Podcasts about web ui

Our terminal apps are loaded, the goals are set, but we're already hitting a few snags. The TUI Challenge begins...Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:

In this episode, Lois Houston and Nikita Abraham, along with Nick Wagner, focus on GoldenGate's terminology and architectural evolution.   Nick defines source and target systems, which are crucial for data replication, and then moves on to explain the data extraction and replication processes.   He also talks about the new microservices architecture, which replaces the classic architecture, offering benefits like simplified management, enhanced security, and a user-friendly interface. Nick highlights how this architecture facilitates easy upgrades and provides a streamlined experience for administrators.   Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   ---------------------------------------------------------------   Episode Transcript:   00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead of Editorial Services with Oracle University, and with me is Lois Houston: Director of Innovation Programs. Lois: Hi there! Thanks for joining us again as we make our way through Oracle GoldenGate 23ai. Last week, we discussed all the new features introduced in 23ai and today, we'll move on to the terminology, the different processes and what they do, and the architecture of the product at a high level. 00:56 Nikita: Back with us is Nick Wagner, Senior Director of Product Management for Oracle GoldenGate. Hi Nick! Let's get into some of the terminology. What do we actually call stuff in GoldenGate? Nick: Within GoldenGate, we have our source systems and our target systems. The source is where we're going to be capturing data from, the targets, where we're going to be applying data into. And when we start talking about things like active-active or setting up GoldenGate for high availability, where your source can also be your target, it does become a little bit more complex. And so in some of those cases, we might refer to things as East and West, or America and Europe, or different versions of that. We also have a couple of different things within the product itself. We have what we call our Extract and our Replicat. The Extract is going to be the process that pulls the data out of the database, our capture technology. Our Replicat's going to be the one that applies the data into the target system, or you can also look at it as a push technology. We have what we call our Distribution Path. Our Distribution Path is going to be how we're sending the data across the network. A lot of times when customers run GoldenGate, they don't have the luxury of just having a single server of GoldenGate that can pull data from one database and push data into another one. They need to set up multiple hops of that data. And so in that case, we would use what we call a Distribution Path to send that data from one system to the next. We also have what we call a Target Initiated Path. It's kind of a subset of your Distribution Path, but it allows you to communicate from a less secure environment into a more secure environment.  02:33 Lois: Nick, what about parameter names. I've seen them in uppercase…title case…does that matter?  Nick: GoldenGate has a lot of parameters. This is something you'll see all over the place within GoldenGate itself.  These parameters are in your Extract and Replicat parameter files during your distribution path parameter files. Parameters for GoldenGate are case insensitive.  Within your own environments, you can set it up to have lowercase, mixed case, whatever you want, but just be aware that they are case insensitive. GoldenGate doesn't care, it's just for readability. And then we also have something called trail files. Trail files is where GoldenGate stores all the data before we're able to apply it into that target system. Think about it as our queuing mechanism, and we're queuing everything outside the database so that we're not overloading those database environments. And that's some of the terminology for the product itself. We also have microservices within GoldenGate. 03:31 Nikita: And at the heart of everything is the Service Manager, right? Talk to us about what it is and what it does. Nick: The service manager is responsible for making sure that everything else is up and running. If you are familiar with GoldenGate classic architecture, this is kind of similar to a GoldenGate manager where that process was there to make sure that processes were running the trail files, or excuse me, that certain error logs were getting written out. If a process went down, the manager would restart that process. The service manager is performing a lot of those same functions. Now attached to the service manager, we have our configuration service. This is new in GoldenGate 23ai. This configuration service is going to allow you to set up GoldenGate for highly available environments. So you can build HA into GoldenGate itself using the configuration service. 04:22 Lois: And what does this configuration service do? Nick: This configuration service essentially moves the checkpoint files that used to be on disk into a database so that everything can be stored inside of a database.  Also attached to the service manager, we have the performance metric service. This is a service that is going to be gathering all the performance metrics of GoldenGate. So it's going to tell you how fast things are going, what the latencies are, how many bytes per second we're reading from, the transaction logs or writing to our trail files. How quickly a distribution path is sending data across a network. If you want to know any of your lag information, you'll get it from the performance metrics server. We also have the receiver service and the distribution service. These two work hand in hand to establish network communication between two GoldenGate environments. So on what we call our source system, we have a distribution service that's going to send the data to our target system. On the target system, a receiver service is going to receive that data and then rewrite the trail files. We also have the administration service that's responsible for authentication and authorization of the users, as well as making sure that people have access to the right information. 05:33 Nikita: Ok. Moving on the deployment, how is GoldenGate actually deployed, Nick? Nick: GoldenGate is kinda nice. So the way that the product is installed is you install the GoldenGate environment and that's what we call our service manager deployment under a specific GoldenGate home. So the software binaries themselves get installed under a home, we'll say U01/OGG23AI. Now once I've installed GoldenGate once, that's my OGG home. I can now have any number of service managers and deployments tied to that same home.  06:11 Lois: Ok, let's work with an example to make this simpler. Let's say I've got a service manager that's going be responsible for three different deployments: Accounting, Finance, and Sales. Nick: Each of these deployments is going to reside in its own directory. Each of these deployments is going to have its own set of microservices. And so this also means that each of these deployments can have their own set of users. So the people that access the GoldenGate accounting deployment can be different than the ones that access the sales deployment. This means with this distribution of roles that I can have somebody come in and administer the sales database, but they wouldn't have any information or any access to accounting or finance. And this is very important, it allows you to really pull that information apart and separate it. Each of these environments also has their own set of parameter files, Extract process, Replicat process, distribution services, and everything. So it's a very nice way of splitting things up, but all having them tied to the same GoldenGate home system. And this home is very important. So I can take a deployment, let's say my finance deployment, and if I want to move it to a new GoldenGate home and that GoldenGate home is a different version, like let's say that my original home is 23.4, my new GoldenGate home is 23.7, I simply stop that GoldenGate deployment. I stopped at a finance deployment. I changed its OGG home from 23.4 to 23.7. I restart the deployment, that deployment is automatically upgraded to the new environment and attached to the new system. So it makes upgrading very, very simple, very easy, very elegant. 07:53 Nikita: Ok. So, we've spoken about the services…some of the terminology. Let's get into the architecture next. Nick: So when we talk about the architecture for GoldenGate, we used to have two different architectures. We had a classic architecture and a microservices architecture. Classic architecture was something that's been around since the very beginning of GoldenGate in the late '90s. We announced that, that architecture was deprecated in 19c. And Oracle deprecated means that feature is no longer going to be enhanced and it'll be patched selectively. And at some point in the future, it'll be entirely desupported. Well, GoldenGate 23ai is that future. And so in 23ai, the classic architecture is desupported, that means that it's no longer in the build at all. And so it's just microservices architecture. 08:41 Lois: Is there a tool to assist with this migration?  Nick: We do have a migration utility that will convert an old classic architecture into the new microservices architecture. But there is quite a bit of learning curve to the new microservices architecture. So it's important that we go through how it works in the changes. 09:04 Are you looking to optimize your implementation strategies and improve efficiency? We have a solution for you! Our new Oracle Fusion Cloud Applications Foundations training and certification program. You'll learn to leverage Oracle Modern Best Practice (OMBP) to re-imagine business processes using advanced technologies in Oracle Fusion Cloud Applications such as AI, mobile, analytics, and more. Visit mylearn.oracle.com to get started today.  09:37 Nikita: Welcome back! Nick, what are the benefits of this microservices architecture?  Nick: It's got that simplified lifecycle for patching and upgrading. A lot of the GoldenGate patches that you get, especially these bundle patches, are complete installs as well. So you can go into My Oracle Support and download a complete install of a patch and that way, you don't have to use old patch to apply them. The only time you'll be using old patch is for one-off patches or smaller patches that need to be applied to your GoldenGate system. The microservices product has the same trusted Capture and Apply process that Classic did. There's almost no changes between the two except on how they communicate with their parent processes. And so the same logic that you use to pull data from Oracle or to apply data into Oracle is all the same. 10:25 Lois: And has the interface been upgraded as well? Nick: We've added a really nice, easy to use web interface for the microservices version of GoldenGate. Not only is this web interface work with all your standard browsers, but it's also mobile friendly too. So I can actually control and administer GoldenGate right through my mobile device. It also has new secure remote administration. This is something that the classic architecture was really missing. And so in the classic architecture, to use the command line interface, you had to log into the database server where GoldenGate was installed. Now, the command line interface, as well as the web interface and the REST API, all use remote administration and authentication. So that means that I can install the new command line interface or what we call admin client on my laptop locally and I can connect to any GoldenGate deployment as long as I have the username and password for that deployment. It's also more secure. GoldenGate microservices can also be deployed on premise or in OCI as a service and now also on these third-party clouds like Azure and Google Cloud. And it's also easier for developers to integrate in with the APIs themselves. Everything that GoldenGate does through the admin client as well as the web UI can all be traced. The REST API calls for GoldenGate are all fully published so you can get them right directly from the documentation, you can build your own web interface if you want to. So it makes it very easy. The REST APIs are also streamlined. With a single REST API call, I can do something like add an Extract process, create it, set up my parameter file, and set up the trail files all with a single API command. Whereas in the past, it would require multiple command line interface commands to do that same thing. So it's extremely elegant, very advanced. 12:16 Nikita: What does the microservices architecture look like? I know it's a bit complicated when we're not actually looking at a diagram of it, but just a high level, can you explain the different parts of it? Nick: It's pretty straightforward. But essentially what you've got on each system is a service manager. That service manager is then going to have a number of processes or services beneath it. It'll have the configuration service that stores the checkpoint information for GoldenGate. It'll have the administrative service for the authentication and users, the distribution service to send the data across a network, a receiver service to receive that information, performance metrics to get the performance statistics out of GoldenGate. And then of course, you also have your Extracts and Replicats that capture and apply technology. Each of those Extracts and Replicats will then connect to a database on the Extract side of things. That Extract is going to write to trail files. Those trail files are then going to be sent across the network where they're rebuilt on the target system and the Replicat's going to consume them and apply them into the target database. So the Replicat behaves almost like an end user. So it's taking that trail file data and simply converting it to DML operations, insert, update, delete, or a DDL operation in the case of Oracle, alter table, create table, et cetera, to go into that target database.   13:39 Lois: To look at a diagram of this architecture and learn about it in more detail, check out the Oracle GoldenGate 23ai Fundamentals course on mylearn.oracle.com. So, Nick, if I'm looking to deploy GoldenGate, what should I primarily keep in mind? Nick: So as you go to install GoldenGate and you look at a deployment, there's a couple of important environment variables that you want to make sure you're aware of. So one of the first ones is your OGG_Home. This environment variable is extremely important. This is the location of the GoldenGate software itself. And I want to stress how important it is to always use version numbers when you're setting up your GoldenGate home. When you go to install the software, if you're installing GoldenGate 23.5, use 23.5 within the home directory structure. If you're installing GoldenGate 23.7, use 23.7 inside that directory structure. 14:33 Nikita: Right… that way I'll always know which versions are which, and it'll make it really easy to upgrade and move from one version to the next. Ok, got it. What else, Nick? Nick: There's a couple other important directories. You have your OGG_ETC_HOME. This is where things like the configuration files are going to reside, parameter files, all your certificates for security, including the wallets where we store the credentials for not only the database accounts, but also for the GoldenGate user accounts as well. We have our GoldenGate variable home directory or VAR home. This is where all the GoldenGate log files are residing. And these are the log files that allow you to see what's going on in GoldenGate for auditing purposes. Anytime anybody makes a change to GoldenGate, you're going to see information go into the log files on what was happening and how it was working and what they did, what time they did, what command they issued. Another big important feature about these log files is it also gives you error information and troubleshooting details. So if you ever need to find out what happened in GoldenGate, what went wrong, you would look at these log files to find out that information. And then you also have your OGG_DATA_HOME. This is where those trail files are going to go. Essentially, this is kind of the queuing or overflow for GoldenGate. There's a couple of other additional components. We've got the admin client. This is our command line utility. If you don't want to use a web browser or prefer a command line utility, you can use the admin client. The admin client is also fully scriptable. So if you wanted to write scripts that would go off and automate things in GoldenGate, you can do that. A lot of customers did that with GGSCI in the classic architecture. You can do the same thing now with the admin client. The other component is the microservices security authentication and authorization services. These handle communication security, especially making sure that any passwords or usernames and everything like that is all encrypted. And instead of using an actual username and password, everything through the product is going to be done through an alias. And then it also handles all the authorization authentication, permissions, user accountability, and roles within GoldenGate. 16:39 Lois: Anything else you'd like to talk about before we wrap up for today, Nick? Nick: I also wanted to take a minute to talk about the REST API. All the microservices provide REST APIs to administer them and all of these are fully documented. They can be used by any client that can make REST API calls. So if you wanted to use Python, cURL, a web browser, you can do that as well. They're all just HTTP or HTTPS calls, get, put, patch, the standard REST API standards. And then GoldenGate does provide our admin client as well as a WebUI that use these REST APIs under the covers if you ever wanted to get a more advanced look at how it works. 17:18 Nikita: Well, that's all the time we have for today. Thanks for joining us, Nick.  Lois: Yes, thanks Nick. We look forward to having you back next week to talk with us about security strategies and data recovery. Nikita: And if you want to learn more about the topics we discussed today, head over to mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Nikita Abraham… Lois: And Lois Houston, signing off!  17:43 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

In this episode, Lois Houston and Nikita Abraham continue their deep dive into Oracle GoldenGate 23ai, focusing on its evolution and the extensive features it offers. They are joined once again by Nick Wagner, who provides valuable insights into the product's journey.   Nick talks about the various iterations of Oracle GoldenGate, highlighting the significant advancements from version 12c to the latest 23ai release. The discussion then shifts to the extensive new features in 23ai, including AI-related capabilities, UI enhancements, and database function integration.   Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   -----------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services.  Nikita: Hi everyone! Last week, we introduced Oracle GoldenGate and its capabilities, and also spoke about GoldenGate 23ai. In today's episode, we'll talk about the various iterations of Oracle GoldenGate since its inception. And we'll also take a look at some new features and the Oracle GoldenGate product family. 00:57 Lois: And we have Nick Wagner back with us. Nick is a Senior Director of Product Management for GoldenGate at Oracle. Hi Nick! I think the last time we had an Oracle University course was when Oracle GoldenGate 12c was out. I'm sure there's been a lot of advancements since then. Can you walk us through those? Nick: GoldenGate 12.3 introduced the microservices architecture. GoldenGate 18c introduced support for Oracle Autonomous Data Warehouse and Autonomous Transaction Processing Databases. In GoldenGate 19c, we added the ability to do cross endian remote capture for Oracle, making it easier to set up the GoldenGate OCI service to capture from environments like Solaris, Spark, and HP-UX and replicate into the Cloud. Also, GoldenGate 19c introduced a simpler process for upgrades and installation of GoldenGate where we released something called a unified build. This means that when you install GoldenGate for a particular database, you don't need to worry about the database version when you install GoldenGate. Prior to this, you would have to install a version-specific and database-specific version of GoldenGate. So this really simplified that whole process. In GoldenGate 23ai, which is where we are now, this really is a huge release.  02:16 Nikita: Yeah, we covered some of the distributed AI features and high availability environments in our last episode. But can you give us an overview of everything that's in the 23ai release? I know there's a lot to get into but maybe you could highlight just the major ones? Nick: Within the AI and streaming environments, we've got interoperability for database vector types, heterogeneous capture and apply as well. Again, this is not just replication between Oracle-to-Oracle vector or Postgres to Postgres vector, it is heterogeneous just like the rest of GoldenGate. The entire UI has been redesigned and optimized for high speed. And so we have a lot of customers that have dozens and dozens of extracts and replicats and processes running and it was taking a long time for the UI to refresh those and to show what's going on within those systems. So the UI has been optimized to be able to handle those environments much better. We now have the ability to call database functions directly from call map. And so when you do transformation with GoldenGate, we have about 50 or 60 built-in transformation routines for string conversion, arithmetic operation, date manipulation. But we never had the ability to directly call a database function. 03:28 Lois: And now we do? Nick: So now you can actually call that database function, database stored procedure, database package, return a value and that can be used for transformation within GoldenGate. We have integration with identity providers, being able to use token-based authentication and integrate in with things like Azure Active Directory and your other single sign-on for the GoldenGate product itself. Within Oracle 23ai, there's a number of new features. One of those cool features is something called lock-free reservation columns. So this allows you to have a row, a single row within a table and you can identify a column within that row that's like an inventory column. And you can have multiple different users and multiple different transactions all updating that column within that same exact row at that same time. So you no longer have row-level locking for these reservation columns. And it allows you to do things like shopping carts very easily. If I have 500 widgets to sell, I'm going to let any number of transactions come in and subtract from that inventory column. And then once it gets below a certain point, then I'll start enforcing that row-level locking. 04:43 Lois: That's really cool… Nick: The one key thing that I wanted to mention here is that because of the way that the lock-free reservations work, you can have multiple transactions open on the same row. This is only supported for Oracle to Oracle. You need to have that same lock-free reservation data type and availability on that target system if GoldenGate is going to replicate into it. 05:05 Nikita: Are there any new features related to the diagnosability and observability of GoldenGate?  Nick: We've improved the AWR reports in Oracle 23ai. There's now seven sections that are specific to Oracle GoldenGate to allow you to really go in and see exactly what the GoldenGate processes are doing and how they're behaving inside the database itself. And there's a Replication Performance Advisor package inside that database, and that's been integrated into the Web UI as well. So now you can actually get information out of the replication advisor package in Oracle directly from the UI without having to log into the database and try to run any database procedures to get it. We've also added the ability to support a per-PDB Extract.  So in the past, when GoldenGate would run on a multitenant database, a multitenant database in Oracle, all the redo data from any pluggable database gets sent to that one redo stream. And so you would have to configure GoldenGate at the container or root level and it would be able to access anything at any PDB. Now, there's better security and better performance by doing what we call per-PDB Extract. And this means that for a single pluggable database, I can have an extract that runs at that database level that's going to capture information just from that pluggable database. 06:22 Lois And what about non-Oracle environments, Nick? Nick: We've also enhanced the non-Oracle environments as well. For example, in Postgres, we've added support for precise instantiation using Postgres snapshots. This eliminates the need to handle collisions when you're doing Postgres to Postgres replication and initial instantiation. On the GoldenGate for big data side, we've renamed that product more aptly to distributed applications in analytics, which is really what it does, and we've added a whole bunch of new features here too. The ability to move data into Databricks, doing Google Pub/Sub delivery. We now have support for XAG within the GoldenGate for distributed applications and analytics. What that means is that now you can follow all of our MAA best practices for GoldenGate for Oracle, but it also works for the DAA product as well, meaning that if it's running on one node of a cluster and that node fails, it'll restart itself on another node in the cluster. We've also added the ability to deliver data to Redis, Google BigQuery, stage and merge functionality for better performance into the BigQuery product. And then we've added a completely new feature, and this is something called streaming data and apps and we're calling it AsyncAPI and CloudEvent data streaming. It's a long name, but what that means is that we now have the ability to publish changes from a GoldenGate trail file out to end users. And so this allows through the Web UI or through the REST API, you can now come into GoldenGate and through the distributed applications and analytics product, actually set up a subscription to a GoldenGate trail file. And so this allows us to push data into messaging environments, or you can simply subscribe to changes and it doesn't have to be the whole trail file, it can just be a subset. You can specify exactly which tables and you can put filters on that. You can also set up your topologies as well. So, it's a really cool feature that we've added here. 08:26 Nikita: Ok, you've given us a lot of updates about what GoldenGate can support. But can we also get some specifics? Nick: So as far as what we have, on the Oracle Database side, there's a ton of different Oracle databases we support, including the Autonomous Databases and all the different flavors of them, your Oracle Database Appliance, your Base Database Service within OCI, your of course, Standard and Enterprise Edition, as well as all the different flavors of Exadata, are all supported with GoldenGate. This is all for capture and delivery. And this is all versions as well. GoldenGate supports Oracle 23ai and below. We also have a ton of non-Oracle databases in different Cloud stores. On an non-Oracle side, we support everything from application-specific databases like FairCom DB, all the way to more advanced applications like Snowflake, which there's a vast user base for that. We also support a lot of different cloud stores and these again, are non-Oracle, nonrelational systems, or they can be relational databases. We also support a lot of big data platforms and this is part of the distributed applications and analytics side of things where you have the ability to replicate to different Apache environments, different Cloudera environments. We also support a number of open-source systems, including things like Apache Cassandra, MySQL Community Edition, a lot of different Postgres open source databases along with MariaDB. And then we have a bunch of streaming event products, NoSQL data stores, and even Oracle applications that we support. So there's absolutely a ton of different environments that GoldenGate supports. There are additional Oracle databases that we support and this includes the Oracle Metadata Service, as well as Oracle MySQL, including MySQL HeatWave. Oracle also has Oracle NoSQL Spatial and Graph and times 10 products, which again are all supported by GoldenGate. 10:23 Lois: Wow, that's a lot of information! Nick: One of the things that we didn't really cover was the different SaaS applications, which we've got like Cerner, Fusion Cloud, Hospitality, Retail, MICROS, Oracle Transportation, JD Edwards, Siebel, and on and on and on.  And again, because of the nature of GoldenGate, it's heterogeneous. Any source can talk to any target. And so it doesn't have to be, oh, I'm pulling from Oracle Fusion Cloud, that means I have to go to an Oracle Database on the target, not necessarily.  10:51 Lois: So, there's really a massive amount of flexibility built into the system.  11:00 Unlock the power of AI Vector Search with our new course and certification. Get more accurate search results, handle complex datasets easily, and supercharge your data-driven decisions. From now through May 15, 2025, we are waiving the certification exam fee (valued at $245). Visit mylearn.oracle.com to enroll. 11:26 Nikita: Welcome back! Now that we've gone through the base product, what other features or products are in the GoldenGate family itself, Nick? Nick: So we have quite a few. We've kind of touched already on GoldenGate for Oracle databases and non-Oracle databases. We also have something called GoldenGate for Mainframe, which right now is covered under the GoldenGate for non-Oracle, but there is a licensing difference there. So that's something to be aware of. We also have the OCI GoldenGate product. We are announcing and we have announced that OCI GoldenGate will also be made available as part of the Oracle Database@Azure and Oracle Database@ Google Cloud partnerships.  And then you'll be able to use that vendor's cloud credits to actually pay for the OCI GoldenGate product. One of the cool things about this is it will have full feature parity with OCI GoldenGate running in OCI. So all the same features, all the same sources and targets, all the same topologies be able to migrate data in and out of those clouds at will, just like you do with OCI GoldenGate today running in OCI.  We have Oracle GoldenGate Free.  This is a completely free edition of GoldenGate to use. It is limited on the number of platforms that it supports as far as sources and targets and the size of the database.  12:45 Lois: But it's a great way for developers to really experience GoldenGate without worrying about a license, right? What's next, Nick? Nick: We have GoldenGate for Distributed Applications and Analytics, which was formerly called GoldenGate for big data, and that allows us to do all the streaming. That's also where the GoldenGate AsyncAPI integration is done. So in order to publish the GoldenGate trail files or allow people to subscribe to them, it would be covered under the Oracle GoldenGate Distributed Applications and Analytics license. We also have OCI GoldenGate Marketplace, which allows you to run essentially the on-premises version of GoldenGate but within OCI. So a little bit more flexibility there. It also has a hub architecture. So if you need that 99.99% availability, you can get it within the OCI Marketplace environment. We have GoldenGate for Oracle Enterprise Manager Cloud Control, which used to be called Oracle Enterprise Manager. And this allows you to use Enterprise Manager Cloud Control to get all the statistics and details about GoldenGate. So all the reporting information, all the analytics, all the statistics, how fast GoldenGate is replicating, what's the lag, what's the performance of each of the processes, how much data am I sending across a network. All that's available within the plug-in. We also have Oracle GoldenGate Veridata. This is a nice utility and tool that allows you to compare two databases, whether or not GoldenGate is running between them and actually tell you, hey, these two systems are out of sync. And if they are out of sync, it actually allows you to repair the data too. 14:25 Nikita: That's really valuable…. Nick: And it does this comparison without locking the source or the target tables. The other really cool thing about Veridata is it does this while there's data in flight. So let's say that the GoldenGate lag is 15 or 20 seconds and I want to compare this table that has 10 million rows in it. The Veridata product will go out, run its comparison once. Once that comparison is done the first time, it's then going to have a list of rows that are potentially out of sync. Well, some of those rows could have been moved over or could have been modified during that 10 to 15 second window. And so the next time you run Veridata, it's actually going to go through. It's going to check just those rows that were potentially out of sync to see if they're really out of sync or not. And if it comes back and says, hey, out of those potential rows, there's two out of sync, it'll actually produce a script that allows you to resynchronize those systems and repair them. So it's a very cool product.  15:19 Nikita: What about GoldenGate Stream Analytics? I know you mentioned it in the last episode, but in the context of this discussion, can you tell us a little more about it?  Nick: This is the ability to essentially stream data from a GoldenGate trail file, and they do a real time analytics on it. And also things like geofencing or real-time series analysis of it.  15:40 Lois: Could you give us an example of this? Nick: If I'm working in tracking stock market information and stocks, it's not really that important on how much or how far down a stock goes. What's really important is how quickly did that stock rise or how quickly did that stock fall. And that's something that GoldenGate Stream Analytics product can do. Another thing that it's very valuable for is the geofencing. I can have an application on my phone and I can track where the user is based on that application and all that information goes into a database. I can then use the geofencing tool to say that, hey, if one of those users on that app gets within a certain distance of one of my brick-and-mortar stores, I can actually send them a push notification to say, hey, come on in and you can order your favorite drink just by clicking Yes, and we'll have it ready for you. And so there's a lot of things that you can do there to help upsell your customers and to get more revenue just through GoldenGate itself. And then we also have a GoldenGate Migration Utility, which allows customers to migrate from the classic architecture into the microservices architecture. 16:44 Nikita: Thanks Nick for that comprehensive overview.  Lois: In our next episode, we'll have Nick back with us to talk about commonly used terminology and the GoldenGate architecture. And if you want to learn more about what we discussed today, visit mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 17:10 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

In questa puntata ti parlo dei miei esperimenti con Browser Use e WebUI alternative open-source agli strumenti di Deep Research ed Operator di OpenIA.

This show has been flagged as Explicit by the host. OpenWebUI notes ... Open WebUI installer: https://github.com/freeload101/SCRIPTS/blob/master/Bash/OpenWebUI_Fast.bash Older Professor synapse prompt you can use: https://raw.githubusercontent.com/freeload101/SCRIPTS/refs/heads/master/Prof%20Synapse%20Old.txt Fabric prompts you can import into openwebui !!! ( https://github.com/danielmiessler/fabric/tree/main/patterns ) https://github.com/freeload101/SCRIPTS/blob/master/MISC/Fabric_Prompts_Open_WebUI_OpenWebUI_20241112.json Example AT windows task startup script to make it start and not die on boot https://github.com/freeload101/SCRIPTS/blob/master/MISC/StartKokoro.xml Open WebUI RAG fail sause ... https://youtu.be/CfnLrTcnPtY Open registration Model list / order NAME ID SIZE MODIFIED hf.co/mradermacher/L3-8B-Stheno-v3.2-i1-GGUF:Q4_K_S 017d7a278e7e 4.7 GB 2 days ago qwen2.5:32b 9f13ba1299af 19 GB 3 days ago deepsex:latest c83a52741a8a 20 GB 3 days ago HammerAI/openhermes-2.5-mistral:latest d98003b83e17 4.4 GB 2 weeks ago Sweaterdog/Andy-3.5:latest d3d9dc04b65a 4.7 GB 2 weeks ago nomic-embed-text:latest 0a109f422b47 274 MB 2 weeks ago deepseek-r1:32b 38056bbcbb2d 19 GB 4 weeks ago psyfighter2:latest c1b3d5e5be73 7.9 GB 2 months ago CognitiveComputations/dolphin-llama3.1:latest ed9503dedda9 4.7 GB 2 months ago Disable Arena models Documents WIP RAG is not good . Discord notes; https://discord.com/channels/1170866489302188073/1340112218808909875 Abhi Chaturvedi: @(Operat0r) try this To reduce latency and improve accuracy, modify the .env file: Enable RAG ENABLE_RAG=true Use Hybrid Mode (Retrieval + Reranking for better context) RAG_MODE=hybrid Reduce the number of retrieved documents (default: 5) RETRIEVAL_TOP_K=3 Use a Fast Embedding Model (instead of OpenAI's Ada-002) EMBEDDING_MODEL=all-MiniLM-L6-v2 # Faster and lightweight . Optimize the Vector Database VECTOR_DB_TYPE=chroma CHROMA_DB_IMPL=hnsw # Faster search CHROMA_DB_PATH=/root/open-webui/backend/data/vector_db. Optimize Backend Performance # Increase Uvicorn worker count (improves concurrency) UVICORN_WORKERS=4 Increase FastAPI request timeout (prevents RAG failures) FASTAPI_TIMEOUT=60 Optimize database connection pool (for better query performance) SQLALCHEMY_POOL_SIZE=10 So probably the first thing to do is increase the top K value in admin -> settings -> documents, or you could try the new "full context mode" for rag documents. You may also need to increase the context size on the model, but it will make it slower, so you probably don't want to do that unless you start seeing the "truncating input" warnings. @JamesK So probably the first thing to do is increase the top K value in admin -> settings -> documents, or you could try the new "full context mode" for rag documents. You may also need to increase the context size on the model, but it will make it slower, so you probably don't want to do that unless you start seeing the "truncating input" warnings. M] JamesK: Ah, I see. The rag didn't work great for you in this prompt. There are three hits and the first two are duplicates, so there isn't much data for the model to work with [9:12 PM] JamesK: context section I see a message warning that you are using the default 2048 context length, but not the message saying you've hit that limit (from my logs the warning looks like level=WARN source=runner.go:126 msg="truncating input prompt" limit=32768 prompt=33434 numKeep=5 [6:06 AM] JamesK: If you set the env var OLLAMA_DEBUG=1 before running ollama serve it will dump the full prompt being sent to the model, that should let you confirm what the rag has put in the prompt JamesK: Watch the console output from ollama and check for warnings about overflowing the context. If you have the default 2k context you may need to increase it until the warnings go away [8:58 PM] JamesK: But also, if you're using the default rag, it chunks the input into small fragments, then matches the fragments against your prompt and only inserts a few fragments into the context, not the entire document. So it's easily possible for the information you want to not be present. Auto updates echo '0,12 */4 * * * docker run --rm --volume /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once open-webui' >> /etc/crontab Search red note for API keys Go to Google Developers, use Programmable Search Engine , and log on or create account. Go to control panel and click Add button Enter a search engine name, set the other properties to suit your needs, verify you're not a robot and click Create button. Generate API key and get the Search engine ID . (Available after the engine is created) With API key and Search engine ID , open Open WebUI Admin panel and click Settings tab, and then click Web Search Enable Web search and Set Web Search Engine to google_pse Fill Google PSE API Key with the API key and Google PSE Engine Id (# 4) Click Save Note ​ You have to enable Web search in the prompt field, using plus ( + ) button. Search the web ;-) Kokoro / Open Webui https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html https://github.com/remsky/Kokoro-FastAPI?tab=readme-ov-file apt update apt upgrade curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg && curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list sed -i -e '/experimental/ s/^#//g' /etc/apt/sources.list.d/nvidia-container-toolkit.list sudo apt-get update sudo apt-get install -y nvidia-container-toolkit apt install docker.io -y docker run --gpus all -p 8880:8880 ghcr.io/remsky/kokoro-fastapi-gpu:v0.2.2 http://localhost:8880/v1 af_bella Import fabric prompts https://raw.githubusercontent.com/freeload101/Python/46317dee34ebb83b01c800ce70b0506352ae2f3c/Fabric_Prompts_Open_WebUI_OpenWebUI.py Provide feedback on this episode.

Rust in the Kernel is still hot news, with Linus chiming in. Asahi has new leadership, there's a new way to detect hung GPUs, and one of those other OS makers wrestles with encryption backdoor rules. Mozilla announces their new plans, Gentoo publishes a VM image, and Meta is taken to court for torrenting. For tips we have kew for terminal music playing, killport for ending a process based on the port it's listening on, and stable-diffusion-webUI for taking advantage of AMD's ROCm for AI image generation. You can find the show notes at https://bit.ly/3CRPBTL and we'll be back next week! Host: Jonathan Bennett Co-Hosts: Rob Campbell and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly

On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly

On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly

On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly

On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly

On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly

Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —

Today's episode covers a slew of hot topics making headlines in the web development and general technology world.TJ kicks off the show with his firsthand experience of GitHub Copilot Workspace (available to users by invite only). He tested Copilot Workspace with a relatively simple issue in one of his repos, and while the plan Copilot came up with seemed sound, the implementation didn't end up working. It took Copilot several minutes each time he asked it to try and code a working solution again too, which wasn't the best experience. While it's still extremely early days for Copilot Workspace, it still has a ways to go before it will replace developers at this rate.The next topic is around a talk at Google I/O: the latest in web UI. In the talk, Google DevRel Lead, Una Kravets, highlights some of the best new features out like native scroll driven animations and view transitions, the introduction of the popover API and anchor positioning in CSS, and CSS container queries and nesting and layout, typography, and color improvements. Her talk is accompanied by slick visual demos and is definitely worth a watch.Next up is some new drama in the React world: the React team is solidly considering fundamentally changing the way Suspense works in React 19, and the general React public is not happy about it. Hopefully their concerns are heard before it gets finalized.And there's a bit of bonus news as well: Apple's annual Worldwide Developers Conference (WWDC) unveiled “Apple Intelligence”, Apple's answer to AI, which will include Siri interfacing with Chat GPT 4o when it doesn't know the answer, custom, AI-generated emojis, and the new Safari 18 beta version. Jack also recommends a cool CSS browser extension called Design GUI for managing colors in CSS variables.News:Paige - The latest in Web UI (Google I/O ‘24) talkJack - React Suspense drama in React 19TJ - GitHub Copilot WorkspaceBonus news:Safari 18 Beta is outApple unveils Apple Intelligence its answer to AIDesign GUI CSS browser extensionWhat Makes Us Happy this Week:Paige - Substack newslettersJack - Godzilla x Kong: The New Empire movie TJ - A Brief History of Intelligence bookThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or Tweet us on X @front_end_fire.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fire

Windows 11 A quick look back at the Copilot+ PC launch Paul did end up making a video of each MacBook Air reference during last week's launch The Copilot+ PC event was also notable for its many references to the past: Paul counted at least 7 in the first 7 minutes alone After some soul-searching, Paul went all-in on Surface Laptop by canceling the first preorder and bulking it up with more RAM and storage Release Preview (last week): 24H2 comes to RP, suggesting it hits stable on Tuesday, June 11 (in preview), one week before the first Copilot+ PCs arrive with this build preinstalled Beta (last week): 23H2 build with no new features (arriving after 24H2 in Release Preview, of course) Microsoft Edge is getting more responsive thanks to a "WebUI 2.0" initiative Lenovo earnings up 9 percent in quarter, down 8 percent for the year. The future? AI PCs, duh AI There was a massive Bing outage late last week. Press hold on all the obvious jokes, this impacted Copilot everywhere, DuckDuckGo, other services Cue the Chicken Little "this is why I'll never use AI" crowd, which used to be the "this is why I'll never use the cloud" crowd Copilot comes to Telegram for some reason Google goes live with AI overviews in Search and the world grinds to a halt Google adds Gemini to Chromebook Plus, gives one free year of Google One AI Premium to new device buyers WWDC is coming soon and we're seeing hints of how Apple will add more AI to its products Opera partners with Google Cloud on Gemini in Aria AI and image understanding/image generation in browser And it now plans to make 2000 SLMs available in the browser NVIDIA revenues were a record in Q1, up 262 percent YOY Dev Last week, we learned that WPF is making a comeback. This week, Paul revived his .NETpad project and is going to modernize it using the new features Xbox We finally have some news about Activision Blizzard games and Game Pass!!! But it's only one game, and it doesn't happen until November Atari buys the Intellivision brand. I wish we knew more about this Tips & Picks Tip of the week: Beware the dark patterns App pick of the week: Windows 11 version 24H2 RunAs Radio this week: PowerApp Extensibility with Christina Wheeler Brown liquor pick of the week: Glen Garioch 1797 Founder's Reserve Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: HP.com - WW - https://bit.ly/4adilko GO.ACILEARNING.COM/TWIT - code TWIT30

Bing outage, NVIDIA's record Q1 FY25, WPF's rebirth Windows 11 A quick look back at the Copilot+ PC launch Paul did end up making a video of each MacBook Air reference during last week's launch The Copilot+ PC event was also notable for its many references to the past: Paul counted at least 7 in the first 7 minutes alone After some soul-searching, Paul went all-in on Surface Laptop by canceling the first preorder and bulking it up with more RAM and storage Release Preview (last week): 24H2 comes to RP, suggesting it hits stable on Tuesday, June 11 (in preview), one week before the first Copilot+ PCs arrive with this build preinstalled Beta (last week): 23H2 build with no new features (arriving after 24H2 in Release Preview, of course) Microsoft Edge is getting more responsive thanks to a "WebUI 2.0" initiative Lenovo earnings up 9 percent in quarter, down 8 percent for the year. The future? AI PCs, duh AI There was a massive Bing outage late last week. Press hold on all the obvious jokes, this impacted Copilot everywhere, DuckDuckGo, other services Cue the Chicken Little "this is why I'll never use AI" crowd, which used to be the "this is why I'll never use the cloud" crowd Copilot comes to Telegram for some reason Google goes live with AI overviews in Search and the world grinds to a halt Google adds Gemini to Chromebook Plus, gives one free year of Google One AI Premium to new device buyers WWDC is coming soon and we're seeing hints of how Apple will add more AI to its products Opera partners with Google Cloud on Gemini in Aria AI and image understanding/image generation in browser And it now plans to make 2000 SLMs available in the browser NVIDIA revenues were a record in Q1, up 262 percent YOY Dev Last week, we learned that WPF is making a comeback. This week, Paul revived his .NETpad project and is going to modernize it using the new features Xbox We finally have some news about Activision Blizzard games and Game Pass!!! But it's only one game, and it doesn't happen until November Atari buys the Intellivision brand. I wish we knew more about this Tips & Picks Tip of the week: Beware the dark patterns App pick of the week: Windows 11 version 24H2 RunAs Radio this week: PowerApp Extensibility with Christina Wheeler Brown liquor pick of the week: Glen Garioch 1797 Founder's Reserve Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: HP.com - WW - https://bit.ly/4adilko GO.ACILEARNING.COM/TWIT - code TWIT30

Bing outage, NVIDIA's record Q1 FY25, WPF's rebirth Windows 11 A quick look back at the Copilot+ PC launch Paul did end up making a video of each MacBook Air reference during last week's launch The Copilot+ PC event was also notable for its many references to the past: Paul counted at least 7 in the first 7 minutes alone After some soul-searching, Paul went all-in on Surface Laptop by canceling the first preorder and bulking it up with more RAM and storage Release Preview (last week): 24H2 comes to RP, suggesting it hits stable on Tuesday, June 11 (in preview), one week before the first Copilot+ PCs arrive with this build preinstalled Beta (last week): 23H2 build with no new features (arriving after 24H2 in Release Preview, of course) Microsoft Edge is getting more responsive thanks to a "WebUI 2.0" initiative Lenovo earnings up 9 percent in quarter, down 8 percent for the year. The future? AI PCs, duh AI There was a massive Bing outage late last week. Press hold on all the obvious jokes, this impacted Copilot everywhere, DuckDuckGo, other services Cue the Chicken Little "this is why I'll never use AI" crowd, which used to be the "this is why I'll never use the cloud" crowd Copilot comes to Telegram for some reason Google goes live with AI overviews in Search and the world grinds to a halt Google adds Gemini to Chromebook Plus, gives one free year of Google One AI Premium to new device buyers WWDC is coming soon and we're seeing hints of how Apple will add more AI to its products Opera partners with Google Cloud on Gemini in Aria AI and image understanding/image generation in browser And it now plans to make 2000 SLMs available in the browser NVIDIA revenues were a record in Q1, up 262 percent YOY Dev Last week, we learned that WPF is making a comeback. This week, Paul revived his .NETpad project and is going to modernize it using the new features Xbox We finally have some news about Activision Blizzard games and Game Pass!!! But it's only one game, and it doesn't happen until November Atari buys the Intellivision brand. I wish we knew more about this Tips & Picks Tip of the week: Beware the dark patterns App pick of the week: Windows 11 version 24H2 RunAs Radio this week: PowerApp Extensibility with Christina Wheeler Brown liquor pick of the week: Glen Garioch 1797 Founder's Reserve Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: HP.com - WW - https://bit.ly/4adilko GO.ACILEARNING.COM/TWIT - code TWIT30

Windows 11 A quick look back at the Copilot+ PC launch Paul did end up making a video of each MacBook Air reference during last week's launch The Copilot+ PC event was also notable for its many references to the past: Paul counted at least 7 in the first 7 minutes alone After some soul-searching, Paul went all-in on Surface Laptop by canceling the first preorder and bulking it up with more RAM and storage Release Preview (last week): 24H2 comes to RP, suggesting it hits stable on Tuesday, June 11 (in preview), one week before the first Copilot+ PCs arrive with this build preinstalled Beta (last week): 23H2 build with no new features (arriving after 24H2 in Release Preview, of course) Microsoft Edge is getting more responsive thanks to a "WebUI 2.0" initiative Lenovo earnings up 9 percent in quarter, down 8 percent for the year. The future? AI PCs, duh AI There was a massive Bing outage late last week. Press hold on all the obvious jokes, this impacted Copilot everywhere, DuckDuckGo, other services Cue the Chicken Little "this is why I'll never use AI" crowd, which used to be the "this is why I'll never use the cloud" crowd Copilot comes to Telegram for some reason Google goes live with AI overviews in Search and the world grinds to a halt Google adds Gemini to Chromebook Plus, gives one free year of Google One AI Premium to new device buyers WWDC is coming soon and we're seeing hints of how Apple will add more AI to its products Opera partners with Google Cloud on Gemini in Aria AI and image understanding/image generation in browser And it now plans to make 2000 SLMs available in the browser NVIDIA revenues were a record in Q1, up 262 percent YOY Dev Last week, we learned that WPF is making a comeback. This week, Paul revived his .NETpad project and is going to modernize it using the new features Xbox We finally have some news about Activision Blizzard games and Game Pass!!! But it's only one game, and it doesn't happen until November Atari buys the Intellivision brand. I wish we knew more about this Tips & Picks Tip of the week: Beware the dark patterns App pick of the week: Windows 11 version 24H2 RunAs Radio this week: PowerApp Extensibility with Christina Wheeler Brown liquor pick of the week: Glen Garioch 1797 Founder's Reserve Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: HP.com - WW - https://bit.ly/4adilko GO.ACILEARNING.COM/TWIT - code TWIT30

Bing outage, NVIDIA's record Q1 FY25, WPF's rebirth Windows 11 A quick look back at the Copilot+ PC launch Paul did end up making a video of each MacBook Air reference during last week's launch The Copilot+ PC event was also notable for its many references to the past: Paul counted at least 7 in the first 7 minutes alone After some soul-searching, Paul went all-in on Surface Laptop by canceling the first preorder and bulking it up with more RAM and storage Release Preview (last week): 24H2 comes to RP, suggesting it hits stable on Tuesday, June 11 (in preview), one week before the first Copilot+ PCs arrive with this build preinstalled Beta (last week): 23H2 build with no new features (arriving after 24H2 in Release Preview, of course) Microsoft Edge is getting more responsive thanks to a "WebUI 2.0" initiative Lenovo earnings up 9 percent in quarter, down 8 percent for the year. The future? AI PCs, duh AI There was a massive Bing outage late last week. Press hold on all the obvious jokes, this impacted Copilot everywhere, DuckDuckGo, other services Cue the Chicken Little "this is why I'll never use AI" crowd, which used to be the "this is why I'll never use the cloud" crowd Copilot comes to Telegram for some reason Google goes live with AI overviews in Search and the world grinds to a halt Google adds Gemini to Chromebook Plus, gives one free year of Google One AI Premium to new device buyers WWDC is coming soon and we're seeing hints of how Apple will add more AI to its products Opera partners with Google Cloud on Gemini in Aria AI and image understanding/image generation in browser And it now plans to make 2000 SLMs available in the browser NVIDIA revenues were a record in Q1, up 262 percent YOY Dev Last week, we learned that WPF is making a comeback. This week, Paul revived his .NETpad project and is going to modernize it using the new features Xbox We finally have some news about Activision Blizzard games and Game Pass!!! But it's only one game, and it doesn't happen until November Atari buys the Intellivision brand. I wish we knew more about this Tips & Picks Tip of the week: Beware the dark patterns App pick of the week: Windows 11 version 24H2 RunAs Radio this week: PowerApp Extensibility with Christina Wheeler Brown liquor pick of the week: Glen Garioch 1797 Founder's Reserve Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: HP.com - WW - https://bit.ly/4adilko GO.ACILEARNING.COM/TWIT - code TWIT30

Bing outage, NVIDIA's record Q1 FY25, WPF's rebirth Windows 11 A quick look back at the Copilot+ PC launch Paul did end up making a video of each MacBook Air reference during last week's launch The Copilot+ PC event was also notable for its many references to the past: Paul counted at least 7 in the first 7 minutes alone After some soul-searching, Paul went all-in on Surface Laptop by canceling the first preorder and bulking it up with more RAM and storage Release Preview (last week): 24H2 comes to RP, suggesting it hits stable on Tuesday, June 11 (in preview), one week before the first Copilot+ PCs arrive with this build preinstalled Beta (last week): 23H2 build with no new features (arriving after 24H2 in Release Preview, of course) Microsoft Edge is getting more responsive thanks to a "WebUI 2.0" initiative Lenovo earnings up 9 percent in quarter, down 8 percent for the year. The future? AI PCs, duh AI There was a massive Bing outage late last week. Press hold on all the obvious jokes, this impacted Copilot everywhere, DuckDuckGo, other services Cue the Chicken Little "this is why I'll never use AI" crowd, which used to be the "this is why I'll never use the cloud" crowd Copilot comes to Telegram for some reason Google goes live with AI overviews in Search and the world grinds to a halt Google adds Gemini to Chromebook Plus, gives one free year of Google One AI Premium to new device buyers WWDC is coming soon and we're seeing hints of how Apple will add more AI to its products Opera partners with Google Cloud on Gemini in Aria AI and image understanding/image generation in browser And it now plans to make 2000 SLMs available in the browser NVIDIA revenues were a record in Q1, up 262 percent YOY Dev Last week, we learned that WPF is making a comeback. This week, Paul revived his .NETpad project and is going to modernize it using the new features Xbox We finally have some news about Activision Blizzard games and Game Pass!!! But it's only one game, and it doesn't happen until November Atari buys the Intellivision brand. I wish we knew more about this Tips & Picks Tip of the week: Beware the dark patterns App pick of the week: Windows 11 version 24H2 RunAs Radio this week: PowerApp Extensibility with Christina Wheeler Brown liquor pick of the week: Glen Garioch 1797 Founder's Reserve Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: HP.com - WW - https://bit.ly/4adilko GO.ACILEARNING.COM/TWIT - code TWIT30

-- What's it like to drive a car with a high-end 360º camera on the roof of your car? -- How is 360º footage so helpful immediately after a natural disaster? On WGAN-TV on Location at Geo Week 2024 in Denver, I took a spin with the Mosaic X Mobile Mapping 360º Camera and Mosaic Mobile Mapping Solutions Architect Dylan Faraone to find out. See video above. === ChatGPT-4 Summary of this video: In this segment from WGAN-TV on Location at Geo Week in Denver, Dan Smigrod, Founder of the We Get Around Network Forum, introduces viewers to an innovative piece of technology in the field of digital data collection. Joined by Dylan Faraone from Mosaic 51, they delve into the capabilities and functionalities of the Mosaic X camera, a device designed to capture Google Street View-like imagery for private use. This industrial-grade camera boasts six lenses, enabling it to record and stitch together high-resolution, equirectangular panoramas. Dylan explains how the Mosaic X operates in various settings, allowing for sparse or dense data capture, making it ideal for a wide range of applications from utility assessments to roadway condition evaluations. The camera's design prioritizes ease of use, with plug-and-play functionality accessible through a WebUI on almost any device. This flexibility is highlighted through a discussion on its practical applications, such as detailed assessments following Hurricane Ian, where the camera played a crucial role in damage assessment, building resilience understanding, and informing future building codes. The conversation also touches upon the potential integration of the Mosaic X into the workflows of 3D/360 digital twin creators within the We Get Around Network Forum community. The technology presents an opportunity for these creators to expand their services into large-scale data collection projects, such as those required by construction and civil engineering firms. This segment underscores the Mosaic X camera's significance as a tool for capturing detailed, high-quality data for a multitude of uses, from disaster response to infrastructure development, showcasing its value in both immediate and long-term applications.

-- What's it like to drive a car with a high-end 360º camera on the roof of your car? -- How is 360º footage so helpful immediately after a natural disaster? On WGAN-TV on Location at Geo Week 2024 in Denver, I took a spin with the Mosaic X Mobile Mapping 360º Camera and Mosaic Mobile Mapping Solutions Architect Dylan Faraone to find out. See video above. === ChatGPT-4 Summary of this video: In this segment from WGAN-TV on Location at Geo Week in Denver, Dan Smigrod, Founder of the We Get Around Network Forum, introduces viewers to an innovative piece of technology in the field of digital data collection. Joined by Dylan Faraone from Mosaic 51, they delve into the capabilities and functionalities of the Mosaic X camera, a device designed to capture Google Street View-like imagery for private use. This industrial-grade camera boasts six lenses, enabling it to record and stitch together high-resolution, equirectangular panoramas. Dylan explains how the Mosaic X operates in various settings, allowing for sparse or dense data capture, making it ideal for a wide range of applications from utility assessments to roadway condition evaluations. The camera's design prioritizes ease of use, with plug-and-play functionality accessible through a WebUI on almost any device. This flexibility is highlighted through a discussion on its practical applications, such as detailed assessments following Hurricane Ian, where the camera played a crucial role in damage assessment, building resilience understanding, and informing future building codes. The conversation also touches upon the potential integration of the Mosaic X into the workflows of 3D/360 digital twin creators within the We Get Around Network Forum community. The technology presents an opportunity for these creators to expand their services into large-scale data collection projects, such as those required by construction and civil engineering firms. This segment underscores the Mosaic X camera's significance as a tool for capturing detailed, high-quality data for a multitude of uses, from disaster response to infrastructure development, showcasing its value in both immediate and long-term applications.

Hihi, this is Alex, from Weights & Biases, coming to you live, from Yosemite! Well, actually I'm writing these words from a fake virtual yosemite that appears above my kitchen counter as I'm not a Vision Pro user and I will force myself to work inside this thing and tell you if it's worth it. I will also be on the lookout on anything AI related in this new spatial computing paradigm, like THIS for example! But back to rfeality for a second, we had quite the show today! We had the awesome time to have Junyang Justin Lin, a dev lead in Alibaba, join us and talk about Qwen 1.5 and QwenVL and then we had a deep dive into quite a few Acronyms I've been seeing on my timeline lately, namely DSPy, ColBERT and (the funniest one) RAGatouille and we had a chat with Connor from Weaviate and Benjamin the author of RAGatouille about what it all means! Really really cool show today, hope you don't only read the newsletter but listen on Spotify, Apple or right here on Substack. TL;DR of all topics covered: * Open Source LLMs * Alibaba releases a BUNCH of new QWEN 1.5 models including a tiny .5B one (X announcement)* Abacus fine-tunes Smaug, top of HF leaderboard based Qwen 72B (X)* LMsys adds more open source models, sponsored by Together (X)* Jina Embeddings fine tune for code* Big CO LLMs + APIs* Google rebranding Bard to Gemini and launching Gemini Ultra (Gemini)* OpenAI adds image metadata (Announcement)* OpenAI keys are now restricted per key (Announcement)* Vision & Video* Bria - RMBG 1.4 - Open Source BG removal that runs in your browser (X, DEMO)* Voice & Audio* Meta voice, a new apache2 licensed TTS - (Announcement)* AI Art & Diffusion & 3D* Microsoft added DALL-E editing with "designer" (X thread)* Stability AI releases update to SVD - video 1.1 launches with a webUI, much nicer videos* Deep Dive with Benjamin Clavie and Connor Shorten show notes:* Benjamin's announcement of RAGatouille (X)* Connor chat with Omar Khattab (author of DSPy and ColBERT) - Weaviate Podcast* Very helpful intro to ColBert + RAGatouille - NotionOpen Source LLMs Alibaba releases Qwen 1.5 - ranges from .5 to 72B (DEMO)With 6 sizes, including 2 new novel ones, from as little as .5B parameter models to an interesting 4B, to all the way to a whopping 72B, Alibaba open sources additional QWEN checkpoints. We've had the honor to have friend of the pod Junyang Justin Lin again, and he talked to us about how these sizes were selected, that even thought this model beats Mistral Medium on some benchmarks, it remains to be seen how well this performs on human evaluations, and shared a bunch of details about open sourcing this.The models were released with all the latest and greatest quantizations, significantly improved context length (32K) and support for both Ollama and Lm Studio (which I helped make happen and am very happy for the way ThursdAI community is growing and connecting!) We also had a chat about QwenVL Plus and QwebVL Max, their API only examples for the best open source vision enabled models and had the awesome Piotr Skalski from Roborflow on stage to chat with Junyang about those models! To me a success of ThursdAI, is when the authors of things we talk about are coming to the show, and this is Junyang second appearance, which he joined at midnight at the start of the chinese new year, so greately appreciated and def. give him a listen! Abacus Smaug climbs to top of the hugging face leaderboard Junyang also mentioned that Smaug is now at the top of the leaderboards, coming from Abacus, this is a finetune of the previous Qwen-72B, not even this new one. First model to achieve an average score of 80, this is an impressive appearance from Abacus, though they haven't released any new data, they said they are planning to! They also said that they are planning to finetune Miqu, which we covered last time, the leak from Mistral that was acknowledged by Arthur Mensch the CEO of Mistral.The techniques that Abacus used to finetune Smaug will be released an upcoming paper! Big CO LLMs + APIsWelcome Gemini Ultra (bye bye Bard) Bard is no longer, get ready to meet Gemini. it's really funny because we keep getting cofusing naming from huge companies like Google and Microsoft. Just a week ago, Bard with Gemini Pro shot up to the LMSYS charts, after regular gemini pro API were not as close. and now we are suppose to forget that Bard even existed?

Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.Accessing and managing various applications and services remotely is a daily occurrence for a typical administrator. It is often the fastest way to accomplish a quick task while you are on the move or say something urgent is needed while you are still on your way to your desk. While that is nothing new, we see an uptick on the number of successful attack taking advantage on these exposed administrative interfaces. What is causing the recent increase in Web UI initial access? Well, that is the topic our episode this week.I am your host Ibrahim YusufJust before we hit the main topic, lets review a couple top of mind recent news:Not long ago, Microsoft's exchange online was breached. They now revealed how this happened.UK and US Water Utilities Hit with Cyberattacks- https://www.microsoft.com: Midnight Blizzard guidance for responders on nation state-attack- https://www.securityweek.com: Major UK and US  water companies hit by ransomwarehttps://www.cisa.gov: Water and wastewater sector incident response guide Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

Il 14 novembre è stato rilasciato .NET 8, e con questa versione Blazor è ufficialmente un framework "full-stack web UI" il che vuol dire che non è più utile solo per la parte client delle nostre applicazioni, ma ora anche per poter generare codice statico (lato server) con un bel pò di funzionalità interessanti.Inizia oggi il percorso alla scoperta di .NET 8https://learn.microsoft.com/en-us/aspnet/core/release-notes/aspnetcore-8.0https://devblogs.microsoft.com/dotnet/announcing-asp-net-core-in-dotnet-8/https://devblogs.microsoft.com/dotnet/announcing-dotnet-8/

Heute sprechen wir über proALPHA ray, das neue Web UI von proALPHA ERP. Was steckt hinter proALPHA ray und wie hängt es mit der Cloud-Strategie von proALPHA zusammen? Von welchen Highlights und Vorteilen profitieren unsere Kunden? Das und viel mehr verrät uns Daniel Schüllner, Product Strategy Manager bei proALPHA. Viel Spaß beim Reinhören!

88MWhce9wToCCENbRgfZ6X54Dx8HF4bYY79YkYN9nXeqCDmykzXuq48HWe6k9eZDkA4iYpLbTsvpXPnAGCALHTTMLUp8cWi OR DONATE HERE: https://www.monerotalk.live/donate COFFEE: https://gratuitas.org/ GUEST LINKS: https://twitter.com/LIBERTAD_CAL TIMESTAMPS: (00:00:00) Monerotopia Introduction. (00:05:02) Monerotopia Price Report Segment w/ Bawdyanarchist. (00:37:39) Monerotopia Development Segment w/ Comradeblin. (00:57:36) Monerotopia Guest Segment w/ Abdullah Khan and Brindel. (00:58:59) Overview about the Nodo Project. (01:12:52) Which program or system they're using in the software. (01:19:08) The Web UI. (01:35:24) Monerotopia Viwers on Stage Segment. (01:58:59) Monerotopia News Segment w/ Doug and Tux. (01:59:36) IRS extends comments period for new crypto tax rule to mid-november. (02:01:10) Tom Emmer and crypto. (02:06:49) Acapulco Hurricane relief raises almost 40k$. (02:09:51) Turkey plans a crypto framework in 2024. (02:11:20) Bank of Spain embraces the digital euro. (02:14:06) The digital yuan was used for cross-border oil deal. (02:16:13) Do not use Ledger recover. (02:20:43) SEC commissioner on LBRY. (02:35:37) Monerotopia Finalization. NEWS SEGMENT LINKS: Turkey plans a crypto framework in 2024: https://cointelegraph.com/news/turkey-plans-craft-crypto-framework-2024 Bank of Spain embraces the digital euro: https://cointelegraph.com/news/bank-of-spain-embraces-digital-euro-explains-benefits The digital yuan was used for cross-border oil deal: https://cointelegraph.com/news/chinese-digital-yuan-cbdc-used-first-time-settle-cross-border-oil-deal Unclaimed bounties for a Monero passport style hardware wallet: https://github.com/mjg-foundation/passport2-monero/issues Do not use Ledger recover: https://twitter.com/sethforprivacy/status/1716861148094443958 Hamas and the 93$ million: https://twitter.com/neerajka/status/1717291017978708308 Acapulco Hurricane relief raises almost 40k$: https://twitter.com/fiatdemise/status/1717985309856584143 Tom Emmer and crypto: https://www.politico.com/news/2023/10/24/tom-emmer-crypto-00123152 Cake meetup in Chicago: https://x.com/cakewallet/status/1717955705326469268?s=20 SEC commissioner on LBRY: https://cointelegraph.com/news/hester-peirce-lbry-enforcement-action-troubling SPONSORS: GUEST SEGMENT: Cakewallet.com & Monero.com PRICE REPORT: https://localmonero.co/ Don't forget to SUBSCRIBE! The more subscribers, the more we can help Monero grow! XMRtopia TELEGRAM: https://t.me/monerotopia XMRtopia MATRIX: https://matrix.to/#/%23monerotopia%3A... ODYSEE: https://bit.ly/3bMaFtE WEBSITE: monerotopia.com CONTACT: monerotopia@protonmail.com MASTADON: @Monerotopia@mastodon.social MONERO.TOWN https://monero.town/u/monerotopia Get Social with us: X: https://twitter.com/monerotopia INSTA: https://www.instagram.com/monerotopia/ DOUGLAS: https://twitter.com/douglastuman SUNITA: https://twitter.com/sunchakr TUXS: https://twitter.com/tuxpizza

In this episode of the podcast, Grizz sits down with Cortney Stauffer (Head of UX Practice) & Chuck Danielsson (Head of Practice, Web/UI), both from Adaptive. They talk about UX, UI, FDC3, and why things should just work. Cortney Stauffer: https://www.linkedin.com/in/cortstauffer/ Chuck Danielsson: https://www.linkedin.com/in/chuck-danielsson-2141b058/ NYC November 1 - Open Source in Finance Forum: ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://events.linuxfoundation.org/open-source-finance-forum-new-york/⁠⁠⁠⁠⁠⁠⁠⁠⁠ 2022 State of Open Source in Financial Services Download: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/state-of-open-source-in-financial-services-2022⁠⁠⁠⁠⁠⁠⁠⁠⁠ All Links on Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletter⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - more show notes to come A huge thank you to all our sponsors for Open Source in Finance Forum New York ⁠⁠⁠⁠⁠⁠⁠⁠https://events.linuxfoundation.org/open-source-finance-forum-new-york/⁠⁠⁠⁠⁠⁠⁠⁠that will take place this November 1st at the New York Marriott Marquis This event wouldn't be possible without our sponsors. A special thank you to our Leader sponsors: Databricks, where you can unify all your data, analytics, and AI on one platform. And Red Hat - Open to change—yesterday, today, and tomorrow. And our Contributor and Community sponsors: Adaptive/Aeron, Connectifi, Discover, Enterprise DB, FinOps Foundation, Fujitsu, instaclustr, Major League Hacking, mend.io, Open Mainframe Project, OpenJS Foundation, OpenLogic by Perforce, Orkes, Percona, Sonatype, StormForge, and Tidelift. If you would like to sponsor or learn more about this event, please send an email to ⁠⁠⁠⁠⁠⁠⁠⁠sponsorships@linuxfoundation.org⁠⁠⁠⁠⁠⁠⁠⁠. Grizz's Info | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/aarongriswold/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠grizz@finos.org⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ►► ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Visit FINOS www.finos.org⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ►► ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Get In Touch: info@finos.org⁠

Free, ungated access to all 255+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

Nicole Sullivan, Product Manager for Web UI on Chrome is interviewed by Brian Kardell, Developer Advocate at Igalia, in Part 6 of our History of the Web series designed to tell the story of the web from the people who helped build, shape, and promote it

「Adobe Firefly」のWeb版が日本語プロンプト入力とUIを実装　英語“以外”への対応を加速。　アドビは7月12日、コンテンツ生成AI技術「Adobe Firefly」のWeb版（β）をアップデートし、多言語対応を開始した。これにより、日本語で「Web版の画面表示」と「プロンプト（文字入力）によるコンテンツ生成」が行えるようになる。

Why everyone is excited about the next Linux kernel, Valve's big hire, and Red Hat's clone war.

Why everyone is excited about the next Linux kernel, Valve's big hire, and Red Hat's clone war.

Ecco un recap veloce per chi non avesse seguito la mia sessione alla BlazorConf.BlazorConf 2023: Blazor United, un salto nel futurohttps://youtu.be/QH937aLGyQgDemo e slide: BrewerApphttps://github.com/andreadottor/BrewerApp

第673回 AIで画像生成 Bing Image Creator/Stable Diffusion Web UI (2023/3/26) Teamsの番組コミュニティのお申込みはこちら Surface Pro 9実機レポ […]

Data migration doesn't have to be daunting.  A modern Web interface can help reduce friction, making the process faster, easier, and more productive.  With tools like the IBM Transparent Data Migration Facility (TDMF) for z/OS, scrolling through green screens is a thing of the past. Join 21st Century Software's Brandon Wilkie and Chris Hartley, and IBM's Fiona King, as they take a deep dive into what it takes to scope, plan, and execute a data-migration project – and how powerful DevOps tools contained in IBM z/OS Management Facility (z/OSMF) accelerates plug-in development.For more about like the IBM Transparent Data Migration Facility (TDMF) for z/OS and the IBM z/OS Management Facility (z/OSMF) visit 21st Century Software and IBM online. Learn more about z/OSMF here. For more on IBM zSystems modernization, visit the IBM Z and Cloud Modernization Center.And be sure to join the ISV Ecosystem User Group on the IBM Z and LinuxONE Community for more updates on how ISVs are innovating the IBM zSystems platform: blogs, events, videos, discussions, and more. Join here. Subscribe to z/Action! Each month we meet some of the world's most innovative companies as they share how they're expanding horizons and driving success with IBM zSystems.

【雑談】サバゲーを初めてやったけど、これ楽しいぞ・・・！ --- Twitterアカウント始めました！質問やコメントなど受け付けています！ https://twitter.com/trycatch_fm Peingを開設しました！質問や取り扱って欲しいテーマなど送っていただけると僕たちのモチベーションが爆上がりします https://peing.net/ja/9045551273053f#question-form

{独立行政法人情報処理推進機構（IPA）および一般社団法人JPCERT コーディネーションセンター（JPCERT/CC）は10月6日、IPFire の WebUI におけるクロスサイトスクリプティングの脆弱性について「Japan Vulnerability Notes（JVN）」で発表した。}

La bonne app pour le bon prototype, je vous partage mes recommandations pour concevoir vos meilleurs animations et transitions...

On this episode of Engage, host First Officer Ryan Argenta sits down with Mike Cowan and Scott Ryan of the PBS Committee for an in-depth review of the NAVBLUE PBS bidding platform, how to navigate the transition to the new WebApp along with some tips, tricks, and best practices to bid for what you want and actually get it. On July 25, the Web UI version of PBS will sunset, and pilots will be re-directed to the new PBS WebApp. This affects all pilots bidding for September and beyond. Mike and Scott explain just how seamless the transition will be and where to easily find help when you need it. This introductory episode on bidding is just one of a several-part series on PBS bidding pitfalls, strategy, and how to maximize your bidding success. Did you know? You can have a PBS Committee guru review your bids each month for clarity, functionality, and reality before the bid window closes. Tune in to find out how and more! (Recorded June 9, 2022)

Remember: you can also always follow the show on Twitter @dotnetcoreshow, and the shows host on Twitter @podcasterJay or visit our Contact page. Welcome to season 4 of the award-winning .NET Core Podcast! Check that link for proof. Hello everyone and welcome to The .NET Core Podcast is a podcast where we reach into the core of the .NET technology stack and, with the help of the .NET community, present you with the information that you need in order to grok the many moving parts of one of the biggest cross-platform, multi-application frameworks on the planet. I am your host, Jamie "GaProgMan" Taylor. In this episode, I talked with Otto Dobretsberger about Photino: a lightweight open-source framework for building native, cross-platform desktop applications with Web UI technology. We talked about why you might decide to take an existing web app and use it with Photino to create a desktop application, why you might do that rather than provide Progressive Web App support, and some of the things which might be coming in a later release. Along the way, we discuss some of the difficulties in creating cross-platform UI-based applications, and some of the things that Flatpack, AppImage, and Snap are trying to solve on the Linux desktop. The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at https://dotnetcore.show/episode-102-photino-with-otto-dobretsberger/   Useful Links from the episode: TryPhotino.io Photino Documentation Photino on GitHub Photino Samples on GitHub Photino on Twitter Code Mag Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinions of the show, so please do get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast

Reschedule: Andy Damevin @ia3andy will discuss how the Quinoa extension takes care of all the Web UI build/wiring/dev-mode hassles to let you focus of your web application logic. http://bit.ly/quarkusinsights

In our Trino Community Broadcast episode 35 we are catching up on recent releases 375, 376, 377, and 378. We then talk about how Trino is packaged as tarball, rpm, and docker container, what some of the differences are, and how you can customize either of them. Beyond we also look for your feedback and input on usage of the different packages. As a next step we chat about adopting Java 17 is standard for Trino, and then we get a demo of a new feature of the web UI.- Intro song: 00:00- Intro: 00:32- Releases: 4:22- Concept of the episode: Packaging Trino: 21:28- Additional topic of the episode: Modernizing Trino with Java 17: 46:49- Pull requests of the episode: Worker stats in the Web UI: 55:25- Question of the episode: HDFS supported by Delta Lake connector?: 1:01:52- Demo of the episode: Tarball installation and new Web UI feature: 1:05:58Show Notes: https://trino.io/episodes/35.htmlShow Page: https://trino.io/broadcast/

Welcome to another episode of The Speechly Podcast and the next episode in the "Designing and Developing Voice UIs" series. In this series we will be having open discussions with members of the Product Team at Speechly exploring topics related to the Design & Development of Voice UIs in everyday technology. We will discuss existing best practices for the Design & Development of Voice UIs as well as emerging topics relevant to the progression of Voice UI technology. Today I am joined by Otto, Co-Founder and CEO at Speechly, to have a discussion on Voice Form & Tap-To-Talk Components for React and Web as well as Evaluating Deployed Voice UI Models. We dug into topics such as: - Why are “Voice Forms” a good use case for a Multi-Modal Voice Interface? - What are the benefits of Tap to Talk vs a Wake Word in Mobile and Web based Voice experiences? - What are the benefits of evaluating the accuracy of a Voice UI Model configuration using a set of test utterances vs just testing with real users out of the gate? - We also had some great questions around topics like privacy from those listening live. I hope you enjoy this conversation with Otto on The Speechly Podcast! Follow Speechly: Speechly.com Twitter - @SpeechlyAPI GitHub.com/Speechly LinkedIn

Dexter Liu, BigFix WebUI and Unified Endpoint Management Development Lead tells us about his journey to BigFix, including qualifying BigFix for patch management while still in college, and the exciting new features he and his team are working to bring to life in this July 2021 interview.  BigFix Community Resources: BigFix Website - https://www.hcltechsw.com/wps/portal/products/bigfix/home BigFix LinkedIn - https://www.linkedin.com/company/hclbigfix/ BigFix Forum https://forum.bigfix.com/ BigFix Slack https://join.slack.com/t/bigfix/shared_invite/zt-8yit7w47-pEGJZOsm7a9zqJo0MR9x6Q

Ty Overby is a programmer in Jane Street's web platform group where he works on Bonsai, our OCaml library for building interactive browser-based UI. In this episode, Ty and Ron consider the functional approach to building user interfaces. They also discuss Ty's programming roots in Neopets, what development features they crave on the web, the unfairly maligned CSS, and why Excel is “arguably the greatest programming language ever developed.”You can find the transcript for this episode  on our website.Some links to topics that came up in the discussion:Jane Street's Bonsai libraryThe 3D design system OpenSCADMatt Keeter's libfive design toolsTry .NET in-browser replJane Street's Incr_dom libraryThe Elm Architecture “pattern for architecting interactive programs”React JavaScript libraryThe Houdini proposalSvelte UI toolkit

About Angie Angie Jones is a Java Champion and Senior Director who specializes in test automation strategies and techniques. She shares her wealth of knowledge by speaking and teaching at software conferences all over the world, writing tutorials and technical articles on angiejones.tech, and leading the online learning platform, Test Automation University.As a Master Inventor, Angie is known for her innovative and out-of-the-box thinking style  which has resulted in more than 25 patented inventions in the US and China. In her spare time, Angie volunteers with Black Girls Code to teach coding workshops to young girls in an effort to attract more women and minorities to tech.Links: Applitools: https://applitools.com Black Girls Code: https://www.blackgirlscode.com Test Automation University: https://testautomationu.applitools.com Personal website: https://angiejones.tech Twitter: https://twitter.com/techgirl1908 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by CircleCI. CircleCI is the leading platform for software innovation at scale. With intelligent automation and delivery tools, more than 25,000 engineering organizations worldwide—including most of the ones that you've heard of—are using CircleCI to radically reduce the time from idea to execution to—if you were Google—deprecating the entire product. Check out CircleCI and stop trying to build these things yourself from scratch, when people are solving this problem better than you are internally. I promise. To learn more, visit circleci.com.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. If there's one thing that I have never gotten the hang of, its testing. Normally, I just whack the deploy button, throw it out into the general ecosystem, and my monitoring system is usually called ‘customers.' And if I don't want to hear from them, I just stopped answering calls from the support desk. Apparently, that is no longer state of the art because it's been about 15 years. Here to talk about testing from a more responsible direction is Angie Jones, a senior director and developer at Applitools. Thanks for joining me.Angie: Hey, Corey. [laugh]. I am cracking up at your confession there and I appreciate it because you're not unique in that story. I find that a lot of engineers [laugh] follow that same trend.Corey: There are things we talk about and there are the things that we really do instead. We see it all over the place. We talk about infrastructure as code, but everyone clicks around for a few things in the Cloud Console, for example. And so on, and so forth. We all know we should in theory be doing things, but expediency tends to win the day.And for better or worse, talking about testing, in many cases, makes some of us feel better about not actually doing testing. And one of these days, it's one of those, “I really should learn how TDD would work in an approach like this.” But my primary language has always been, well, always been a crappy version of whatever I'm using, but for the last few years, it's been Python. There are whole testing frameworks around all of these things, but I feel like it requires me to actually have good programming practices to begin with which, let's be very clear here, I most assuredly doubt.Angie: [laugh]. That's a fair assessment, but I would also argue, in cases like those, you need testing even more, right? You need something to cover your butt. So, what are you doing? You're just, kind of, living on the edge here?Corey: Sort of. In my case, it's always been that I'll bring in an actual developer who knows what they're doing to—Angie: Ah.Corey: —turn some of my early scripts into actual tools. And the first question is, “Okay, can you explain what this is doing for me?” “Great. So, we're going to throw it away and completely replace it with—so what are the inputs, what are the outputs, and do you want me to preserve the bugs or not?” At which point, it's great.It's more or less like I'm inviting someone to come in and just savage my code, which is apparently also a best practice. But for better or worse, I've never really thought of myself as an engineer, so it's one of those areas where it's it doesn't cut to the core of my identity in any particular way. I do know it would be nice that, oh yeah, when I wind up doing an iterative deployment of a Lambda function or something, if it takes five minutes to get updated, and then I forgot to put a comma in or something ridiculous like that. Yeah. Would have been nice to have something—you know, a pre-commit hook—that caught something like that.Angie: Yeah, yeah. It's interesting. You said, “Well, maybe one of these days, I'll learn.” And that's the issue I find. No matter what route you took to learn how to become—whatever you are, software engineer, whatever—testing likely wasn't part of that curriculum.So, we focus—when teaching—very heavily on teaching you how to code and how to build something, but very little, if any, on how to ensure you built the right thing and that it stands the test of time.Corey: My approach has always been well, time to write some code, and it started off as just, as a grumpy systems administrator, it was always shell scripts, which, okay, great. Instead of doing this thing on 15 machines, run upon a for loop and just iterate through them. And in time, you start inheriting other people's crappy tooling, and well, I could rewrite the entire thing and a week-and-a-half, or I could figure out just enough Perl to change that one line in there, and that's how they get you. You sort of stumbled your way into it in that direction. Naive questions I always like to ask around testing that never really get answers for because I don't think to ask these when other people are in the room and it's not two o'clock in the morning and the power is gone out.You have a basic linter test of, do you have basic syntax errors in the code? Will it run? Seems to be a sort of baseline, easy acceptance test. But then you get into higher-level testing of unit tests, integration tests, and a bunch of others I'm sure I'm glossing over because—to be direct—I tend to conflate all these in my head. What is the hierarchy of testing if there is such a thing?Angie: Yeah, so Mike Cohn actually created a model that is very heavily used within the industry, and it's called the ‘Test Automation Pyramid.' And what this model suggests is that you have your unit tests; you have some kind of, like, integration-type tests in the middle, and then you have these end-to-end tests on top. So, think of a pyramid divided into three sections. But that's not divided equally; the largest part of that pyramid, which is the base, is the unit test. So, this suggests that the bulk of your test suite should comprise of unit tests.The idea here is that these are very small, they're very targeted, meaning they're easier to write, they take less time to run, and if you have an error, it kind of pinpoints exactly what's wrong in the system. So, these are great. The next level would be your integration. So, now how do two units integrate together? So, you can test this layer multiple different ways: it might be with APIs, it might be the business logic itself, you know, calling into functions or something like that.And this one is smaller than the unit test but not as large as the final part, which is the end-to-end test. And that one is your smallest piece, and it doesn't even have to be end-to-end. It could be UI, actually. That's how it's labeled by Mike Cohn in his book: UI tests. So, the UI tests, these are going to be your most fragile tests, these are going to take the most time to write as well as the most time to execute.If something goes wrong, you have to dig down to figure out what exactly broke to make this happen. So, this should be the smallest chunk of your overall testing strategy.Corey: People far smarter than I have said that in many cases—along with access—testing, and monitoring—or observability, which is apparently a term for hipster monitoring—are lying on the same axis. Where in the olden days of systems administration, you can ping the machine and it responds just fine, but the only thing that's left on that crashed machine is just enough of the network stack to return a ping, so everything except the thing that tells you it's fine is in fact broken. So, as you wind up building more and more sophisticated applications, the idea being that the testing and the ‘is everything all right' monitoring ping tends to, more or less, coalesce into the same thing. Is that accurate from your view of the world? Is that something that is an oversimplification of something much more nuanced? Or did I completely misunderstand what they were saying, which is perfectly possible?Angie: You kind of lost me somewhere in the middle. So, I'm just going to nod and say yes. [laugh].Corey: [laugh]. No, no, it—the hard part that I've always found is… I lie to myself, when I'm writing code: “Oh, I don't need to write a unit test for this,” because I'd gotten it working, I tested it with something that I know is good, it returns what I expect; I tested with something bad and well, some undefined behavior happens—because that's a normal thing to happen with code—and great, I don't need to have a test for that because I've already got it working. Problem solved.Angie: Right. Right.Corey: It's a great lie.Angie: Yeah.Corey: And then I make a change later on that, in fact, does break it. It's the, “But I'm writing this code once and why would I ever go back to this code and write it again? It's just a quick-and-dirty patch that only needs to exist for a couple of weeks.” Yeah, the todo: remove this later, and that code segment winds up being load-bearing decades into the future. I'm like, “Yeah, one of these days, someone's going to go back and clean up all of my code for me.” Like, the code fairies are going to come in the middle of the night with the elves, and tidy everything up. I would love to hire those mythical creatures, but can't find them.Angie: This mythical sprint, where it's, “Oh, let's only clean up this entire sprint.” You know, everybody's kind of holding out and waiting for that. But no, you hit the nail on the head with the reason why you need to automate your tests, essentially. So, I find a lot of newer folks to the space, they really don't understand, why on earth would I spend time writing code to represent this test? Just like you said, “I implemented the feature. I tried it out, it worked.” [laugh]. “And hey, I even tried a non-happy path. And when it broke, I had a nice little error message to tell the user what to do.”And they feel really good about that, so they can't understand, “Why would I invest the time—which I don't have—to write some tests?” The reason for that it's just as you said: this is for regression. Unless that's the end of this application and you're not going to touch it ever again for any reason, then you need to write some tests [laugh] because you're going to constantly change the application, whether that be refactoring, whether that be adding new features to it, it's going to change in some way and you cannot be sure that the tests of yesterday still work today because whenever you make the change, you're just going to poke around manually at that little area not realizing there could be some integration things that you totally screwed up here and you miss that until it goes out into prod.Corey: The worst developer I've ever met—hands down—was me, six months before I'm looking at whatever it is that I've written. And given that I do a lot of my stuff in a vacuum and I'm the only person to ever touch these repositories, I could run Git blame, but I already know exactly what it's going to tell me—Angie: “It's me.” [laugh].Corey: —so we're just going to skip that part. Like it's a test. And, “Yeah, we're just going to try and fix that and never speak about it again.” But I can't count the number of times I have looked at code that I've written—and I do mean written; not blindly copy-and-pasted out of Stack Overflow, but actually wrote, and at the time, I understood exactly what it did—and then I look at it, and it is, “What on earth was I thinking? What—what—it technically doesn't even return anything; it can't be doing anything. I can just remove that piece entirely.” And the whole thing breaks.I've out-clevered myself in many respects. And I love the idea, the vision, that testing would catch these things as I'm making those changes, but then I never do it. It's getting started down that path and developing a more nuanced, and dare I say it, formal understanding of the art and science of software development. Always feels like the sort of thing I'll get to one of these days, but never actually got around to. Nowadays, my testing strategy is to just actually deploy things into someone else's account and hope for the best.And, “Oh, good. Well, everyone has a test account; ideally, it's not their own production account.” And then we start to expand on beyond that. You have come to this from a very different direction in a number of different ways. You are—among other things—a Java Champion, which makes it sound like you fought the final boss at the end of the developer internet. And they sound really hard. What is a Java Champion?Angie: Yeah. So, a Java Champion is essentially an influencer in the Java ecosystem. You can't just call yourself this; like you say, you got to fight the guy at the end, you know? But seriously, in order to become one, a current Java Champion has to nominate you, and all of the other Java Champions has to review your package, basically looking at your work. What have you contributed to the developer community, in terms of Java?So, I've done a number of courses that I've taught; I've taught at the university level, as well; I am always talking about testing and using Java to show how to do that, as well as talks and all of this stuff. So apparently, I had enough [laugh] for folks to vote me in. So, it is an organization that's kind of ordained by Oracle, the Gods of Java. So, it's a great accomplishment for me. I'm extremely happy about it. And just so happens to be the first black woman to become a Java Champion. So, the news made a big deal about that. [laugh].Corey: Congratulations. Anytime you wind up getting that level of recognition in any given ecosystem, it's something to stop and take note of. But that's compounded by just the sheer scale and scope of the Java community as a whole. Every big tech company I know has inordinate amounts of Java scattered throughout their infrastructure, a lot of their core services are written in Java, which makes me feel increasingly strange for not really knowing anything about it, other than that, it's big and that there are—this entire ecosystem of IDs, and frameworks, and ways to approach these things that it feels like those of us playing around in crappy bash-scripting-land have the exact opposite experience of, “Oh, I'm just going to fire up an empty page and fill it with a bunch of weird commands and run it, and it fails, and run it again, and it fails. And it finally succeeds when I fixed all the syntax errors, and that's great.” It feels like there is a much more structured approach to writing Java compared to other languages, be they scripts or full-on languages.Angie: Yeah. That's been a gift and a curse of the language. So, as newer frameworks have come out, or even as JavaScript has made its way to the front of the line, people start looking at Java, it's kind of bloated, and all of these rules and structures were in place, but that feels like boilerplate stuff and cumbersome in today's development space. So, fortunately, the powers that be have been doing a lot of changes in Java. We went for quite a while where releases were about, mmm, every three years or so.And now they've committed to releases every six months. So, [laugh] most people are on Java 8 still, but we're actually at, like, Java 16, now. So, now it's kind of hard to keep up but that makes it fun as well. There's all of these newer features and new capabilities, and now you can even do functional programming in Java, so it's pretty nice.Corey: Question I have is, does testing lend itself more easily to Java versus other language? And I promise I'm not trying to start a language war here. I just know that, “Well, how do I effectively test my Python code?” Leads to a whole bunch of? “Well, it depends.”It's like asking an attorney any question on the planet; same story. Like, “Well, it really depends on a whole bunch of things.” Is it a clearer, more structured path in Java, or is it still the same murky there are 15 different ways to do it and whichever one you pick, there's a whole cacophony of folks telling you you've done it wrong?Angie: Yeah, that's a very interesting question. I haven't dug into that deep, but Java is by far the most popular programming language for UI test automation. And I wonder why that is because you don't use Java for building front end. You use Java scripts. I don't know how this ca—I—well, I do know how it came to be.Like, back in the day, when we first started doing test automation, JavaScript was a joke, right? People would laugh at you if you said that you were going to use JavaScript. It's, you know, “I'm going to learn JavaScript and try to enter the workforce.” So, you know, that was a big no-no, and kind of a joke back then. So, Java was what a lot of your developers were using even if they were only using it for the backend, maybe.You didn't really have a [unintelligible 00:16:32] language on the client-side, back then. You had your PHP on the back end, you just did some HTML and some CSS on the front end. So, there wasn't a whole lot of scripting going on back then. So, Java was the language that people chose to use. And so there's a whole community out there for Java and testing.Like, the libraries are very mature, there's open-source products and things like this. So, this is by far the most popular language that people use, no matter what their application is built in.This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking databases, observability, management, and security.And - let me be clear here - it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build.With Always Free you can do things like run small scale applications, or do proof of concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free. No asterisk. Start now. Visit https://snark.cloud/oci-free that's https://snark.cloud/oci-free.Corey: If I were looking to get a job in enterprise these days, it feels like Java is the direction to go in, with the counterpoint that, let's say that I go the path that I went through: I don't have a college degree; I don't have a high school diploma. If I were to start out trying to be a software engineering today, or advising someone to do the same, it feels like the lingua franca of everything today seems to be JavaScript in many different respects. It does front end; it does back end; people love to complain about it, so you know it's valid. To be clear, I find myself befuddled every time I pick it up. I'm not coming at this from a JavaScript fanboy perspective in any respect.The asynchronous execution flow always messes with my head and leaves me with more questions than answers. Is that assessment though—of starting languages—accurate? Are there cases where Java is absolutely the right answer, as far as what to learn first?Angie: Yeah. So, I first started with C++, and then I learned Java. Well, what I find is, Java because it's so strict—it's a statically typed language, and there's lots of rules, and you really need to understand paradigms and stuff like that with this language—it's harder to learn, but once you learn it, it's much easier to pick up other languages, even if they're dynamically typed, you know? So, that's been my experience with this. As far as jobs, so the last time I looked at this, someone did some research and wrote it up—this was 2019—and they looked at the job openings available at the time, and they divided it by language. And Java was at, like, 65,000 jobs open, Python was a close second was 62,000, and JavaScript was third place with 39,000.So, quite a big difference. But if you looked at tech Twitter, you'd think, like, JavaScript is all there is. Most of my followers and folks that I follow are JavaScript folks, front-end folks. So, it is a language I think you definitely need to learn; it's becoming more and more prevalent. If you're going to do any sort of web app, [laugh] you definitely want to know it.So, I'm definitely not saying, “Oh, just learn Java and that's it.” I think there's definitely a need for adding JavaScript to your repertoire. But Java, there does seem to be more jobs, especially the big enterprise-type jobs, in Java.Corey: The reason I ask so much about some of the early-stage stuff is that in your spare time—which it sounds like you have so much of these days—you volunteer with Black Girls Code to help teach coding workshops to young girls in an effort to attract more women and minorities to tech. Which is phenomenal. Few years ago, I was a volunteer instructor for Year Up before people really realized, “Oh, maybe having an instructor who teaches by counterexample isn't necessarily the best approach of teaching folks who are new to the space.”But the curriculum I was given for teaching people how Linux worked and how to build a web servers and the rest, started off with a three-day module on how to use VI, an arcane text editor that no one understands, and the only reason we use it is because we don't know how to quit it.Angie: [laugh].Corey: And that's great and all, but I'm looking at this and my immediate impression was, “We're scrapping that, replacing it with nano,” which is basically what you see is what you get, and something that everyone can understand and appreciate without three days of training. And it felt an awful lot like we're teaching people VI almost as a form of gatekeeping. I'm curious; when you presumably go down the path of teaching people who are brand-new to the space? How do you wind up presenting testing as something that they should start with? Because it feels like a thing you have to know first before you can start building anything at scale, but it resonates, on some level, with feeling like it's, ah, you must be able to learn this religion first; then you'll be able to go and proceed further. How do you square that circle?Angie: Yeah. So, I had the privilege of being an adjunct professor at a college, and I taught Java programming to freshmen. This was really interesting because there's so much to teach, and this is true of all the courses. So, when I say that they don't include it in the curriculum, that's not really that much of a slight on them. Like, it's just so much you have to cover.So I, me, the testing guru, I still couldn't find space to devote an entire sitting, a chapter, or whatever on testing. So, I kind of wove it into my teaching style. So, I would just teach the concept, let's say I'm teaching loops today, and I'll have a little exercise that you do in class. So, we do things together, and then I say, okay, now you try it by yourself. Here's a problem; call me over when you're done.And as they would call me over when they're done, I would break it; I would break their code, right? I'd do some input that they weren't expecting and all of a sudden is broken. And they started expecting me to do this, you know? “She's going to come and she's going to break my stuff.” So, they start thinking themselves, “Let me test it before I give it to my user,” who is Professor Angie, or whatever.So, that's how I taught them that. Same with homework assignments. So, they would submit it, I would treat it like a code review, go through line by line, I didn't have any automated systems to test their homework assignments. I did it like a code review, gave them feedback on how to improve their style, but also I would try to break it and give them, “Here's all the areas that you didn't think of.” So, that was my way of teaching them that quality matters in how to think about beyond the requirement.The requirement is going to say, “Someone needs to be able to log in.” It's not going to give you all of the things that should happen, you know if there's a wrong password, so these are things, as an engineer, you need to think beyond that one line requirement that you've got and realize that this is part of it as well.Corey: So, it's almost a matter of giving people context beyond just the writing of the code, which frankly, seems to be something that's been missing for many aspects of engineering culture for a while, the understanding the people involved, understanding that it is not just you, or your department, or even your company in some cases.Angie: Exactly. And I tried to stress that very heavily in each lecture: who is your end-user? And your end-user cannot see your code, they cannot see your comments in the code that's telling them, “Make sure you input it this way,” or whatever. None of that is seen so you have to be very explicit in your messages, and your intent, and behavior with the end-user.Corey: One last area I wanted to cover with you, when I was doing some research on you before the show, is that you are an IBM Master Inventor, which I had no idea what that was. Is that a term of art? Let me Google it. And it turns out that you have, according to LinkedIn at least, 27 patents in your name. And it's, “Oh.”Yeah, it's one of those areas where you look at something like, what gives someone the hubris to call themselves—or the grounds to call themselves that? And, “Oh, yeah. Oh, they're super accomplished, and they have a demonstrated track record of inventing things that are substantial and meaningful. I guess that would do it.” I'd never heard the term until now. What is that? And how are you that prolific, for lack of a better term?Angie: Yeah, so I used to work at IBM and they're really big on innovation. And I haven't kept track in a while, but for many, many years, they were the number one producer of patents [laugh] of this year or whatever. So, it was kind of in the culture to innovate. Now, I will say, like, a very small percentage of people—employees—there would take it as far as I did to actually go and patent something—[laugh]—Corey: Oh, it's the ‘don't offer if you're not serious,' model.Angie: Yeah. [laugh]. But I mean, it was there; it was a program there where, hey, you got an idea for a software patent? Write it up, we'll have our lawyers, our IP lawyers review it, and then they'll take your little one-page doc and turn it into a twenty-five-page legal document that we submit to the USPTO—United States Patent Trademark Office—who then reviews it and decides if this is novel enough and grants it, or dismisses it. And, “Hey, we'll pay you for these patents. We'll pay for the whole process.” And so I thought, “Heck, why not?”And I kind of got hooked. [laugh]. So, it just so happens that I got a lot of good ideas. And I would collaborate with people from other areas of the business, and it was an excellent way for me to learn about new technologies. If something new was coming out, I would jump on that to explore, play with it, and think about, are there any problems that this technology is not aimed to solve, but if I tweak it in some way, or if I integrate it with some other concept or some other technology, do I get something unique and novel here?And it got to the point where I just started walking through life and as I'm hit with problems—like, I'll give you an example. I'm in the grocery store, right, and this inevitably happens to everyone, what, you choose the wrong line in the grocery store. “This one looks like it's moving, I'm going to go here.” And then the whole time, you're looking to your right, and that line is moving. And you're, like, stuck.Corey: Every single time.Angie: Every time. So, it got—[laugh]—Corey: Toll booths are the same way.Angie: —it got to the point where I started recognizing when I'm frustrated, and say, “This is a problem. How can I use tech to solve this?” And so I, in that problem, I came up with this solution of how I could be able to tell which one of these is the right line to get into. And that consisted of lots of things like scanning the things in everyone's cart. On your cart, you have these smart carts that know what's inside of them, polling the customers' spending or their behavior; so are they going to come up here and send the clerk back to go get cigarettes, or alcohol, or are they going to pull out 50 coupons? Are they going to write a check, which takes longer?So, kind of factoring in all of these habitual behaviors and what's in your cart right now, and determining an overall processing time. And that way, if you display that over each queue, which one would be the fastest to get into. So, things like that is what I started doing and patenting.Corey: Well, my favorite part of that story is that it is clearly a deeply technical insight into this, but you've told the story in a way that someone who is not themselves deeply technical can wrap their heads around. And I just—making sure you're aware of exactly how rare and valuable that particular skill set is. So, often there are people who are so in love with a technology that they cannot explain to another living soul who is not equally in love with that technology. That alone is one of the biggest reasons I wanted to have you on this show was your repeated, demonstrated ability to explain complex things simply in a way that—I know this is anathema for the tech industry—that is not condescending. I come away feeling I understand what you were talking about, now.Angie: Thank you so much. That is one of the skills I pride myself on. When I give talks, I want everyone in that room to understand it, even if they're not technical. And lots of times I've had comments from anyone from, like, the janitor to the folks who are working A/V who, they don't work with computers or anything at all and they've come to me after these talks like, “Okay, I heard a lot of talks in here. Everybody is over my head. I understood everything you said. Thank you.” And yet it's still beneficial to those who are deeply technical as well. Thank you so much for that.Corey: No, it's a very valuable thing and it's what I look for the most. In fact, my last question for you is tying around that exact thing. You have convinced me. I want to learn more about test automation, and learn how this works and with an eye toward possibly one day applying it to some of my crappy nonsense that I'm writing. Other than going on Google and typing in a variety of search terms that will lead me to, probably, a Stack Overflow thread that has been closed as off-topic, but still left up to pollute Google search results, where should I go?Angie: Yeah. So, I've actually started an entire university devoted to testing, and it's called Test Automation Universityand I got my employer, Applitools, to sponsor this, so all of the courses are free.And they are taught by myself as well as other leading experts in the test automation space. So, you know that it's trusted; I vet all of the instructors, I'm very [laugh] involved in going through their material and making sure that it's correct and accurate so the courses are of top quality. We have about a little over 85,000 students at Test Automation University, so you definitely need to become one if you want to learn more about testing. And we cover all of the languages, so Java, JavaScript, Python, Ruby, we have all of the frameworks, we have things around mobile testing, UI testing, unit testing, API testing. So, whatever it is that you need, we got you covered.Corey: You also go further than that; you don't just break it down by language, you break it down by use case. If I—Angie: Yeah.Corey: —look at Python, for example, you've got a Web UI path, you've got an—Angie: Exactly.Corey: API path, you've got a mobile path. It aligns not just with the language but with the use case, in many respects.Angie: Mm-hm.Corey: I'm really glad I asked that question, and we will, of course, include a link to that in the [show notes 00:31:10]. Thank you so much for taking the time to speak with me. If people want to learn more, other than going to Test Automation University, where can they find you?Angie: Mm-hm. So, my website is angiejones.tech—T-E-C-H—and I blog about test automation strategies and techniques there, so lots of good info there. I also keep my calendar of events there, so if you wanted to hear me speak or one of my talks, you can find that information there. And I live on Twitter, so definitely give me a follow. It's @techgirl1908.Corey: And we will, of course, include links to all of that. Thank you so much for being so generous with your time and insight. I really appreciate it.Angie: Yeah, thank you so much for having me. This was fun.Corey: Angie Jones, Java Champion and senior director at Applitools. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you hated this podcast, please leave a five-star review on your podcast platform of choice along with a long, ranting, incoherent comment that fails to save because someone on that platform failed to write a test.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption. [00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ [00:21:48] PHP Git Compromised https://news-web.php.net/php.internals/113838https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a [00:32:24] [Google Chrome] File System Access API vulnerabilities https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome [00:37:58] Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos https://hackerone.com/reports/1034257 [00:42:05] GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook https://securitylab.github.com/advisories/GHSL-2020-323-geek-cookbook-workflow/ [00:47:58] H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c [00:53:27] H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/ [00:57:18] Multiple Authorization bypass issues in Google's Richmedia Studio https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio [01:06:15] DD-WRT UPNP Buffer Overflow https://ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/https://github.com/mirror/dd-wrt/commit/da1d65a2ec471f652c77ae0067544994cdaf5e27 [01:10:36] GHSL-2021-045: Integer Overflow in GLib - [CVE-2021-27219] https://securitylab.github.com/advisories/GHSL-2021-045-g_bytes_new/ [01:14:12] Qualcomm IPQ40xx: Analysis of Critical QSEE Vulnerabilities https://raelize.com/blog/qualcomm-ipq40xx-analysis-of-critical-qsee-vulnerabilities/ [01:22:50] One day short of a full chain: Part 3 - Chrome renderer RCE https://securitylab.github.com/research/one_day_short_of_a_fullchain_renderer/ [01:35:37] Chat Question: Where to learn about Windows Heap exploitation https://dayzerosec.com [01:39:44] Adobe Reader CoolType arbitrary stack manipulation in Type 1/Multiple Master othersubrs 14-18 https://bugs.chromium.org/p/project-zero/issues/detail?id=2131 [01:46:26] Eliminating XSS from WebUI with Trusted Types https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/ [01:54:19] Hidden OAuth attack vectors https://portswigger.net/research/hidden-oauth-attack-vectors [02:03:05] The Future of C Code Review https://research.nccgroup.com/2021/03/23/the-future-of-c-code-review/ [02:15:03] Microsoft Exchange Server-Side Request Forgery [CVE-2021-26855] https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-26855.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

2020 ~ 2021 / masuP.net 2020年に買ってよかったもの / masuP.net 2020年、サイバーエージェントのアクセシビリティを振り返る | CyberAgent Developers Blog SmartHR社でアクセシビリティの技術顧問 / masuP.net Web アクセシビリティの検証ツール「acot」 / masuP.net acot-a11y/acot: Accessibility Testing Framework. More accessible web, all over the world. dequelabs/axe-core: Accessibility engine for automated Web UI testing microsoft/playwright: Node.js library to automate Chromium, Firefox and WebKit with a single API Amazon | エレコム ゲーミングヘッドセット イヤホン 【ARMA】 マイクアーム付 ブラック HS-ARMA50EBK | エレコム | パソコン・周辺機器 通販 2021 BUCKET LIST 正直不動産（１） (ビッグコミックス) | 大谷アキラ, 夏原武, 水野光博 | 青年マンガ | Kindleストア | Amazon 狭小邸宅 (集英社文庫) | 新庄耕 | 日本の小説・文芸 | Kindleストア | Amazon Amazon.co.jp： 不機嫌な妻　無関心な夫うまくいっている夫婦の話し方 eBook: 五百田達成: Kindleストア 僕の心のヤバイやつ　１ (少年チャンピオン・コミックス) | 桜井のりお | 少年マンガ | Kindleストア | Amazon その着せ替え人形は恋をする 1巻 (デジタル版ヤングガンガンコミックス) | 福田晋一 | 青年マンガ | Kindleストア | Amazon スーパーベイビー　１巻 (ラバココミックス) | 丸顔めめ | マンガ | Kindleストア | Amazon

DNS CVE, how to avoid being a jerk of a sysadmin, anecdotes of PowerShell in Teams and Exchange, HP ProCurve nostalgia, and other random topics. Extended show notes available at https://hthpc.com Boot up (Random Topics) Teams notifications don’t adhere to Focus Assist Your DNS is showing, patch now Can be easily mitigated until patches can be applied. - PowerShell "The workaround is compatible with the security update. However, the registry modification will no longer be needed after the update is applied. Best practices dictate that registry modifications be removed when they are no longer needed to prevent potential future impact that could result from running a nonstandard configuration." Modern Auth and Unattended Scripts in Exchange Online PowerShell V2 Dark Web Creds - Enable MFA The big Twitter breach of July 2020 Outlook Outage Microsoft 365 Click-to-Run Current Channel – dating back to June 30’s Version 2006 Build 13001.2026 Patch Management Mailing List CORRECTION: The mailing list is presently a Google Group Office 2013 Support EOL for M365 Office Configuration Support Matrix Don't be "that" Sysadmin Cool your jets at work Steve's patented "five minute reply rule" Inbox rules delaying sent messages In Outlook: "Apply this rule after I send the message: Defer delivery by 2 minutes" Wait before replying to IMs..you'll be amazed at how people solve their own problems Grammar and spelling is important. Do not skimp on this. Don't be a Dingus - DBaD Be objective Misc tips Tiff breaks PowerShell Installing the Teams Preview Module… If the older version is installed, you may not be able to run any Teams CMDlet “Unplanned Outage” (Sponsor section - "Hope this Helps is helped by…") Teams Smells - Smell your coworkers remotely Off Topic People claiming to invent things People who ACTUALLY invent things A brief tangent about FIRST Robotics USELESS OBSOLETE KNOWLEDGE YOU DIDN'T ASK FOR HP Procurve Switches - 2824 and 5406zl Lifetime warranties Random quirks - core switch needs reset after a while for random reasons 2824 Web UI is Java only (with certain security settings disabled), password limit for 2824s is 15 characters max show tech all will output a ton of configuration information for HPE support. Connect via PuTTY with logging enabled to save it to a file. HP ProCurve is now known as HP Networking. That Is Accurate PowerShell's original name was Monad. Exchange 2007 was one of the first products to really take advantage of it. Ask the Stiffs: Question of the Week Do you listen to music while working? With lyrics or without? --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

都内の事業会社で UX デザイナーをしていた ksm さん@ksmxxxxxxがゲスト。肩書きが同じ「UIデザイナー」「UXデザイナー」だったとしても、組織体制や関わるサービスによって仕事範囲は様々。Web デザイン、UI デザイン、そしてユーザーリサーチへと興味の幅を広げる ksm さんの仕事のモチベーションは何か伺いました。 QuarkXPress 肩書きデザイナーでもコードを書く理由 Web と UI のデザインの違いがあるとしたら Material Design Human Interface Guidelines - Design - Apple Developer 自分たちにとっての正しさを意思表示 デザインシステムにある『違和感』 時代に合うデザインとどう向き合うか 想像性と UI デザイン 人のことが知れることの面白さ インタビューの集め方 やってみたいと思うだけでは始まらない タイミングを逃さない 喫煙所コネクション 業務ではない仕事の話ができる場所作り 好奇心が次やるべきことを教えてくれる 価値提供のための手段は選ばない

XCP-ng is an open-source virtualization platform that is hosted in the Linux Foundation. It aims to be the bridge between the user community and the developers, to deliver a product without limits. It has no restrictions on features and all of XCP-ng is available on GitHub. Hosts: Jonathan Bennett and Simon Phipps Guest: Olivier Lambert Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Sponsor: WWT.COM/TWIT

XCP-ng is an open-source virtualization platform that is hosted in the Linux Foundation. It aims to be the bridge between the user community and the developers, to deliver a product without limits. It has no restrictions on features and all of XCP-ng is available on GitHub. Hosts: Jonathan Bennett and Simon Phipps Guest: Olivier Lambert Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Sponsor: WWT.COM/TWIT

XCP-ng is an open-source virtualization platform that is hosted in the Linux Foundation. It aims to be the bridge between the user community and the developers, to deliver a product without limits. It has no restrictions on features and all of XCP-ng is available on GitHub. Hosts: Jonathan Bennett and Simon Phipps Guest: Olivier Lambert Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Sponsor: WWT.COM/TWIT

XCP-ng is an open-source virtualization platform that is hosted in the Linux Foundation. It aims to be the bridge between the user community and the developers, to deliver a product without limits. It has no restrictions on features and all of XCP-ng is available on GitHub. Hosts: Jonathan Bennett and Simon Phipps Guest: Olivier Lambert Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Sponsor: WWT.COM/TWIT

XCP-ng is an open-source virtualization platform that is hosted in the Linux Foundation. It aims to be the bridge between the user community and the developers, to deliver a product without limits. It has no restrictions on features and all of XCP-ng is available on GitHub. Hosts: Jonathan Bennett and Simon Phipps Guest: Olivier Lambert Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Sponsor: WWT.COM/TWIT

XCP-ng is an open-source virtualization platform that is hosted in the Linux Foundation. It aims to be the bridge between the user community and the developers, to deliver a product without limits. It has no restrictions on features and all of XCP-ng is available on GitHub. Hosts: Jonathan Bennett and Simon Phipps Guest: Olivier Lambert Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Sponsor: WWT.COM/TWIT

Un puntata dedicata a capire cos'è Blazor, e quale ruolo può avere nelle nostre applicazioni.Cerchiamo di capire quale sia il giusto contesto di utilizzo, e se fa al nostro caso▸https://dotnet.microsoft.com/apps/aspnet/web-apps/blazor▸https://docs.microsoft.com/en-us/aspnet/core/blazor/?view=aspnetcore-3.0## Articoli e link della settimana:

Want to know how to install, configure and setup GNS3 2.2? Well, these videos show you how. In this first video, I show you how to download the components you require and how to install the GNS3 GUI on Windows 10. We build a basic network using GNS3 version 22. In subsequent videos I'll show you how to use the GNS3 2.2 Web-UI and GNS3 VM and then how to build a network using Cisco VIRL IOS images. ================================= Menu: ================================= Overview: 0:40 Download GNS3: 2:38 Install GNS3 GUI: 4:27 GNS3 start: 7:36 First GNS3 project: 9:10 Change symbols / icons: 10:12 SolarPutty fonts: 11:50 Configure VPCS PCs: 13:24 Save topology: 14:18 Restart GNS3: 14:53 ================================= GNS3 links: ================================= GNS3 website: https://gns3.com/ GNS3 GitHub page: https://github.com/GNS3/gns3-gui/releases Free Solar-PuTTY: http://bit.ly/SolarPutty Free Engineers Toolset: http://bit.ly/gns3toolset ================================= Free Software links: ================================= SolarWinds TFTP Server: http://bit.ly/2mbtD6j WAN Killer: http://bit.ly/wankiller Engineers Toolset: http://bit.ly/gns3toolset IP Address Scanner: http://bit.ly/swipscan Network Device Scanner: http://bit.ly/swnetscan Wifi Heat Map: http://bit.ly/wifiheat Wifi Analyzer: http://bit.ly/swwifianalyzer SolarWinds NPM: http://bit.ly/getnpm ================================ Books: ================================= Cisco Press Book: https://amzn.to/2LpaU1a Good O'Reilly Book: https://amzn.to/2Lpbw6Z 10x Engineer CCNA Cisco Devnet Associate CCNP Enterprise CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional LPIC 1 LPIC 2 Linux Professional Institute LX0-103 LX0-104 XK0-004 David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #gns3 #eveng #virl

Jeremy Grossmann (creator of GNS3) discusses GNS3 2.2 features with David Bombal. Features discussed include Hyper-V support, migration to 2.2, link status and the Web UI. Menu: Link Detection Status: 0:10 Hyper-V support: 4:44 Web-UI: 7:45 New GNS3 VM = Ubuntu 18.04: 10:00 More in the next video Full details here: https://docs.google.com/document/d/1auCG_fHgJrG73iwvQuvONsacknnIYfmayeYRcpt70sE/preview David's details: YouTube: https://www.youtube.com/davidbombal Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co Website: http://www.davidbombal.com #GNS3 #GNS3v2 #GNS3

In this video I show you how to download Cisco IOS images and Cisco VIRL images to run IOSv, IOSvL2 in GNS3 2.2. I can only show you LEGAL ways of doing this. Please DO NOT ask for images that I am unable to provide. Previous videos in this series: Video 1: https://youtu.be/LvLGEKD-oqA Video 2: https://youtu.be/R6fSub4ycTk Video 3: https://youtu.be/anYw9pbAUiI Want to know to install, configure and setup GNS3 2.2? Well, these videos show you. In my first video, I show you how to download the components you require and how to install the GNS3 GUI on Windows 10. We build a basic network with GNS3. In the second video I show you how to use the GNS3 2.2 Web-UI and in this video I show you how to integrate the GNS3 VM with the GNS3 GUI. In the next video I show you how to build a network using Cisco VIRL IOS images. Thank you Jeremy for all your hard work creating and updating GNS3! #gns3 #gns3virl #gns3ios

GNS 2.2 introduces the GNS3 Web-UI! Fantastic news as this is the first step towards only requiring the GNS3 VM and not needing a Windows GNS3 client! Video 1 here: https://youtu.be/LvLGEKD-oqA Video 3: https://youtu.be/anYw9pbAUiI Video 4: https://youtu.be/zUBaLnQwbpA Want to know to install, configure and setup GNS3 2.2? Well, these videos show you. In my first video, I show you how to download the components you require and how to install the GNS3 GUI on Windows 10. We build a basic network with GNS3. In this video I show you how to use the GNS3 2.2 Web-UI and GNS3 VM and then how to build a network using Cisco VIRL IOS images. Thank you Jeremy for all your hard work creating and updating GNS3! #gns3 #gns3webui #gns3web

How do you integrate the GNS3 VM with the GNS3 GUI? This video shows you how. Video 1: https://youtu.be/LvLGEKD-oqA Video 2: https://youtu.be/R6fSub4ycTk Video 4: https://youtu.be/zUBaLnQwbpA Want to know to install, configure and setup GNS3 2.2? Well, these videos show you. In my first video, I show you how to download the components you require and how to install the GNS3 GUI on Windows 10. We build a basic network with GNS3. In the second video I show you how to use the GNS3 2.2 Web-UI and in this video I show you how to integrate the GNS3 VM with the GNS3 GUI. In the next video I show you how to build a network using Cisco VIRL IOS images. Thank you Jeremy for all your hard work creating and updating GNS3! #gns3 #gns3vm #gns3vmware

Want to know to install, configure and setup GNS3 2.2? Well, these videos show you. In this first video, I show you how to download the components you require and how to install the GNS3 GUI on Windows 10. We build a basic network with GNS3. In subsequent videos I'll show you how to use the GNS3 2.2 Web-UI and GNS3 VM and then how to build a network using Cisco VIRL IOS images. Thank you Jeremy for all your hard work creating and updating GNS3! #gns3 #gns3tutorial #gns3vm

Amazing new version of GNS3 coming very soon! Web UI, Hyper-V support, link-state notifications and many other great new features. Jeremy, the creator of GNS3 tells us about the new features in 2.2 What's new in GNS3 2.2 document: http://bit.ly/2DyZ7ZI GNS3 community: https://gns3.com/community/latest The way you host the gns3 vm changes. No longer do you need to use VMware Workstation Pro, but you can run the gns3 vm in Hyper-V instead of being required to be a gns3 vmware user. Lots of changes to qemu in this version as well. It doesn't matter if you are studying for your ccna, ccnp or ccie, GNS3 can help you lab. Menu: GNS3 2.2: 00:38 New GNS3 Web UI: 00:45 REST API / Thick Client / Web UI: 2:00 Dates for 2.2.0 and 2.2.1: 3:57 Will the desktop client still be used: 4:55 Web UI browser support: 6:40 Upgrade process: 7:05 Python requirements: 9:10 Detect when a link is plugged/unplugged for Qemu VMs: 9:51 New way to add template: 17:10 Custom adapters configuration 17:55 Console auto start 18:37 Save state for Qemu VMs 19:11 Hyper-V support for the GNS3 VM (experimental) 21:41 Support for Qemu with HAXM acceleration (experimental) 24:15 Infinity symbols 29:31 Console support for clouds (like Visio) 30:56 Allow to copy Dynamips, IOU, Qemu and Docker templates in preferences 33:17 Support for none console type 33:35 Lock or unlock 34:24 Support for differing grid sizes for nodes and drawings 35:11 Privileged access for uBridge required only when necessary 35:50 Refactored import/export portable project 37:22 Restrict the list of available Ethernet/TAP adapters 38:45 New node information dialog 39:26 The MacOS app is code signed allowing it to pass the Gatekeeper check when the Application is opened. 41:04 Lots of other changes 41:51 APIS 43:35 Date for 2.2.0 and 2.2.1: 44:10 David's details: YouTube: www.youtube.com/davidbombal Twitter: twitter.com/davidbombal Instagram: www.instagram.com/davidbombal/ LinkedinIn: www.linkedin.com/in/davidbombal/ #GNS3 #gns3 #gns3 2.2 #gns3 2.2.0a1 #gns3 2.2.0

We give you the recap of ScALE this year and give you another option to manage your servers from a Web UI. Abraham Ingersoll joins us this hour and we talk about Teleport. Teleport lets you provide seamless and secure access to infrastructure for your org

We give you the recap of ScALE this year and give you another option to manage your servers from a Web UI. Abraham Ingersoll joins us this hour and we talk about Teleport. Teleport lets you provide seamless and secure access to infrastructure for your organization, centrally managed from a simple command-line tool and your existing identity manager. -- Side Notes -- Random Thoughts: Lets not slip into needless complications just because some 'new hotness': http://widgetsandshit.com/teddziuba/2010/10/taco-bell-programming.html Project Highlights: https://www.opensnitch.io/ -- Calls -- Kevin - Best way to edit 4K footage Bruce (Mumble) - Home Automation Telegram Guys - How to install Collabora -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/118) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #AskNoahShow on Freenode! -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

We give you the recap of ScALE this year and give you another option to manage your servers from a Web UI. Abraham Ingersoll joins us this hour and we talk about Teleport. Teleport lets you provide seamless and secure access to infrastructure for your org

In Season 2 Episode 5 we discuss the following: https://lightninghood.com/ https://lightningpowerusers.com/home/ https://bitcoin-only.com/ https://medium.com/@suheb.khan/how-to-ride-the-lightning-447af999dcd2 CasaNode update (numbers, excel sheet) Intro music by Sam Sparro Black & Gold Twitter @Coinicarus Email: FunwithBitcoin@protonmail.com

Recording date: 2018-09-11 Tweet John Papa https://twitter.com/john_papa Ward Bell https://twitter.com/wardbell Brian Holt https://twitter.com/holtbt (0:01:23) "Lady Gaga" writes in for the mailbag (0:03:25) How do we tackle the challenges we face in web development (0:05:55) Brian discusses his view on scaling to human teams (0:06:20) Defining "large" applications, and application size (0:07:10) How the human dimension plays into scale (0:07:15) Scaling Angular http://angular.io/ at Reddit (0:08:10) Brian discusses how you don't miss a business deadline (0:09:40) Communication between engineers, product teams, design teams, and C levels is important (0:09:59) Ward asks how to balance process vs getting things done (0:11:15) Brian talks about his experience with process at Netflix (0:12:57) LinkedIN and having a real Jira expert to set up the process and investing in their tools (0:15:36) DevOps experiences can be very different for Node.js (0:16:25) Brian talks about the importance of getting a full CI pipeline and high code quality (0:17:10) Brian says code doesn't age well, so tools like ESLint help create guidelines (0:17:45) Brian talks about how he uses TypeScript with React https://reactjs.org/ (0:20:55) Brian states "that which you cannot automate, you cannot enforce" (0:22:30) Nit picks and their effect on development (0:23:52) John asks Brian about the usage of Flow https://reactjs.org/docs/static-type-checking.html and TypeScript https://www.typescriptlang.org/ in React (0:29:20) Brian discusses when to delete code and keeping code easier to read (0:30:50) Brian loves opening PRs with more deletion that additions (0:32:00) Ward asks Brian how communication works up and down, and across the component trees in React (0:33:01) Brian talks about Prop drilling https://reactjs.org/docs/components-and-props.html (0:33:37) Brian talks about Flux http://facebook.github.io/flux/docs/overview.html#content and Redux https://redux.js.org/ (0:35:00) Brian tells us about something that's better for data state management (Suspense) (0:35:00) Dan Abramov https://twitter.com/dan_abramov and Suspense in React https://www.youtube.com/watch?v=6g3g0Q_XVb4 (0:37:00) Brian says most of the time context https://reactjs.org/docs/context.html will serve you better than Redux (0:38:30) John says someone to follow is Max Koretskyi - https://twitter.com/maxim_koretskyi https://blog.angularindepth.com/ (0:39:12) Ward says someone to follow is Rick Strahl https://twitter.com/RickStrahl (0:39:12) Rick has a blog post questioning if css/html has evolved far enough https://weblog.west- wind.com/posts/2018/May/31/Web-Code-is-a-solved-Problem-How-about-fixing-Web-UI-next (0:40:39) Brian says someone to follow is Necoline Hubner https://twitter.com/necolinehubner More Resources react https://reactjs.org/ redux https://redux.js.org/ ngrx (redux in Angular) https://medium.com/ngrx vuex (redux in Vue) https://vuex.vuejs.org/ Webpack https://webpack.js.org/ Parcel https://parceljs.org/ React's context API: https://reactjs.org/docs/context.html React’s forthcoming “timeslice” and “suspense” APIs: https://blog.pusher.com/time-slice-suspense-api-react-17/ Maxim Koretsky ("ngWizard”) https://blog.angularindepth.com/@maxim.koretskyi

In this episode of the Voice of Veritas podcast, we’re digging into the truth in information. Your host Glen Simon, Solutions Marketing, Veritas, sits down with Abrar Hussain, Director of Product Management, Veritas, to discuss the top reasons for upgrading to NetBackup 8.1.2. With the new release of NetBackup 8.1.2. you can reduce the time spent on your daily backup management tasks and free up your time to drive innovation within your organization. Here are the top reasons for upgrading to NetBackup 8.1.2 are as follows: Easier to manage Easier to recover Easier to upgrade Easier to automate Easier to plan We’re all about making it easier for our customers! Tune in and find out what Abrar highlights on the top reasons for upgrading to NetBackup. Check it out: veritas.com/netbackup  See omnystudio.com/listener for privacy information.

In this episode of the Voice of Veritas podcast, we’re digging into the truth in information. Your host Sama Bali, Solutions Marketing, Veritas, sits down with Abrar Hussain, Director of Product Management, Veritas the new user experience with the latest release of NetBackup 8.1.2. The new NetBackup user experience has arrived! With the new user experience, we’re bring in all workloads into a modern design. Including: NBU API’s Instant Access Role-based access control Agentless Deployment And More! How can this help those of you using NetBackup on a daily basis? Find out what Abrar highlights on the changes in the NetBackup user experience and user interface. Check it out: veritas.com/netbackup   See omnystudio.com/listener for privacy information.

There is no need to panic...yet. Procrastinators can freely ignore this post, for now. But if you are one of those people who hates scrambling at the last minute, then maybe this will interest you. Waves Microsoft likes to call the significant updates for Dynamics 365 "Waves". They have also announced that there will be two major Waves each year, with minor "ripples" ongoing. The thing about "waves", as you may recall from your last beach trip, is that you cannot stop them. Nor can you slow them, or divert them. If you are in the Dynamics 365 ocean, you cannot avoid them either. Make no mistake, the shit is going to hit your fan. There is also a strong will to get to a single version of Dynamics 365 in the market as soon as possible. This is a good thing for everyone, but "control" will be ceded to Microsoft. The concept of "Optional" is being deprecated. Of course you always have the option to go somewhere else, but Microsoft is actually one of the last players to get here, so you won't find any more "control" elsewhere either. The best way to not get knocked down by a huge wave... is to ride it. Waves Stack Up Big waves that hit the beach did not pop up 50 feet offshore, they actually started miles away. While you are riding the current wave in, the next big wave is already in motion, and they each build on the previous wave. Some small thing in one wave, becomes more significant in the next wave, and critical in the next wave. Good surfers pay attention to the small things in every wave...because they know. A Small Thing It seems like several waves ago that a small thing called "App Designer" quietly made its way onshore. The idea of creating an "App" out of Dynamics 365, and actually "limiting" its power, seemed contrary to how practitioners and users have worked with the product. It also seemed contradictory to the messaging from Microsoft about #freightrains of innovation. Why on earth would we want to "hide" any of it? For us, it was a Godsend, we built a business out of "hiding" stuff, with our previous version of RapidStart CRM, but many were left scratching their heads. Photocells If you have ever looked down at a big city from somewhere high around dusk, you can see a few lights start to come on early, as it grows darker you see more, and once it is completely dark, you can see quite a few... but not all. Many of us involved with Dynamics 365 have our own Photocells; for some of us the light comes on early, for others a little later, and sadly, for too many, the light does not come on at all. Not long ago, you were free to sit in the dark and no one would bother you. But now, you will get hit by a huge wave... in the dark... and probably drown. So while many of us are enjoying a moonlit evening on the beach sipping Piña Coladas watching people drown, I thought I would ruin the entertainment, and toss a small life ring out. I can handle the boos from the crowd. A Life Ring That App Designer thing I mentioned, has had a few more waves roll onto it to augment and clarify its true purpose. What we may have first thought was just a tool for creating granular, role-specific "versions" of Dynamics 365 for subsets of users, has morphed into one of the most critical concepts for Dynamics 365 Customer Engagement. It is also something you will not be able to ignore. A Simple Tick For those of you with your lights on, who have been using App Designer for some time now to create these role-specific apps, you may have noticed an option on the App Properties Tab. For "Client", you have the choice of "Web" or "Unified Interface". This snuck in on one of those waves. From now on, we will call it the "Future Button". If you have already built apps with the App Designer, ticking this option will transport you to the future of Dynamics 365. But, don't tick it yet. First let's take a peek at this future. Unification of an Interface If you have been listening, Microsoft has been ramping up the conversation about what they are calling the "Unified Interface", aka "Unified Client Interface", "UCI", "New UI" and "The other thing that is not the Web UI". While it may feel like this came out of nowhere, it has been steadily building with each wave. The Unified Interface is the UI of the future, and we have actually had it for a while now, behind the curtain. Back in this November post I wrote "For many of you who have seen, or started to deploy, Dynamics 365 V9. You may have noticed that the UI looks a little different. This would be the "Web UI". This is not the New UI, this is a bridge UI. Currently the New UI, is in the background, with this interim UI taking front stage. In the next release, these positions will change and the New UI will be front and center, with the interim UI in the background. By V10, the interim UI will be gone." Well the time has come for one of those predictions, as of now, new Dynamics 365 Customer Engagement deployments will utilize the Unified Interface by default. You can still opt for the now ancient WebUI, but why would you? Okay, there are a few reasons. Cart meet Horse Sooooo, the Unified Interface is not quite feature complete. There are some parts missing from the box. Are they critical? That depends on where you are coming from. If you have been using Dynamics 365 for a while, and already transitioned to V9 and got the new, now old, WebUI, you may have some challenges moving to the Unified Interface today, because of those missing parts. So if it is missing parts, why is it now the default UI for new customers? Because they won't know what they're missing. The good news is that there is another wave, already on the way here, it hits in October, and brings onshore most of the missing parts. Where's that damn Life Ring? So you build things for the Unified Interface, primarily in the App Designer. While still an option, Unified Interface soon will not be. How soon? I would guess, as soon as most customers have moved to the Unified Interface. When will that be? An excellent question, for which there is no answer yet. But you can be sure that the pressure will be ramping up. You might want to get ahead of it. If you are looking for more technical information to make this move, I highly recommend my fellow MVP Jukka's blog, he has way more patience writing the technical stuff than I do. I regularly punt the hard questions to Jukka... keeps my hands clean.

Control flow integrity with HardenedBSD, fixing bufferbloat with OpenBSD’s pf, Bareos Backup Server on FreeBSD, MeetBSD CfP, crypto simplified interface, twitter gems, interesting BSD commits, and more. ##Headlines Silent Fanless FreeBSD Desktop/Server Today I will write about silent fanless FreeBSD desktop or server computer … or NAS … or you name it, it can have multa##Headlines ###Cross-DSO CFI in HardenedBSD Control Flow Integrity, or CFI, raises the bar for attackers aiming to hijack control flow and execute arbitrary code. The llvm compiler toolchain, included and used by default in HardenedBSD 12-CURRENT/amd64, supports forward-edge CFI. Backward-edge CFI support is gained via a tangential feature called SafeStack. Cross-DSO CFI builds upon ASLR and PaX NOEXEC for effectiveness. HardenedBSD supports non-Cross-DSO CFI in base for 12-CURRENT/amd64 and has it enabled for a few individual ports. The term “non-Cross-DSO CFI” means that CFI is enabled for code within an application’s codebase, but not for the shared libraries it depends on. Supporting non-Cross-DSO CFI is an important initial milestone for supporting Cross-DSO CFI, or CFI applied to both shared libraries and applications. This article discusses where HardenedBSD stands with regards to Cross-DSO CFI in base. We have made a lot of progress, yet we’re not even half-way there. Brace yourself: This article is going to be full of references to “Cross-DSO CFI.” Make a drinking game out of it. Or don’t. It’s your call. ;) Using More llvm Toolchain Components CFI requires compiling source files with Link-Time Optimization (LTO). I remembered hearing a few years back that llvm developers were able to compile the entirety of FreeBSD’s source code with LTO. Compiling with LTO produces intermediate object files as LLVM IR bitcode instead of ELF objects. In March of 2017, we started compiling all applications with LTO and non-Cross-DSO CFI. This also enabled ld.lld as the default linker in base since CFI requires lld. Commit f38b51668efcd53b8146789010611a4632cafade made the switch to ld.lld as the default linker while enabling non-Cross-DSO CFI at the same time. Building libraries in base requires applications like ar, ranlib, nm, and objdump. In FreeBSD 12-CURRENT, ar and ranlib are known as “BSD ar” and “BSD ranlib.” In fact, ar and ranlib are the same applications. One is hardlinked to another and the application changes behavior depending on arvgv[0] ending in “ranlib”. The ar, nm, and objdump used in FreeBSD do not support LLVM IR bitcode object files. In preparation for Cross-DSO CFI support, commit fe4bb0104fc75c7216a6dafe2d7db0e3f5fe8257 in October 2017 saw HardenedBSD switching ar, ranlib, nm, and objdump to their respective llvm components. The llvm versions due support LLVM IR bitcode object files (surprise!) There has been some fallout in the ports tree and we’ve added LLVM_AR_UNSAFE and friends to help transition those ports that dislike llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump. With ld.lld, llvm-ar, llvm-ranlib, llvm-nm, and llvm-objdump the default, HardenedBSD has effectively switched to a full llvm compiler toolchain in 12-CURRENT/amd64. Building Libraries With LTO The primary 12-CURRENT development branch in HardenedBSD (hardened/current/master) only builds applications with LTO as mentioned in the secion above. My first attempt at building all static and shared libraries failed due to issues within llvm itself. I reported these issues to FreeBSD. Ed Maste (emaste@), Dimitry Andric (dim@), and llvm’s Rafael Espindola expertly helped address these issues. Various commits within the llvm project by Rafael fully and quickly resolved the issues brought up privately in emails. With llvm fixed, I could now build nearly every library in base with LTO. I noticed, however, that if I kept non-Cross-DSO CFI and SafeStack enabled, all applications would segfault. Even simplistic applications like /bin/ls. Disabling both non-Cross-DSO CFI and SafeStack, but keeping LTO produced a fully functioning world! I have spent the last few months figuring out why enabling either non-Cross-DSO CFI or SafeStack caused issues. This brings us to today. The Sanitizers in FreeBSD FreeBSD brought in all the files required for SafeStack and CFI. When compiling with SafeStack, llvm statically links a full sanitization framework into the application. FreeBSD includes a full copy of the sanitization framework in SafeStack, including the common C++ sanization namespaces. Thus, libclang_rt.safestack included code meant to be shared among all the sanitizers, not just SafeStack. I had naively taken a brute-force approach to setting up the libclang_rt.cfi static library. I copied the Makefile from libclang_rt.safestack and used that as a template for libclang_rt.cfi. This approach was incorrect due to breaking the One Definition Rule (ODR). Essentially, I ended up including a duplicate copy of the C++ classes and sanitizer runtime if both CFI and SafeStack were used. In my Cross-DSO CFI development VM, I now have SafeStack disabled across-the-board and am only compiling in CFI. As of 26 May 2018, an LTO-ified world (libs + apps) works in my limited testing. /bin/ls does not crash anymore! The second major milestone for Cross-DSO CFI has now been reached. Known Issues And Limitations There are a few known issues and regressions. Note that this list of known issues essentially also constitutes a “work-in-progress” and every known issue will be fixed prior to the official launch of Cross-DSO CFI. It seems llvm does not like statically compiling applications with LTO that have a mixture of C and C++ code. /sbin/devd is one of these applications. As such, when Cross-DSO CFI is enabled, devd is compiled as a Position-Independent Executable (PIE). Doing this breaks UFS systems where /usr is on a separate partition. We are currently looking into solving this issue to allow devd to be statically compiled again. NO_SHARED is now unset in the tools build stage (aka, bootstrap-tools, cross-tools). This is related to the static compilation issue above. Unsetting NO_SHARED for to tools build stage is only a band-aid until we can resolve static compliation with LTO. One goal of our Cross-DSO CFI integration work is to be able to support the cfi-icall scheme when dlopen(3) and dlsym(3)/dlfunc(3) is used. This means the runtime linker (RTLD), must be enhanced to know and care about the CFI runtime. This enhancement is not currently implemented, but is planned. When Cross-DSO CFI is enabled, SafeStack is disabled. This is because compiling with Cross-DSO CFI brings in a second copy of the sanitizer runtime, violating the One Definition Rule (ODR). Resolving this issue should be straightforward: Unify the sanitizer runtime into a single common library that both Cross-DSO CFI and SafeStack can link against. When the installed world has Cross-DSO CFI enabled, performing a buildworld with Cross-DSO CFI disabled fails. This is somewhat related to the static compilation issue described above. Current Status I’ve managed to get a Cross-DSO CFI world booting on bare metal (my development laptop) and in a VM. Some applications failed to work. Curiously, Firefox still worked (which also means xorg works). I’m now working through the known issues list, researching and learning. Future Work Fixing pretty much everything in the “Known Issues And Limitations” section. ;P I need to create a static library that includes only a single copy of the common sanitizer framework code. Applications compiled with CFI or SafeStack will then only have a single copy of the framework. Next I will need to integrate support in the RTLD for Cross-DSO CFI. Applications with the cfi-icall scheme enabled that call functions resolved through dlsym(3) currently crash due to the lack of RTLD support. I need to make a design decision as to whether to only support adding cfi-icall whitelist entries only with dlfunc(3) or to also whitelist cfi-icall entries with the more widely used dlsym(3). There’s likely more items in the “TODO” bucket that I am not currently aware of. I’m treading in uncharted territory. I have no firm ETA for any bit of this work. We may gain Cross-DSO CFI support in 2018, but it’s looking like it will be later in either 2019 or 2020. Conclusion I have been working on Cross-DSO CFI support in HardenedBSD for a little over a year now. A lot of progress is being made, yet there’s still some major hurdles to overcome. This work has already helped improve llvm and I hope more commits upstream to both FreeBSD and llvm will happen. We’re getting closer to being able to send out a preliminary Call For Testing (CFT). At the very least, I would like to solve the static linking issues prior to publishing the CFT. Expect it to be published before the end of 2018. I would like to thank Ed Maste, Dimitry Andric, and Rafael Espindola for their help, guidance, and support. iXsystems FreeNAS 11.2-BETAs are starting to appear ###Bareos Backup Server on FreeBSD Ever heard about Bareos? Probably heard about Bacula. Read what is the difference here – Why Bareos forked from Bacula? Bareos (Backup Archiving Recovery Open Sourced) is a network based open source backup solution. It is 100% open source fork of the backup project from bacula.org site. The fork is in development since late 2010 and it has a lot of new features. The source is published on github and licensed under AGPLv3 license. Bareos supports ‘Always Incremental backup which is interesting especially for users with big data. The time and network capacity consuming full backups only have to be taken once. Bareos comes with WebUI for administration tasks and restore file browser. Bareos can backup data to disk and to tape drives as well as tape libraries. It supports compression and encryption both hardware-based (like on LTO tape drives) and software-based. You can also get professional services and support from Bareos as well as Bareos subscription service that provides you access to special quality assured installation packages. I started my sysadmin job with backup system as one of the new responsibilities, so it will be like going back to the roots. As I look on the ‘backup’ market it is more and more popular – especially in cloud oriented environments – to implement various levels of protection like GOLD, SILVER and BRONZE for example. They of course have different retention times, number of backups kept, different RTO and RPO. Below is a example implementation of BRONZE level backups in Bareos. I used 3 groups of A, B and C with FULL backup starting on DAY 0 (A group), DAY 1 (B group) and DAY 2 (C group). This way you still have FULL backups quite often and with 3 groups you can balance the network load. I for the days that we will not be doing FULL backups we will be doing DIFFERENTIAL backups. People often confuse them with INCREMENTAL backups. The difference is that DIFFERENTIAL backups are always against FULL backup, so its always ‘one level of combining’. INCREMENTAL ones are done against last done backup TYPE, so its possible to have 100+ levels of combining against 99 earlier INCREMENTAL backups and the 1 FULL backup. That is why I prefer DIFFERENTIAL ones here, faster recovery. That is all backups is about generally, recovery, some people/companies tend to forget that. The implementation of BRONZE in these three groups is not perfect, but ‘does the job’. I also made ‘simulation’ how these group will overlap at the end/beginning of the month, here is the result. Not bad for my taste. Today I will show you how to install and configure Bareos Server based on FreeBSD operating system. It will be the most simplified setup with all services on single machine: bareos-dir bareos-sd bareos-webui bareos-fd I also assume that in order to provide storage space for the backup data itself You would mount resources from external NFS shares. To get in touch with Bareos terminology and technology check their great Manual in HTML or PDF version depending which format You prefer for reading documentation. Also their FAQ provides a lot of needed answers. Also this diagram may be useful for You to get some grip into the Bareos world. System As every system needs to have its name we will use latin word closest to backup here – replica – for our FreeBSD system hostname. The install would be generally the same as in the FreeBSD Desktop – Part 2 – Install article. Here is our installed FreeBSD system with login prompt.

OpenBSD 6.3 and DragonflyBSD 5.2 are released, bug fix for disappearing files in OpenZFS on Linux (and only Linux), understanding the FreeBSD CPU scheduler, NetBSD on RPI3, thoughts on being a committer for 20 years, and 5 reasons to use FreeBSD in 2018. Headlines OpenBSD 6.3 released Punctual as ever, OpenBSD 6.3 has been releases with the following features/changes: Improved HW support, including: SMP support on OpenBSD/arm64 platforms vmm/vmd improvements: IEEE 802.11 wireless stack improvements Generic network stack improvements Installer improvements Routing daemons and other userland network improvements Security improvements dhclient(8) improvements Assorted improvements OpenSMTPD 6.0.4 OpenSSH 7.7 LibreSSL 2.7.2 DragonFlyBSD 5.2 released Big-ticket items Meltdown and Spectre mitigation support Meltdown isolation and spectre mitigation support added. Meltdown mitigation is automatically enabled for all Intel cpus. Spectre mitigation must be enabled manually via sysctl if desired, using sysctls machdep.spectremitigation and machdep.meltdownmitigation. HAMMER2 H2 has received a very large number of bug fixes and performance improvements. We can now recommend H2 as the default root filesystem in non-clustered mode. Clustered support is not yet available. ipfw Updates Implement state based "redirect", i.e. without using libalias. ipfw now supports all possible ICMP types. Fix ICMPMAXTYPE assumptions (now 40 as of this release). Improved graphics support The drm/i915 kernel driver has been updated to support Intel Coffeelake GPUs Add 24-bit pixel format support to the EFI frame buffer code. Significantly improve fbio support for the "scfb" XOrg driver. This allows EFI frame buffers to be used by X in situations where we do not otherwise support the GPU. Partly implement the FBIOBLANK ioctl for display powersaving. Syscons waits for drm modesetting at appropriate places, avoiding races. + For more details, check out the “All changes since DragonFly 5.0” section. ZFS on Linux bug causes files to disappear A bug in ZoL 0.7.7 caused 0.7.8 to be released just 3 days after the release The bug only impacts Linux, the change that caused the problem was not upstreamed yet, so does not impact ZFS on illumos, FreeBSD, OS X, or Windows The bug can cause files being copied into a directory to not be properly linked to the directory, so they will no longer be listed in the contents of the directory ZoL developers are working on a tool to allow you to recover the data, since no data was actually lost, the files were just not properly registered as part of the directory The bug was introduced in a commit made in February, that attempted to improve performance of datasets created with the case insensitivity option. In an effort to improve performance, they introduced a limit to cap to give up (return ENOSPC) if growing the directory ZAP failed twice. The ZAP is the key-value pair data structure that contains metadata for a directory, including a hash table of the files that are in a directory. When a directory has a large number of files, the ZAP is converted to a FatZAP, and additional space may need to be allocated as additional files are added. Commit cc63068 caused ENOSPC error when copy a large amount of files between two directories. The reason is that the patch limits zap leaf expansion to 2 retries, and return ENOSPC when failed. Finding the root cause of this issue was somewhat hampered by the fact that many people were not able to reproduce the issue. It turns out this was caused by an entirely unrelated change to GNU coreutils. On later versions of GNU Coreutils, the files were returned in a sorted order, resulting in them hitting different buckets in the hash table, and not tripping the retry limit Tools like rsync were unaffected, because they always sort the files before copying If you did not see any ENOSPC errors, you were likely not impacted The intent for limiting retries is to prevent pointlessly growing table to max size when adding a block full of entries with same name in different case in mixed mode. However, it turns out we cannot use any limit on the retry. When we copy files from one directory in readdir order, we are copying in hash order, one leaf block at a time. Which means that if the leaf block in source directory has expanded 6 times, and you copy those entries in that block, by the time you need to expand the leaf in destination directory, you need to expand it 6 times in one go. So any limit on the retry will result in error where it shouldn't. Recommendations for Users from Ryan Yao: The regression makes it so that creating a new file could fail with ENOSPC after which files created in that directory could become orphaned. Existing files seem okay, but I have yet to confirm that myself and I cannot speak for what others know. It is incredibly difficult to reproduce on systems running coreutils 8.23 or later. So far, reports have only come from people using coreutils 8.22 or older. The directory size actually gets incremented for each orphaned file, which makes it wrong after orphan files happen. We will likely have some way to recover the orphaned files (like ext4’s lost+found) and fix the directory sizes in the very near future. Snapshots of the damaged datasets are problematic though. Until we have a subcommand to fix it (not including the snapshots, which we would have to list), the damage can be removed from a system that has it either by rolling back to a snapshot before it happened or creating a new dataset with 0.7.6 (or another release other than 0.7.7), moving everything to the new dataset and destroying the old. That will restore things to pristine condition. It should also be possible to check for pools that are affected, but I have yet to finish my analysis to be certain that no false negatives occur when checking, so I will avoid saying how for now. Writes to existing files cannot trigger this bug, only adding new files to a directory in bulk News Roundup des@’s thoughts on being a FreeBSD committer for 20 years Yesterday was the twentieth anniversary of my FreeBSD commit bit, and tomorrow will be the twentieth anniversary of my first commit. I figured I’d split the difference and write a few words about it today. My level of engagement with the FreeBSD project has varied greatly over the twenty years I’ve been a committer. There have been times when I worked on it full-time, and times when I did not touch it for months. The last few years, health issues and life events have consumed my time and sapped my energy, and my contributions have come in bursts. Commit statistics do not tell the whole story, though: even when not working on FreeBSD directly, I have worked on side projects which, like OpenPAM, may one day find their way into FreeBSD. My contributions have not been limited to code. I was the project’s first Bugmeister; I’ve served on the Security Team for a long time, and have been both Security Officer and Deputy Security Officer; I managed the last four Core Team elections and am doing so again this year. In return, the project has taught me much about programming and software engineering. It taught me code hygiene and the importance of clarity over cleverness; it taught me the ins and outs of revision control; it taught me the importance of good documentation, and how to write it; and it taught me good release engineering practices. Last but not least, it has provided me with the opportunity to work with some of the best people in the field. I have the privilege today to count several of them among my friends. For better or worse, the FreeBSD project has shaped my career and my life. It set me on the path to information security in general and IAA in particular, and opened many a door for me. I would not be where I am now without it. I won’t pretend to be able to tell the future. I don’t know how long I will remain active in the FreeBSD project and community. It could be another twenty years; or it could be ten, or five, or less. All I know is that FreeBSD and I still have things to teach each other, and I don’t intend to call it quits any time soon. iXsystems unveils new TrueNAS M-Series Unified Storage Line San Jose, Calif., April 10, 2018 — iXsystems, the leader in Enterprise Open Source servers and software-defined storage, announced the TrueNAS M40 and M50 as the newest high-performance models in its hybrid, unified storage product line. The TrueNAS M-Series harnesses NVMe and NVDIMM to bring all-flash array performance to the award-winning TrueNAS hybrid arrays. It also includes the Intel® Xeon® Scalable Family of Processors and supports up to 100GbE and 32Gb Fibre Channel networking. Sitting between the all-flash TrueNAS Z50 and the hybrid TrueNAS X-Series in the product line, the TrueNAS M-Series delivers up to 10 Petabytes of highly-available and flash-powered network attached storage and rounds out a comprehensive product set that has a capacity and performance option for every storage budget. Designed for On-Premises & Enterprise Cloud Environments As a unified file, block, and object sharing solution, TrueNAS can meet the needs of file serving, backup, virtualization, media production, and private cloud users thanks to its support for the SMB, NFS, AFP, iSCSI, Fibre Channel, and S3 protocols. At the heart of the TrueNAS M-Series is a custom 4U, dual-controller head unit that supports up to 24 3.5” drives and comes in two models, the M40 and M50, for maximum flexibility and scalability. The TrueNAS M40 uses NVDIMMs for write cache, SSDs for read cache, and up to two external 60-bay expansion shelves that unlock up to 2PB in capacity. The TrueNAS M50 uses NVDIMMs for write caching, NVMe drives for read caching, and up to twelve external 60-bay expansion shelves to scale upwards of 10PB. The dual-controller design provides high-availability failover and non-disruptive upgrades for mission-critical enterprise environments. By design, the TrueNAS M-Series unleashes cutting-edge persistent memory technology for demanding performance and capacity workloads, enabling businesses to accelerate enterprise applications and deploy enterprise private clouds that are twice the capacity of previous TrueNAS models. It also supports replication to the Amazon S3, BackBlaze B2, Google Cloud, and Microsoft Azure cloud platforms and can deliver an object store using the ubiquitous S3 object storage protocol at a fraction of the cost of the public cloud. Fast As a true enterprise storage platform, the TrueNAS M50 supports very demanding performance workloads with up to four active 100GbE ports, 3TB of RAM, 32GB of NVDIMM write cache and up to 15TB of NVMe flash read cache. The TrueNAS M40 and M50 include up to 24/7 and global next-business-day support, putting IT at ease. The modular and tool-less design of the M-Series allows for easy, non-disruptive servicing and upgrading by end-users and support technicians for guaranteed uptime. TrueNAS has US-Based support provided by the engineering team that developed it, offering the rapid response that every enterprise needs. Award-Winning TrueNAS Features Enterprise: Perfectly suited for private clouds and enterprise workloads such as file sharing, backups, M&E, surveillance, and hosting virtual machines. Unified: Utilizes SMB, AFP, NFS for file storage, iSCSI, Fibre Channel and OpenStack Cinder for block storage, and S3-compatible APIs for object storage. Supports every common operating system, hypervisor, and application. Economical: Deploy an enterprise private cloud and reduce storage TCO by 70% over AWS with built-in enterprise-class features such as in-line compression, deduplication, clones, and thin-provisioning. Safe: The OpenZFS file system ensures data integrity with best-in-class replication and snapshotting. Customers can replicate data to the rest of the iXsystems storage lineup and to the public cloud. Reliable: High Availability option with dual hot-swappable controllers for continuous data availability and 99.999% uptime. Familiar: Provision and manage storage with the same simple and powerful WebUI and REST APIs used in all iXsystems storage products, as well as iXsystems’ FreeNAS Software. Certified: TrueNAS has passed the Citrix Ready, VMware Ready, and Veeam Ready certifications, reducing the risk of deploying a virtualized infrastructure. Open: By using industry-standard sharing protocols, the OpenZFS Open Source enterprise file system and FreeNAS, the world’s #1 Open Source storage operating system (and also engineered by iXsystems), TrueNAS is the most open enterprise storage solution on the market. Availability The TrueNAS M40 and M50 will be generally available in April 2018 through the iXsystems global channel partner network. The TrueNAS M-Series starts at under $20,000 USD and can be easily expanded using a linear “per terabyte” pricing model. With typical compression, a Petabtye can be stored for under $100,000 USD. TrueNAS comes with an all-inclusive software suite that provides NFS, Windows SMB, iSCSI, snapshots, clones and replication. For more information, visit www.ixsystems.com/TrueNAS TrueNAS M-Series What's New Video Understanding and tuning the FreeBSD Scheduler ``` Occasionally I noticed that the system would not quickly process the tasks i need done, but instead prefer other, longrunning tasks. I figured it must be related to the scheduler, and decided it hates me. A closer look shows the behaviour as follows (single CPU): Lets run an I/O-active task, e.g, postgres VACUUM that would continuously read from big files (while doing compute as well [1]): pool alloc free read write read write cache - - - - - - ada1s4 7.08G 10.9G 1.58K 0 12.9M 0 Now start an endless loop: while true; do :; done And the effect is: pool alloc free read write read write cache - - - - - - ada1s4 7.08G 10.9G 9 0 76.8K 0 The VACUUM gets almost stuck! This figures with WCPU in "top": PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 85583 root 99 0 7044K 1944K RUN 1:06 92.21% bash 53005 pgsql 52 0 620M 91856K RUN 5:47 0.50% postgres Hacking on kern.sched.quantum makes it quite a bit better: sysctl kern.sched.quantum=1 kern.sched.quantum: 94488 -> 7874 pool alloc free read write read write cache - - - - - - ada1s4 7.08G 10.9G 395 0 3.12M 0 PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 85583 root 94 0 7044K 1944K RUN 4:13 70.80% bash 53005 pgsql 52 0 276M 91856K RUN 5:52 11.83% postgres Now, as usual, the "root-cause" questions arise: What exactly does this "quantum"? Is this solution a workaround, i.e. actually something else is wrong, and has it tradeoff in other situations? Or otherwise, why is such a default value chosen, which appears to be ill-deceived? The docs for the quantum parameter are a bit unsatisfying - they say its the max num of ticks a process gets - and what happens when they're exhausted? If by default the endless loop is actually allowed to continue running for 94k ticks (or 94ms, more likely) uninterrupted, then that explains the perceived behaviour - buts thats certainly not what a scheduler should do when other procs are ready to run. 11.1-RELEASE-p7, kern.hz=200. Switching tickless mode on or off does not influence the matter. Starting the endless loop with "nice" does not influence the matter. [1] A pure-I/O job without compute load, like "dd", does not show this behaviour. Also, when other tasks are running, the unjust behaviour is not so stongly pronounced. ``` aarch64 support added I have committed about adding initial support for aarch64. booting log on RaspberryPI3: ``` boot NetBSD/evbarm (aarch64) Drop to EL1...OK Creating VA=PA tables Creating KSEG tables Creating KVA=PA tables Creating devmap tables MMU Enable...OK VSTART = ffffffc000001ff4 FDT devmap cpufunc bootstrap consinit ok uboot: args 0x3ab46000, 0, 0, 0 NetBSD/evbarm (fdt) booting ... FDT /memory [0] @ 0x0 size 0x3b000000 MEM: add 0-3b000000 MEM: res 0-1000 MEM: res 3ab46000-3ab4a000 Usable memory: 1000 - 3ab45fff 3ab4a000 - 3affffff initarm: kernel phys start 1000000 end 17bd000 MEM: res 1000000-17bd000 bootargs: root=axe0 1000 - ffffff 17bd000 - 3ab45fff 3ab4a000 - 3affffff ------------------------------------------ kern_vtopdiff = 0xffffffbfff000000 physical_start = 0x0000000000001000 kernel_start_phys = 0x0000000001000000 kernel_end_phys = 0x00000000017bd000 physical_end = 0x000000003ab45000 VM_MIN_KERNEL_ADDRESS = 0xffffffc000000000 kernel_start_l2 = 0xffffffc000000000 kernel_start = 0xffffffc000000000 kernel_end = 0xffffffc0007bd000 kernel_end_l2 = 0xffffffc000800000 (kernel va area) (devmap va area) VM_MAX_KERNEL_ADDRESS = 0xffffffffffe00000 ------------------------------------------ Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 The NetBSD Foundation, Inc. All rights reserved. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 total memory = 936 MB avail memory = 877 MB … Starting local daemons:. Updating motd. Starting sshd. Starting inetd. Starting cron. The following components reported failures: /etc/rc.d/swap2 See /var/run/rc.log for more information. Fri Mar 30 12:35:31 JST 2018 NetBSD/evbarm (rpi3) (console) login: root Last login: Fri Mar 30 12:30:24 2018 on console rpi3# uname -ap NetBSD rpi3 8.99.14 NetBSD 8.99.14 (RPI64) #11: Fri Mar 30 12:34:19 JST 2018 ryo@moveq:/usr/home/ryo/tmp/netbsd-src-ryo-wip/sys/arch/evbarm/compile/RPI64 evbarm aarch64 rpi3# ``` Now, multiuser mode works stably on fdt based boards (RPI3,SUNXI,TEGRA). But there are still some problems, more time is required for release. also SMP is not yet. See sys/arch/aarch64/aarch64/TODO for more detail. Especially the problems around TLS of rtld, and C++ stack unwindings are too difficult for me to solve, I give up and need someone's help (^o^)/ Since C++ doesn't work, ATF also doesn't work. If the ATF works, it will clarify more issues. sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. One evbarm/conf/GENERIC64 kernel binary supports all fdt (bcm2837,sunxi,tegra) based boards. While on 32bit, sys/arch/evbarm/conf/GENERIC will support all fdt based boards...but doesn't work yet. (WIP) My deepest appreciation goes to Tohru Nishimura (nisimura@) whose writes vector handlers, context switchings, and so on. and his comments and suggestions were innumerably valuable. I would also like to thank Nick Hudson (skrll@) and Jared McNeill (jmcneill@) whose added support FDT and integrated into evbarm. Finally, I would like to thank Matt Thomas (matt@) whose commited aarch64 toolchains and preliminary support for aarch64. Beastie Bits 5 Reasons to Use FreeBSD in 2018 Rewriting Intel gigabit network driver in Rust Recruiting to make Elastic Search on FreeBSD better Windows Server 2019 Preview, in bhyve on FreeBSD “SSH Mastery, 2nd ed” in hardcover Feedback/Questions Jason - ZFS Transfer option Luis - ZFS Pools ClonOS Michael - Tech Conferences anonymous - BSD trash on removable drives Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv