP-compatible coding agents (Copilot CLI, VS Code, JetBrains, Claude Code, Cursor, Windsurf) detect exposed secrets before commits or pull requests. Findings are ephemeral. They surface only in the current chat session and don’t persist as GitHub alerts. Sources disagree on scope: GitHub’s GA changelog says repo-level or org-level settings work, while the docs say only org-level applies. Cochrane flags the open question of whether MCP prompt injections could be exploited to send discovered secrets elsewhere. Subquadratic Debuts a 12-Million-Token Context Window Miami-based Subquadratic emerged from stealth on May 5 with a $29 million seed round and a reported $500 million valuation. Their model, SubQ 1M-Preview, runs on a new Subquadratic Sparse Attention architecture (their technical writeup calls it Selective Attention; same acronym, different second word). The headline claim: a thousand-times reduction in attention compute at 12 million tokens versus frontier models. However, that figure is vendor marketing math. There is no peer-reviewed paper, no public weights, and no independent benchmark replication. Researchers are demanding independent proof. Furthermore, CTO Alex Whedon’s pull line, “Retrieval / RAG plumbing is a waste of human intelligence,” signals how aggressively they want to position against retrieval-augmented architectures. ChatGPT Goblins, China’s “Catch You Steadily”: Sycophancy Is Universal Last week’s ChatGPT goblin obsession has a Chinese-language twin. The model overuses a phrase translating as “I will steadily catch you.” Additionally, a new Stanford and CMU study called ELEPHANT shows social sycophancy is universal across all 11 LLMs tested with 2,400-plus participants. Models endorsed users 49 percent more than humans did, and 47 percent even on harmful prompts. Alibaba’s Qwen and DeepSeek topped the rankings. Cochrane notes sycophancy is obvious once you’re aware of it but tricky to dissuade. Even with explicit instructions, longer context windows can reintroduce the behavior as the instructions get diluted. Furthermore, the trap is believing you’ve handled it. Once you think you’ve got it under control, you’re more prone to being influenced because you stopped watching for it. NVIDIA NeMo Lawsuit: Judge Tigar Denies Motion to Dismiss Three authors filed Nazemian v. NVIDIA in March 2024, alleging NVIDIA used The Pile and Books3 (approximately 196,640 pirated books) to train its NeMo AI framework. NVIDIA’s defense relied on the Sony v. Universal Betamax doctrine, arguing NeMo’s training scripts are general-purpose tools like a VCR. This week, Judge Tigar denied NVIDIA’s motion to dismiss in the Northern District of California. The headline quote: NeMo’s training scripts “have no other purpose than to speed up the process of infringement.” Furthermore, the judge rejected the VCR analogy outright. NeMo’s scripts are not general-purpose tools; they were allegedly purpose-built to ingest pirated material. Cochrane reads the Betamax framing as legal-jargon arbitrage rather than honest defense. The Humanoid Robot Market Is Smaller Than the Hype Michael Barnard at CleanTechnica argues that scenario-math against the global labor market puts realistic humanoid TAM at $200 billion to $1 trillion, not $20 trillion. Near-term wins cluster in warehouses, not homes. Additionally, the framework weighs dexterity burden against human-proximity safety burden. Real opportunities cluster where both burdens are low. Cochrane connects this to last week’s reservations about humanoids in the household. Furthermore, the risk profile is the issue: these robots aren’t prepared for every scenario, can’t make dynamic decisions, and one software update can change the definition of “safe.” Hugging Face Launches Reachy Mini App Store Hugging Face launched an open-source app store for the Reachy Mini robot this week, $299 for the Lite tethered version and $449 wireless. There are 200-plus community-built apps at launch from over 150 creators, with nearly 10,000 Reachy Minis cumulative shipped. Additionally, apps are forkable, with the default agent (ML Intern) able to modify, write, test, and ship code on any existing app. Examples at launch include an office receptionist built in under two hours, a Reachy Phone Home anti-procrastination app, baby-monitor-style apps, a cooking assistant, and a 78-year-old Joel Cohen’s voice-controlled CEO peer-group app. Pollen Robotics, the company behind Reachy, was acquired by Hugging Face on April 14, 2025. Bebop the Humanoid Robot Delays Southwest Flight 1568 A 4-foot, 70-pound humanoid robot named Bebop delayed Southwest flight 1568 from Oakland to San Diego by more than 73 minutes on April 30. The crew flagged the lithium battery as oversized. Furthermore, the battery was reportedly four times the cabin limit. Bebop belongs to Dallas-based Elite Event Robotics, which bought a full-price cabin ticket because the robot exceeded checked-baggage weight. Bebop danced for passengers at the gate before boarding. However, Southwest had Elite remove the batteries before departure, and replacements were overnighted to Chicago for the next event. Cochrane flags the obvious: batteries have always been flagged in aviation, so forgetting that with a humanoid robot in tow is a strange miss. Ouster Rev8: Native Color Lidar With Google, Volvo, Skydio Stating Intent Ouster announced the Rev8 OS Family on May 4 in San Francisco. The sensors fuse depth and color via SPAD detectors (single photon avalanche diodes) on Ouster’s custom L4 and L4 Max chips. Google, Volvo Autonomous Solutions, Skydio, Liebherr, Epiroc, and PlusAI have stated intent to adopt, though nothing is formally signed. Specs include 48-bit color, 116 dB dynamic range, and pre-fused 3D colorized point clouds. The OS1 Max gets 500-meter max detection. Available to order today and shipping this quarter, with no pricing disclosed. CEO Angus Pacala in his TechCrunch interview: “The goal is to obviate cameras. There’s no reason that one sensor can’t do both.” TagTinker Lets a Flipper Zero Mess With Electronic Shelf Labels A new Flipper Zero app called TagTinker uses infrared signals to push images and text to electronic shelf labels. Additionally, these are the same kind of price tags grocery chains are starting to use for surveillance pricing. The app and GitHub repo went public this week. Maryland’s HB 895, signed by Governor Wes Moore, takes effect October 1 as the first-in-nation surveillance pricing law. It covers food retailers and third-party food delivery service providers. Furthermore, ESLs use the same IR signaling as TV remotes with weak security. The dev’s disclaimer states it’s strictly for educational research, security curiosity, and displaying digital art on hardware you legally own. Fitbit App Becomes Google Health, Plus Fitbit Air, Plus Google Fit Sunset Google announced May 7 that the Fitbit app becomes Google Health on May 19, rolling through May 26. The launch ships with the new $99.99 Fitbit Air screenless tracker and the long-rumored Google Fit shutdown. Additionally, the four-tab interface (Today, Fitness, Sleep, Health) bundles a Gemini-powered AI Health Coach. Coach is premium-gated at $9.99/month or $99/year. Medical records integration is US-only at launch. The Fitbit Air gets up to one week of battery life and 50-meter water resistance. However, Cochrane flags conflicting privacy framing: Google’s AI summary bullets say “your data stays private,” but the actual document copy says only “committed to not using Fitbit user health and wellness data for Google Ads.” Those are not the same statement. Russinovich on Why Win32 Won and WinRT Didn’t Microsoft Azure CTO Mark Russinovich said via Microsoft Dev Docs video that Win32, the 1995 API, is still foundational to Windows 11. WinRT, the modernization replacement, “didn’t play out the way a lot of people expected.” Mostly clickbait framing per Windows Latest, but the substantive angle is real. Microsoft is pivoting back to native WinUI 3 development after years of pushing developers toward WebView2 and Electron. Additionally, Electron-based apps are known for insane RAM usage, and everyone is hurting for RAM right now. Furthermore, the bigger open question is whether Electron survives the test of time, especially with the React engine reportedly being rewritten in Rust. “Tabula Plena”: The Brain Starts Full, Not Blank A Nature Communications study from the Institute of Science and Technology Austria found that the mouse hippocampal CA3 recurrent network begins densely connected and refines through pruning. ISTA’s press release frames this as “tabula plena,” meaning full slate, counter to tabula rasa. The paper published April 21. First author Victor Vargas-Barroso and senior author Professor Peter Jonas studied mice at three developmental stages. Furthermore, the “starting overloaded enables faster sensory integration” framing is Jonas’s hypothesis from the press release, not a paper conclusion. Cochrane closes on the bigger question: did we have human growth and experience mapped wrong from the start? The Aqueous Battery You Can Pour Down the Drain A Chinese research team led by Professor Chunyi Zhi at City University of Hong Kong built an aqueous battery using a custom organic polymer electrode plus neutral magnesium and calcium salts (food-grade tofu coagulants) as electrolyte. Published in Nature Communications on February 18. Numbers to know: 120,000-plus charge cycles, full-cell energy density of 48.3 watt-hours per kilogram. That’s well below typical lithium-ion. However, post-cycling analysis showed only magnesium, calcium, chlorine, carbon, and copper, with no heavy metals. The cell complies with US RCRA, ISO 14001, and China’s GB 18599-2020 for direct environmental disposal. Additionally, the “300-plus years” framing is journalists extrapolating from the 120,000 cycles, not a paper claim. ResoNix Klippel Tests Expose Car-Audio Spec Lies Nick Apicella, founder of ResoNix Sound Solutions in Stony Point, New York, spent around $23,000 on independent Klippel LSI and TRF testing of 40 subwoofers. He published 21 results showing widespread misrepresentation of Xmax (excursion) and thermal/power-handling claims. Test data published in three batches between December 2025 and January 2026. Specifics: Wavtech thinPRO12 claimed 20 mm of excursion but delivered 8.85 mm, scoring 15 out of 100 on marketing accuracy. One driver hit 44 percent of advertised excursion. Another tripped thermal protection at half its rated power. Additionally, nine of 21 drivers scored below 50 out of 100. Brands tested include JL Audio, Sundown, Focal, Morel, Audiofrog, Adire, Stereo Integrity, and Dynaudio. Conflict-of-interest flag: ResoNix’s own GUS-15, 12, and 10 prototypes conveniently rank one, two, three. JetBrains Opens 2026 Developer Ecosystem Survey JetBrains opened the 10th annual Developer Ecosystem Survey this week. It takes about 30 minutes, with prizes including a MacBook Pro 16-inch and a $1,000 Amazon gift card. Anonymized raw data is published publicly, and cumulative scale is 100,000-plus developers across recent years. Additionally, the survey is going fully anti-AI: “evil bots, dishonest respondents, and AI agents will be excluded from prize distribution.” Cochrane is curious whether TypeScript holds its 2025 crown after knocking Python off, and whether Rust shows real growth given the wave of LLM-driven Rust rewrites in the past few months. Anthropic’s Claude Code Auto Mode Goes Live Anthropic launched Auto Mode for Claude Code roughly six weeks ago. Claude Code’s previous behavior required user approval for most file modifications and command executions, generating heavy approval-fatigue complaints during longer sessions. Auto Mode is the answer: Claude can run multi-step development tasks without per-action approval. Additionally, the architecture is a two-stage classifier, with stage one a fast yes/no filter and stage two doing chain-of-thought on flagged actions. Cochrane runs his own Claude Code in YOLO mode but with custom rejection rules baked into settings to block commands he doesn’t want, even with skip-permissions on. He recommends configuring settings as the actual policy layer rather than relying on classifier judgment alone. Furthermore, recent posts about Claude deleting websites or wiping production databases reinforce why the settings layer matters more than the auto-mode toggle. Chrome Quietly Installed a 4GB AI Model on Your Computer Google Chrome silently downloads on-device AI model weights (Gemini Nano family) to a `weights.bin` file in the OptGuideOnDeviceModel directory, around four gigabytes in Alexander Hanff’s audit. Furthermore, the model re-downloads if you delete it. Hanff timed his own install at 14 minutes 28 seconds on macOS. Affected platforms include Windows, macOS (including Apple Silicon), and Linux. Hanff frames this as a multi-front legal violation: a direct breach of Europe’s ePrivacy Directive, two articles of GDPR, and an environmental harm of a magnitude that would be notifiable under the Corporate Sustainability Reporting Directive. At one billion users, the four-gigabyte distribution represents roughly 240 gigawatt-hours of network and storage energy paired with about 60,000 tonnes of CO2-equivalent emissions. However, no EU regulator action or formal complaint has surfaced as of this episode. The model powers on-device features (email writing, scam detection, summarization, smart paste, tab grouping) but not the visible AI Mode button, which routes to the cloud. To disable, Cochrane recommends Chrome Settings, then System, then On-device AI, toggle to off. Two more paths exist via `chrome://flags` or a Windows registry edit. Cochrane closes the show with show housekeeping: GNC Insider at geeknewscentral.com/insider, email at geeknews@gmail.com, newsletter signup at geeknewscentral.com, and Pocket Casts as a solid modern podcast app pick. Have a wonderful night. The post Mozilla Meets Mythos #1864 appeared first on Geek News Central.

Explore Azure MCP Server and Azure Skills working together to extend AI capabilities across Azure services. In this video, we walk through the developer experience in VS Code, showing how to configure, run, and interact with Azure Skills seamlessly. Chapters 00:00 - Introduction 00:50 - What's Azure MCP 01:58 - Install Azure MCP 05:43 - VS Code User Experience 08:49 - VS Code Demo 14:25 - Azure Skills 18:36 - Wrap Up / Outro Recommended resources Learn Docs Azure Product page Azure Skills Connect Scott Hanselman | Twitter/X: @SHanselman Azure SDK | Blog: Azure SDK Blog Azure SDK | Twitter/X: @AzureSDK Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

Explore Azure MCP Server and Azure Skills working together to extend AI capabilities across Azure services. In this video, we walk through the developer experience in VS Code, showing how to configure, run, and interact with Azure Skills seamlessly. Chapters 00:00 - Introduction 00:50 - What's Azure MCP 01:58 - Install Azure MCP 05:43 - VS Code User Experience 08:49 - VS Code Demo 14:25 - Azure Skills 18:36 - Wrap Up / Outro Recommended resources Learn Docs Azure Product page Azure Skills Connect Scott Hanselman | Twitter/X: @SHanselman Azure SDK | Blog: Azure SDK Blog Azure SDK | Twitter/X: @AzureSDK Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

When OpenAI trained GPT-3, they didn't roll their own orchestration layer. They used Ray, an open source Python framework born out of the same Berkeley research lab lineage that gave us Apache Spark. And here's the twist: Ray was originally built for reinforcement learning research, then quietly faded as RL hit a wall. Until ChatGPT showed up. Suddenly reinforcement learning was back, as the post-training step that turns a raw language model into something genuinely useful. Edward Oakes and Richard Liaw, two founding engineers behind Ray and Anyscale, join me on Talk Python to tell that story. We'll trace Ray from its RISE Lab origins at UC Berkeley to powering some of the largest training runs in the world. We'll talk about what Ray actually is, a distributed execution engine for AI workloads, and how a few lines of Python become work running across hundreds of GPUs. We'll cover Ray Data for multimodal pipelines, the dashboard, the VS Code remote debugger, KubRay for Kubernetes, and where Ray fits alongside Dask, multiprocessing, and asyncio. If you've ever stared at a single-machine Python script and thought, "there has to be a better way to scale this", this one's for you Episode sponsors Sentry Error Monitoring, Code talkpython26 AgentField AI Talk Python Courses Links from the show Guests Richard Liaw: github.com Edward Oakes: github.com Ray: www.ray.io Example code (we used for walk-through): docs.ray.io Getting Started with Ray: docs.ray.io Ray Libraries: docs.ray.io kuberay: github.com Watch this episode on YouTube: youtube.com Episode #547 deep-dive: talkpython.fm/547 Episode transcripts: talkpython.fm Theme Song: Developer Rap

The Foundry Toolkit for Visual Studio Code - formerly the AI Toolkit - is Microsoft's answer to fragmented AI development workflows, bringing model selection, prompt iteration, agent building, evaluation, and production tracing into a single VS Code extension. In this episode, we walk through the full feature surface. Whether you're picking your first frontier model or shipping a hosted agent to Microsoft Foundry, this is the episode for you!(00:00) - Intro and catching up.(03:55) - Show content starts.Show links- Foundry Toolkit overview- Give us feedback!

Paula Kingsley, a senior IT leader, longtime consultant, automation and PowerShell enthusiast, eight-time Microsoft MVP for Exchange Server, and happy generalist, joins Andrew for a wide-ranging conversation about her tech journey and what it actually looks like to grow from deep hands-on work into technology leadership. They kick things off with a topic near and dear to a lot of PowerShell folks: the ISE-to-VS Code migration. Paula was terrified of it, put it off for as long as she could, and now uses VS Code every single day. From there, the conversation opens up into what consulting taught her about solving problems, how being a generalist can be a genuine advantage, why documentation and communication matter as much as technical skill, and what it means to keep the human side of technology alive as you move up. Paula also drops some solid practical PowerShell wisdom along the way, from always including WhatIf support in your functions to the very important reminder that Get is safe and Set is something else entirely. Key Takeaways: Making the jump from ISE to VS Code feels daunting, but the move is absolutely worth it. The secret is forcing yourself to open it first and just leaving it open until the habit takes hold. Being a generalist isn't a weakness. The ability to see across systems, communicate up and down, and translate technical work into business outcomes is a real and undervalued skill. Always build yourself an escape route. WhatIf and ShouldProcess aren't just best practices, they're the difference between a confident deployment and a very bad afternoon. Guest Bio: Paula Kingsley is an outcome-driven senior IT leader, technology operations and engineering expert, eight-time Microsoft MVP for Exchange Server, and self-described happy generalist. Her path into tech started with a liberal arts degree and eventually led through boutique IT consulting, enterprise infrastructure, global production operations, automation, cloud, AI, and a deep appreciation for PowerShell. Paula has built her career around solving problems, simplifying workflows, removing friction, and helping technical teams work better at scale. She is senior enough to shape strategy and steer practices, still hands-on enough to fix things herself, and yes, she even likes regex. You can find her on GitHub as lanwench and on LinkedIn. Resource Links: Paula Kingsley on LinkedIn – https://www.linkedin.com/in/paulakingsley/ Paula Kingsley on GitHub – https://github.com/lanwench Connect with Andrew – https://andrewpla.tech/links/ PDQ Discord – https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/WLNVCW7S8BE

This is a recap of the top 10 posts on Hacker News on May 02, 2026. This podcast was generated by wondercraft.ai (00:30): VS Code inserting 'Co-Authored-by Copilot' into commits regardless of usageOriginal post: https://news.ycombinator.com/item?id=47989883&utm_source=wondercraft_ai(01:56): Why does it take so long to release black fan versions?Original post: https://news.ycombinator.com/item?id=47983352&utm_source=wondercraft_ai(03:22): Ask.com has closedOriginal post: https://news.ycombinator.com/item?id=47983226&utm_source=wondercraft_ai(04:48): NetHack 5.0.0Original post: https://news.ycombinator.com/item?id=47988776&utm_source=wondercraft_ai(06:15): Dav2dOriginal post: https://news.ycombinator.com/item?id=47988504&utm_source=wondercraft_ai(07:41): AI Self-preferencing in Algorithmic Hiring: Empirical Evidence and InsightsOriginal post: https://news.ycombinator.com/item?id=47987256&utm_source=wondercraft_ai(09:07): California to begin ticketing driverless cars that violate traffic lawsOriginal post: https://news.ycombinator.com/item?id=47988742&utm_source=wondercraft_ai(10:33): Do_not_trackOriginal post: https://news.ycombinator.com/item?id=47988592&utm_source=wondercraft_ai(12:00): Russia Poisons WikipediaOriginal post: https://news.ycombinator.com/item?id=47986083&utm_source=wondercraft_ai(13:26): How fast is a macOS VM, and how small could it be?Original post: https://news.ycombinator.com/item?id=47984852&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

https://clearmeasure.com/developers/forums/ Chet Husk is a Product Manager on the .NET Tools team at Microsoft, where he leads the .NET SDK, MSBuild, Template Engine, and Install Scripts teams -- shaping how millions of .NET developers build, publish, and containerize their applications. Before joining Microsoft in 2021, Chet was deeply embedded in the F# open-source community, serving on the F# Software Foundation Board and co-maintaining Ionide, the popular F# extension for VS Code. At Microsoft, he drove the built-in container publishing support that lets developers create container images with just "dotnet publish" -- no Dockerfile required -- and recently shipped SLNX, the new XML-based solution file format for the .NET CLI. He is also exploring the intersection of AI and build tooling with an open-source MCP server that lets AI assistants analyze MSBuild binary logs. Mentioned in this Episode GitHub LinkedIn .NET Blog Recent projects / posts Blog: "Introducing support for SLNX, a new, simpler solution file format in the .NET CLI" (Mar 2025, .NET Blog)  mcp-binlog-tool: MCP server for AI-assisted MSBuild binary log analysis  Blog: "Announcing built-in container support for the .NET SDK" (.NET Blog) .NET Conf 2023 talk: ".NET Containers advancements in .NET 8"  .NET Conf 2022 Keynote presenter  SLNGEN .NET Tool /dotnet/skills GitHub repo structed nuget package - devlooped EBNF Grammar (Extended Backus–Naur Form) https://msbuildlog.com/ https://github.com/devlooped/StructId Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

PHP Podcast – April 23, 2026 Hosts: Eric Van Johnson & John Duration: ~1 hour 10 minutes Episode Summary Eric and John return to the podcast after a few weeks away, discussing everything from Disneyland trips and bowling tournaments to EAV database nightmares, editor wars (Vim vs. PHPStorm), AI coding tools, and the state of in-person PHP community events. Thank You to Our Sponsor Displace Technologies – Building PHP applications is your passion. Managing cloud infrastructure shouldn’t be your headache. Displace is your partner in cloud infrastructure orchestration, giving solo developers and small teams the tools and automation to deploy enterprise-grade Kubernetes clusters without the enterprise-grade complexity or cost. Get started at displace.tech Show Notes & Timestamps [00:00] Welcome Back – Eric and John return after Joe, Sarah, and Sammy filled in last week [02:45] Technical Difficulties – Eric’s streaming setup continues to cause problems [04:30] PHP Architect Consulting – Reminder that PHP Architect does real-world consulting work (augment teams or full team) [06:15] PHP Tek Countdown – 26 days away! Less than 4 weeks [08:30] John’s Disneyland Trip – Family spring break trip with a clever 3-day pass hack [12:00] Bowling Tournament – John competed in Reno for U.S. Championship (singles: 1,963rd, doubles: 2,599th, team: 607th) [14:00] Joe Ferguson News – Congratulations to Joe on becoming PHP Release Manager! [16:30] EAV Database Nightmare – John’s journey removing Entity-Attribute-Value system after 10+ years (running out of bigint IDs) [28:00] Editor Wars: Vim vs. PHPStorm – Eric’s return to NeoVim after trying VS Code. Discussion of keybindings, speed, and muscle memory [38:00] AI Coding Tools – Using Claude Code with subagents (front-end, back-end, database, QA). Discussion of productivity gains and QA bottlenecks [46:00] Docker Sandbox for Claude – John explains running Claude in Docker sandbox mode for project isolation [52:00] PHP Tek Mobile App – Holly (listener/mobile dev) offered to build an attendee app with wallet pass integration [56:30] Trailer Disaster Averted – Holly got trailer tires changed just before record flooding at the storage location [01:01:00] PHP Verse 2026 – JetBrains virtual event. Discussion of value of in-person vs. virtual conferences [01:08:00] Bitwarden CLI Security Alert – Trojan horse in version 2026.4.0 (credential stealer). Verify your installation! [01:13:00] Security & AI – Discussion of supply chain attacks, npm pre-install hooks, and risks of AI-generated code without review Links Mentioned Displace Technologies – Episode sponsor PHP Podcast Discord PHP Architect on YouTube PHP Architect – Consulting & Magazine PHP Tek 2026 – 26 days away! PHP Verse 2026 – JetBrains virtual event SessionEye – Conference schedule management Quotes “I’m still coding but I’m not doing like a full end-to-end coding anymore… I don’t know if I need PHPStorm anymore.” – Eric on how AI tools have changed his workflow “It’s like you go away on vacation and you have a great time… but you come home and you lay down in your bed and you’re like, ‘Oh wait, this feels better.'” – Eric describing his return to Vim “I’m embracing these early adopters of ‘we don’t need developers anymore, we have AI’ because I’m charging them a lot of money here in a couple of years.” – Eric on fixing AI-generated code Host: Eric Van Johnson X: @shocm Mastodon: @eric@phparch.social Bluesky: @ericvanjohnson.bsky.social PHPArch.me: @eric John Congdon X: @johncongdon Mastodon: @john@phparch.social Bluesky: @johncongdon.bsky.social PHPArch.me: @john Streams: Youtube Channel Twitch Connect & Hire PHP Architect Website Twitter/X Mastodon Hire PHP Developers Looking to hire PHP developers? Email support@phparch.com – Joe and the team are available for consulting, infrastructure work, Ansible playbooks, and code review. Partner This podcast is made a little better thanks to our partners Displace Infrastructure Management, Simplified Automate Kubernetes deployments across any cloud provider or bare metal with a single command. Deploy, manage, and scale your infrastructure with ease. https://displace.tech/ PHPScore Put Your Technical Debt on Autopay with PHPScore CodeRabbit Cut code review time & bugs in half instantly with CodeRabbit. Music Provided by Epidemic Sound https://www.epidemicsound.com/ Next Episode Join us next week for more PHP news, tech talk, and community updates. See you at PHP Tek! Got feedback? Join us on Discord at discord.phparch.com  The post The PHP Podcast 2026.04.23 appeared first on PHP Architect.

Pierce leads the VS Code product team. He has a long history in developer tools and joined via Microsoft's acquisition of Xamarin in 2016. He lives in Park City, UT and enjoys skiing and biking with his wife and two kids.You can find Pierce on the following sites:BlogXGitHubLinkedInPLEASE SUBSCRIBE TO THE PODCASTSpotifyApple PodcastsYouTube MusicAmazon MusicRSS FeedYou can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.comCoffee and Open Source is hosted by Isaac Levin

https://clearmeasure.com/developers/forums/ Pierce Boggan is the PM Lead for Visual Studio Code and GitHub Copilot at Microsoft, where he guides the product direction of the world's most popular code editor as it evolves into an AI-native development platform. He joined Microsoft through the Xamarin acquisition more than a decade ago and has worked across mobile tools, Visual Studio, and the Teams Toolkit before taking the helm of the VS Code team in late 2024. Pierce co-hosts the VS Code Insiders Podcast, presented in the GitHub Universe 2025 keynote, and recently helped his team make the historic shift from monthly to weekly releases -- powered by AI. He is also the creator of Primer, an open-source CLI that prepares codebases for AI-assisted development. -------------------------------------------- Mentioned in This Episode Website  Twitter / X  GitHub Podcast  Primer Recent projects / posts: Agent HQ in VS Code announced (Dec 2025) -- unified view for managing local, background, and cloud AI agents GitHub Universe 2025 keynote presenter (Nov 2025) VS Code Insiders Podcast: "VS Code -- 2025 Wrapped" (Dec 2025) Primer CLI -- prepares repos for AI-assisted development (423 stars) nano-banana-mcp -- MCP server enabling image creation in GitHub Copilot VS Code team moved from monthly to weekly releases (Mar 2026 interview)  ---------------------------------------- Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

In this episode, Andrew Warner, founder of Mixergy, host of over 2,500 founder interviews, and creator of The Next New Thing, reveals why the most exciting business opportunity in AI right now isn't building another chatbot or SaaS tool. It's building for AI agents as customers. Andrew shares how one founder went from $3K to $70K/month by simply pivoting his social media tool to serve AI agents instead of humans, why Jason Fried at Basecamp is now adding agent-first features, and what this means for every entrepreneur and operator watching the AI wave. Andrew breaks down his own AI tech stack (Claude Code, VS Code, Atlas Browser, OpenClaw), why he keeps a separate laptop just for AI agent work, and the brutal honesty about how much time we're all spending "playing" with AI vs. actually building revenue-generating products. He and Liam go deep on the "SaaSpocalypse" debate, whether intelligence becoming a utility makes audience and distribution the only real moats, and why the agent-to-agent economy, where software sells to other software, might be the biggest shift since mobile. Key Topics Covered How Andrew built a $30M/year email newsletter business in his 20s and what he learned about monetization The origin story of Zapier: Andrew was their first paying customer before they even had a product Why AI's "shiny object syndrome" is the biggest trap for builders right now Andrew's daily AI tech stack: Claude Code, VS Code, Atlas Browser, Claude Desktop, and WhisperFlow How Postiz went from $3K to $70K/month by becoming the social media tool for AI agents The agent-to-agent economy: why your next best customer might not be human Is SaaS dead? Andrew's nuanced take after 2,500+ founder interviews Why audience and platform stickiness are the only real moats when intelligence becomes a utility Liam's Claude automation workflows: auto-generating guest research, marketing assets in 5 minutes Vibe video editing and the future of AI-powered content production Episode Timestamps 00:00 - Introduction and welcome 00:28 - Andrew's background: building a $30M email newsletter empire 02:00 - Selling the business in his mid-20s and traveling the world 06:19 - Starting Mixergy and doing 2,500+ founder interviews 09:39 - The founders Andrew admires most: Wade Foster and Zapier's origin story 12:07 - How solving problems for free changes your career 12:51 - AI's shiny object syndrome: building for fun vs. solving real problems 14:36 - Andrew's mission: helping AI builders find real revenue 17:45 - Andrew's AI tech stack: VS Code, Claude Code, Atlas Browser, WhisperFlow 22:32 - The ideal future of work with AI agents 24:31 - What's most impressive and most underwhelming about AI right now 25:20 - Building a social listening tool with AI 27:08 - The SaaSpocalypse debate: can you vibe-code your own tools? 36:12 - Postiz: from $3K to $70K/month by selling to AI agents 38:17 - The agent-to-agent marketplace future 40:06 - Liam's Claude automation: auto-generating guest research briefs 43:19 - Real-time AI workflows with WhisperFlow and Claude 48:02 - Why investing time in AI compounds exponentially 50:05 - Creating marketing assets in 5 minutes with Claude 51:27 - Vibe video editing: the next frontier for content creators 53:42 - Thought experiment: what's defensible when intelligence is a utility? 55:39 - The bread maker analogy: why SaaS won't actually die 58:01 - What makes software defensible: switching costs and stickiness 01:00:47 - Postiz deep-dive: the agentic social media scheduling tool 01:03:26 - Agent-first businesses: newsletters, chat apps, and tools built for agents 01:08:51 - Where to find Andrew and closing thoughts Andrew's Socials: LinkedIn — https://www.linkedin.com/in/andrewwarner/ Website — https://thenextnewthing.ai Partner Links Book Enterprise Training — https://www.upscaile.com/ Subscribe to our free newsletter — https://www.theaireport.ai/subscribe Get free AI resources: https://community.theaireport.ai/checkout/the-ai-report-welcome-gift?coupon_code=WRTH Learn more about your ad choices. Visit megaphone.fm/adchoices

This week on Azure Friday, Scott Hanselman talks with Jonathon Frost about AI-enhanced migration from Oracle to PostgreSQL using the VS Code PostgreSQL extension. See how developers can automate schema conversion, transform application code, and validate results using an intelligent, agent-driven workflow. Chapters 00:00 - Introduction 00:36 - Model Hyperparameter Tuning, Agent Orchestration, and Determinism 02:25 - Architectural Overview of AI-enhanced Schema Migration 04:28 - How it is Built on the VS Code Extension for PostgreSQL 04:56 - Self-correction of AI-enhanced Migration 05:59 - Migration Demo 06:33 - Connect to Oracle Database 07:23 - Connect to PostgreSQL Database 07:50 - Connect to Azure OpenAI Endpoint 08:45 - Run Migration 09:37 - Review Completed Migration Report 11:07 - Visualize Schema of PostgreSQL Database 12:17 - Side-by-side File Diff 13:30 - Where to get the Extension and Learn More Recommended resources Learn Docs VS Code Extension Marketplace Page Azure Product Page Blog Connect Scott Hanselman | Twitter/X: @SHanselman Jonathon Frost | LinkedIn: linkedin.com/in/jjfrost Azure Database for PostgreSQL | LinkedIn: linkedin.com/company/azure-database-for-postgresql Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

This week on Azure Friday, Scott Hanselman talks with Jonathon Frost about AI-enhanced migration from Oracle to PostgreSQL using the VS Code PostgreSQL extension. See how developers can automate schema conversion, transform application code, and validate results using an intelligent, agent-driven workflow. Chapters 00:00 - Introduction 00:36 - Model Hyperparameter Tuning, Agent Orchestration, and Determinism 02:25 - Architectural Overview of AI-enhanced Schema Migration 04:28 - How it is Built on the VS Code Extension for PostgreSQL 04:56 - Self-correction of AI-enhanced Migration 05:59 - Migration Demo 06:33 - Connect to Oracle Database 07:23 - Connect to PostgreSQL Database 07:50 - Connect to Azure OpenAI Endpoint 08:45 - Run Migration 09:37 - Review Completed Migration Report 11:07 - Visualize Schema of PostgreSQL Database 12:17 - Side-by-side File Diff 13:30 - Where to get the Extension and Learn More Recommended resources Learn Docs VS Code Extension Marketplace Page Azure Product Page Blog Connect Scott Hanselman | Twitter/X: @SHanselman Jonathon Frost | LinkedIn: linkedin.com/in/jjfrost Azure Database for PostgreSQL | LinkedIn: linkedin.com/company/azure-database-for-postgresql Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure

Today on the Ecomm Breakthrough Podcast, we're joined by a true expert at the intersection of technology, data, and e-commerce growth. Ellis Whitehead is the co-founder of DataBrill and a leading mind in PPC management, data science, and business intelligence space. With a PhD in automation and years of experience architecting smart technology for Amazon sellers, Ellis has helped brands leverage data-driven strategies to scale profitably and stay ahead of the competition. He's here to share how sellers can use advanced analytics and Ai to break through the seven-figure ceiling and unlock the path to eight figures and beyond. Ellis, welcome to the show! Highlight Bullets> Here's a glimpse of what you would learn…. Leveraging AI and data for scaling e-commerce businesses, particularly for sellers with seven-figure sales.Importance of establishing a proper data infrastructure before utilizing AI.The concept of a "data chain" consisting of four essential links: centralized data, capturing history, connecting disparate data sources, and constructing guardrails for AI.Challenges faced by e-commerce sellers regarding messy or disconnected data.The significance of capturing historical data for trend analysis and forecasting.The necessity of connecting various data sources to derive meaningful insights and metrics.The role of structured databases versus unstructured data storage solutions like shared drives.The impact of AI on decision-making processes and the importance of providing accurate context for AI tools.Recommendations for hiring the right talent to manage data infrastructure and AI integration.The critical need for a solid foundation before implementing AI to avoid compounding errors in business operations.In this episode, host Josh Hadley interviews Ellis Whitehead, co-founder of Data Brill, about how seven-figure e-commerce sellers can leverage AI and data to scale effectively. Ellis outlines a four-step “data chain” for success: centralizing data, capturing historical records, connecting disparate data sources, and building guardrails for AI. They discuss common pitfalls, the importance of solid data infrastructure, and actionable hiring advice for building in-house data teams. The episode emphasizes that AI is only as powerful as the data foundation supporting it, offering practical strategies for sustainable e-commerce growth.Here are the 3 action items that Josh identified from this episode:Prioritize Data Infrastructure:Invest in building a centralized, historical, and connected data warehouse before layering on AI. This is a full-time job—don't try to do it all yourself.Make Data-Driven Decisions:Use live, visual dashboards to monitor trends, market share, and leading indicators—not just lagging P&L statements. Let data guide your strategic focus.Leverage AI Only After Laying the Foundation:AI can scale your business—or your mistakes. Only deploy AI agents once your data is clean, structured, and governed by clear guardrails.Timestamp:00:00:00 Podcast IntroductionLeveraging AI and data for scaling e-commerce businesses.00:00:58 Guest IntroductionEllis Whitehead's background and expertise in data, PPC, and Amazon seller growth are introduced.00:02:00 AI Hype & Seller ChallengesDiscussion about the overwhelming AI chatter among e-commerce sellers and the feeling of being left behind.00:02:37 The Importance of FundamentalsEllis emphasizes sticking to business fundamentals despite rapid technological changes.00:03:11 Common Data Mistakes in E-commerceEllis introduces the “data chain” concept and outlines common mistakes sellers make with data and AI.00:05:07 Overview of the Four Data Chain LinksEllis lists the four essential links: centralized data, capturing history, connecting data sources, and constructing guardrails.00:07:29 Step 1: Centralizing DataDetailed explanation of why a structured database (like Postgres) is crucial versus using spreadsheets or shared drives.00:09:21 Technical Setup for Centralized DataDifferences between databases and shared drives, and why structure, speed, and reliability matter.00:11:38 Non-Technical Founders & Getting HelpAdvice for non-technical founders: learning, hiring, or consulting for proper data setup.00:15:14 Ongoing Maintenance CaveatEllis explains that data systems require ongoing maintenance due to changing APIs and data sources.00:16:45 Ways to Ingest DataDifferent methods for getting data into databases: APIs, manual downloads, and handling multiple currencies.00:19:15 Navigating Amazon API AccessChallenges and solutions for brands seeking Amazon API access, including using third-party services.00:21:45 Step 2: Capturing HistoryWhy historical data is vital for trend analysis, forecasting, and making informed decisions.00:24:27 Use Cases for Historical DataExamples of how historical data helps with leading indicators, seasonality, and strategic decision-making.00:26:30 Pitfalls of Ignoring TrendsDangers of relying on static data blocks and the importance of trend analysis for inventory and forecasting.00:29:10 AI Automation Cautionary TaleRisks of automating decisions without proper context and historical data.00:31:01 Tracking Keyword Popularity Over TimeHow tracking keyword trends can explain sales drops and inform campaign adjustments.00:33:24 Step 3: Connecting the DotsCombining disparate data sources to calculate advanced metrics and gain actionable insights.00:35:53 Practical Tactics for Data IntegrationHow to use database views, scheduled calculations, and file storage for efficient data analysis.00:37:05 Step 4: Constructing GuardrailsBuilding guidance and guardrails so AI can answer business questions reliably and avoid costly mistakes.00:39:06 Guardrails in Action: Use CasesExamples of how proper guardrails enable AI to deliver actionable, accurate reports and campaign strategies.00:43:12 Building In-House Data TeamsAdvice on hiring the right mix of technical talent or using consultants.00:44:30 Three Actionable TakeawaysSummary of key actions: hire for data roles, let data drive strategy, and only use AI after building a solid data foundation.00:47:38 Final Recommendations & ClosingEllis's final advice: start centralizing data in Postgres and set up guardrails for AI.00:48:07 Book RecommendationsEllis shares influential books: “Warren Buffett Accounting” and “1984.”00:49:30 Favorite AI Tools & WorkflowEllis describes his preferred AI tools and workflow: Claude, VS Code, TypeScript, Deno, Postgres, and git.What is Git? (00:50:19)Explanation of git as foundational versioning software for code and text files.00:51:22 E-commerce Influencer RecommendationEllis recommends following George Meressa for advertising and e-commerce insights.00:51:51 Where to Find Ellis WhiteheadInformation on how to connect with Ellis and Data Brill for further help.00:52:20 Podcast OutroClosing remarks and call to subscribe and review the podcast.Resources mentioned in this episode:Josh Hadley on LinkedIneComm Breakthrough ConsultingeComm Breakthrough PodcastEmail Josh Had...

Show DescriptionMemories of Hawaii, people are not friction in the AI age, what do you pre-load for a flight, can you get rid of the CMS with AI involved, Dave's dream for a custom VS Code machine, CommonRSS follow up conversation, the hype for ATProto, and picking music apps for a family. Listen on WebsiteWatch on YouTubeLinks People are not friction USB-C to 3.5mm Audio Cable (1.2m) - Apple (CA) The Shape of Friction · Matthias Ott Whiskey Web and Whatnot Coding Agents & Complexity Budgets | Lee Robinson "You should never build a CMS" | Sanity Blog | Studio303 Skyreader npmx - Package Browser for the npm Registry Sill | Top news shared by the people you trust

Show DescriptionListener John has a VSCode extension to share, Chris muses on why nobody has attempted to build the social side of RSS, a listener is experimenting with feature-based folder structures, how do you feel about AI traffic on your website, what can someone blog about in 2026, and Digg gets dugg by bots. Listen on WebsiteWatch on YouTubeLinks DTF St. Louis | Official Trailer Parasite (2019) tag-toggle - Visual Studio Marketplace CommonRSS Skyreader Tim Disney (@disnetdev.com) — Bluesky Feedbin Webspace Invaders · Matthias Ott