Podcasts about JavaScript

This is a recap of the top 10 posts on Hacker News on December 04, 2025. This podcast was generated by wondercraft.ai (00:30): It's time to free JavaScript (2024)Original post: https://news.ycombinator.com/item?id=46145365&utm_source=wondercraft_ai(01:55): Why are 38 percent of Stanford students saying they're disabled?Original post: https://news.ycombinator.com/item?id=46150715&utm_source=wondercraft_ai(03:20): PGlite – Embeddable PostgresOriginal post: https://news.ycombinator.com/item?id=46146133&utm_source=wondercraft_ai(04:46): How elites could shape mass preferences as AI reduces persuasion costsOriginal post: https://news.ycombinator.com/item?id=46145180&utm_source=wondercraft_ai(06:11): Average DRAM price in USD over last 18 monthsOriginal post: https://news.ycombinator.com/item?id=46142100&utm_source=wondercraft_ai(07:36): I ignore the spotlight as a staff engineerOriginal post: https://news.ycombinator.com/item?id=46146451&utm_source=wondercraft_ai(09:02): Unreal Tournament 2004 is backOriginal post: https://news.ycombinator.com/item?id=46145834&utm_source=wondercraft_ai(10:27): Transparent leadership beats servant leadershipOriginal post: https://news.ycombinator.com/item?id=46147540&utm_source=wondercraft_ai(11:52): Microsoft drops AI sales targets in half after salespeople miss their quotasOriginal post: https://news.ycombinator.com/item?id=46148748&utm_source=wondercraft_ai(13:18): RAM is so expensive, Samsung won't even sell it to SamsungOriginal post: https://news.ycombinator.com/item?id=46147353&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Im Podcast kränkelt's: Bei Cloudflare gab es einen dreistündigen Schluckauf, der Co-Host hat Hustenanfälle und Würmer befielen mal wieder NPM. Christopher und Sylvester schauen sich ausgiebig an, was die zweite Ausgabe der Javascript-Schadsoftware "Sha1-Hulud" anders macht als die erste und befassen sich auch noch einmal mit "Glassworm", einem Thema der letzten Folgen. Dort ist im Nachhinein unklar, ob es sich tatsächlich um einen Wurm handelt oder vielleicht eher ein Botnet, wie Christopher mutmaßt. Doch auch der dreistündige Ausfall bei Cloudflare steht auf der Tagesordnung - mit ungewohnt viel Lob der Hosts! - und ob Whatsapp wirklich das größte Datenleck der Geschichte hatte, ergründen die beiden heise-Redakteure ebenfalls. - Cloudflare zum Ausfall am 18. November: https://blog.cloudflare.com/18-november-2025-outage/ - Threema zum WhatsApp-Scraping: https://threema.com/de/blog/whatsapp-datenleck-2025 - Trend Micros technische Analyse von Shai Hulud 2.0: https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html - Expel zu Cache Smuggling: https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/ - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de

Episode Highlights[00:00:48] What Makes Software MaintainableDon explains why unnecessary complexity is the biggest barrier to maintainability, drawing on themes from A Philosophy of Software Design.[00:03:14] The Cost of Clever AbstractionsA real story from a Node.js API shows how an unused abstraction layer around MongoDB made everything harder without delivering value.[00:04:00] Shaping Teams and Developer ToolsDon describes the structure of the Search Craft engineering team and how the product grew out of recurring pain points in client projects.[00:06:36] Reducing Complexity Through SDK and Infra DesignWhy Search Craft intentionally limits configuration to keep setup fast and predictable.[00:08:33] Lessons From ConsultingRobby and Don compare consulting and product work, including how each environment shapes developers differently.[00:15:34] Inherited Software and Abandoned DependenciesDon shares the problems that crop up when community packages fall behind—especially in ecosystems like React Native.[00:18:00] Evaluating Third-Party LibrariesSignals Don looks for before adopting a dependency: adoption, update cadence, issue activity, and whether the library is “done.”[00:19:40] Designing Code That Remains UnderstandableWhy clear project structure and idiomatic naming matter more than cleverness.[00:20:29] RFCs as a Cultural AnchorHow Don's team uses RFCs to align on significant changes and avoid decision churn.[00:23:00] Documentation That Adds ContextDocumentation should explain why, not echo code. Don walks through how his team approaches this.[00:24:11] Type Systems and MaintainabilityHow Don's journey from PHP and JavaScript to TypeScript and Rust changed his approach to structure and communication.[00:27:05] Testing With TypesStable type contracts make tests cleaner and less ambiguous.[00:27:45] Building Trust in AI SystemsDon discusses repeatability, hallucinations, and why tools like MCP matter for grounding LLM behavior.[00:29:28] AI in Developer ToolsSearch Craft's MCP server lets developers talk to the platform conversationally instead of hunting through docs.[00:33:21] Improving Legacy Systems SlowlyThe Strangler pattern as a practical way to replace old systems one endpoint at a time.[00:34:11] Deep Work and Reducing Reactive NoiseDon encourages developers to carve out time for uninterrupted thinking rather than bouncing between notifications.[00:36:09] Measuring ProgressBuild times, test speeds, and coverage provide signals teams can use to track actual improvement.[00:38:24] Changing Opinions Over a CareerWhy Don eventually embraced TypeScript after originally writing it off.[00:39:15] Industry Trends and Repeating CyclesSPAs, server rendering, and the familiar pendulum swing in web architecture.[00:41:26] Experimentation and Team AutonomyHow POCs and side projects surface organically within Don's team.[00:44:42] Growing Skills Through Intentional GoalsSetting learning targets in 1:1s to support long-term developer growth.[00:47:19] Where to Find DonLinkedIn, Blue Sky, and his site: donmckinnon.dev.Resources MentionedA Philosophy of Software Design by John OusterhoutJohn Ousterhout's Maintainable.fm Interview (Episode 131)Search CraftElasticAlgoliaWordPress Plugin DirectoryRequest for Comments (RFC)Strangler Fig PatternC2 WikiModel Context Protocol (MCP)Glam AIAubrey/Maturin Series by Patrick O'BrianMaster and Commanderdonmckinnon.devThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

Scott and CJ sit down live at JSNation NYC with Iwo Plaza, creator of TypeGPU, to dig into how WebGPU is unlocking a new wave of graphics and compute power on the web. They chat about shader authoring in TypeScript, the future of GPU-powered AI in the browser, and what it takes to build a killer developer-friendly graphics library. Show Notes 00:00 Welcome to Syntax! 00:32 What is TypeGPU? High-level overview and why it exists 01:20 WebGPU vs WebGL – the new era of GPU access on the web 01:47 Why shader languages are hard + making them accessible 02:24 Iwo's background in C++, OpenGL, and discovering JS 03:06 Sharing graphics work on the web vs native platforms 03:29 WebGPU frustrations that inspired TypeGPU 04:17 Making GPU–CPU data exchange easier with Zod-like schemas 05:01 Writing shaders in JavaScript + the unified type system 05:38 How the “use_gpu” directive works under the hood 06:05 Building a compiler that turns TypeScript into shader code 07:00 Type inference, primitives, structs, and TypeScript magic 08:21 Leveraging existing tooling via Unplugin + bundler integration 09:15 How TypeGPU extracts ASTs and generates TinyEST metadata 10:10 Runtime shader generation vs build-time macros 11:07 How the AST is traversed + maintaining transparency in output 11:43 Example projects like Jelly Shader and community reception 12:05 Brought to you by Sentry.io 12:30 Does TypeGPU replace 3JS? How it fits the existing ecosystem 13:20 Low-level control vs high-level abstractions 14:04 Upcoming Three.js integration – plugging TypeGPU into materials compute shaders 15:34 Making GPU development more approachable 16:26 Docs, examples, and the philosophy behind TypeGPU documentation 17:03 Building features by building examples first 18:13 Using examples as a test suite + how docs shape API design 19:00 Docs as a forcing function for intuitive APIs 20:21 GPU for AI – browser inference and future abstractions 21:11 How AI examples inform new libraries (noise, inference, etc.) 21:57 Keeping the core package small and flexible 22:44 Building “TypeGPU AI”-style extensions without bloating the core 23:07 The cost of AI examples and building everything from scratch 23:41 Standard library design and future of the ecosystem 24:04 Closing thoughts from Iwo – OSS, GPU renaissance, and encouragement 24:34 Sick Picks & Shameless Plugs Sick Picks Iwo: Perogies Shameless Plugs Iwo: Syntax Podcast Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Muita gente ainda teme o avanço da tecnologia, mas a verdade é que o que ameaça carreiras não são as ferramentas novas, e sim a falta de adaptação. Neste episódio do Papo Reto, eu compartilho reflexões e histórias reais sobre como evoluir junto com a tecnologia é o que mantém qualquer profissional relevante no longo prazo.Trago minha jornada desde 2005, quando vivi a ascensão e o fim do Adobe Flash e precisei me reinventar aprendendo HTML, CSS, JavaScript, UX, mobile e, mais tarde, liderança. Com todas essas mudanças, ficou claro para mim que ferramentas são temporárias, mas a habilidade de aprender é permanente.Também falo sobre o impacto da inteligência artificial no trabalho e explico por que ela não substitui criatividade, pensamento crítico, empatia e visão estratégica. A IA muda processos, mas não muda o valor do humano que pensa e sente.Ao longo do episódio, você vai encontrar um guia prático sobre como lidar com a evolução tecnológica: estudar constantemente, usar a tecnologia como aliada, ter humildade para recomeçar e desenvolver uma mentalidade adaptativa. O futuro recompensa quem aprende rápido, não quem se apega ao que já domina.Este é um convite para abandonar o medo, cultivar curiosidade e enxergar a tecnologia como parceira de crescimento. Quem escolhe evoluir com o tempo sempre encontra espaço no mercado.Mentoria Luan Mateus ⁠⁠⁠⁠https://mentoria.papodeux.com.br⁠⁠⁠⁠News do Papo ⁠⁠⁠⁠⁠⁠⁠https://papodeux.substack.com⁠⁠⁠⁠⁠⁠⁠Instagram ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠http://instagram.com/papodeux/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠YouTube ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/@papodeux⁠⁠⁠⁠⁠⁠⁠⁠⁠

Netlify's CEO, Matt Biilmann, reveals a seismic shift nobody saw coming: 16,000 daily signups—five times last year's rate—and 96% aren't coming from AI coding tools. They're everyday people accidentally building React apps through ChatGPT, then discovering they need somewhere to deploy them. The addressable market for developer tools just exploded from 17 million JavaScript developers to 3 billion spreadsheet users, but only if your product speaks fluent AI—which is why Netlify's founder now submits pull requests he built entirely through prompting, never touching code himself, and why 25% of users immediately copy error messages to LLMs instead of debugging manually. The web isn't dying to agents; it's being reborn by them, with CEOs coding again and non-developers shipping production apps while the entire economics of software—from perpetual licenses to subscriptions to pure usage—gets rewritten in real-time.Follow Matt Biilmann on X: https://x.com/biilmannFollow Martin Casado on X: https://x.com/martin_casadoFollow Erik Torenberg on X: https://x.com/eriktorenberg  Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts. Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, the host addresses a previous mistake in naming a company involved in a breach, correcting SitusAMC for Ascensus, and extends apologies. Key topics include US banks assessing a breach fallout from financial tech vendor SitusAMC, ransomware group CioP targeting Broadcom through Oracle's vulnerabilities, a new malware campaign hiding in Blender 3D models named SteelC, supply chain attacks in the JavaScript ecosystem through NPM packages with Shai-Hulud malware, and a phishing scam using lookalike domains to deceive Microsoft account holders. Listeners are reminded to manually type URLs to avoid phishing scams, and are informed about the Thanksgiving weekend schedule change. 00:00 Introduction and Apology 01:26 Cybersecurity Headlines 02:13 US Banks Data Theft Incident 03:44 Broadcom and Oracle ERP Breach 05:29 Blender Malware Campaign 07:45 Shai-Hulud NPM Package Attack 09:41 Phishing Campaign Targeting Microsoft Accounts 11:39 Final Thoughts and Thanksgiving Wishes

In today's podcast, I'm talking about some important things for small business owners – in particular those of you that work in your own show (business) As small business owners, we often start the day fighting fires, staring at the “burning embers” of yesterday's problems. This leads to overwhelm, analysis paralysis, and the feeling that you need 100% of the information before you can move an inch. In this latest update, I tackle two critical components for future-proofing your business: The Speed of Decision Making and The Leverage of AI. Here are the specific questions this episode answers: 1. Why am I stuck and unable to move forward?You are likely treating every choice as a life-or-death situation. The episode explains why “waiting for all the information” is killing your momentum and why competitors won’t wait for you to be thorough. 2. What is the difference between a “One-Way” and a “Two-Way” door?Richard breaks down this vital management theory. He explains how to distinguish between irreversible decisions (firing staff, killing a product line) and reversible ones (hiring, testing a new method). The key to growth? Make the reversible decisions immediately. Just do it. 3. How can I safely test new ideas without risking the business?Treat new marketing or product launches as a “side hustle within your business.” If the door swings both ways, the cost of waiting is usually higher than the cost of fixing a mistake later. 4. How can AI act as a “Highly Qualified Helper” for my team?Beyond just writing emails, how to create custom AI tools that do a “deep dive” into your specific company policies and expectations, guiding staff and solving client issues exactly how you would. 5. Can I build a “Virtual Board of Directors”?Yes. The episode answers how you can use AI models to build a portfolio of knowledge uploading the works of figures like Lincoln, Edison, or Darwin to act as a virtual peer group when you need advice on a difficult problem. You can choose who you want – even me. But then again I do swear a lot. Listen to the full episode to learn how to stop overthinking and start automating. Ready to get a “shimmy on” with your business growth?If you are a small business owner looking for hands-on help to implement these decision frameworks and AI tools, get in touch using the form below. Get In Touch Please enable JavaScript in your browser to complete this form.Name *Email *Subject *Comment or Message *PhoneSend Message

Parce que… c'est l'épisode 0x670! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2025 - SSTIC 2026 Description Ce podcast réunit François Proulx, Alexis Maurer-Fortin et Sébastien Graveline, chercheurs chez BoostSecurity, une startup montréalaise spécialisée en sécurité applicative. L'épisode explore les coulisses de leur travail de recherche et développement, particulièrement leurs découvertes récentes sur les vulnérabilités de type “race condition” dans les pipelines CI/CD. Structure et méthodologie de recherche L'équipe de recherche de BoostSecurity fonctionne de manière structurée mais flexible. François Proulx définit les grandes orientations annuelles basées sur les tendances émergentes et les apprentissages de l'année précédente. Alexis apporte son expertise en développement backend et son approche défensive, tandis que Sébastien, joueur avide de CTF, contribue avec une perspective offensive de red team. Garance, absente lors de l'enregistrement, assure la rigueur académique en effectuant des revues approfondies de la littérature scientifique. Infrastructure de recherche massive L'équipe a développé une infrastructure impressionnante pour la détection de vulnérabilités à grande échelle. Au cœur de leur système se trouve Poutine, un outil open source développé en Go pour scanner les pipelines de build, particulièrement les GitHub Actions. Cette infrastructure analyse continuellement l'écosystème open source, accumulant plusieurs téraoctets de données sur des millions de projets. Leur système “Threat Hunter” ingère en quasi-temps réel tous les événements publics sur GitHub avec un délai d'environ cinq minutes, capturant même les dépôts éphémères qui n'existent que brièvement. Cette capacité leur permet de détecter des attaques en cours, comme l'attaque par “confused deputy” de Kong qu'ils ont pu capturer et analyser. Les données sont stockées dans Google Cloud BigQuery, permettant des analyses complexes qui auraient autrefois nécessité des semaines de travail. Découverte d'une nouvelle technique de malware François décrit une découverte récente concernant une technique d'obfuscation utilisant les “Private Use Areas” d'Unicode. Ces plages de caractères, réservées mais jamais attribuées officiellement, permettent d'encoder des données arbitraires dans des chaînes de caractères invisibles. Un malware peut ainsi être caché dans du code source JavaScript, Python ou Go sans être visible dans les éditeurs standards comme Visual Studio Code. En réponse, l'équipe a développé “Puant”, un outil open source capable de scanner efficacement des millions de fichiers en quelques secondes pour détecter l'utilisation de ces caractères suspects. L'outil peut s'intégrer facilement dans les pipelines CI/CD pour bloquer du code contenant ces caractères invisibles lors de la révision de pull requests. Vulnérabilités “Time of Check, Time of Use” dans les pipelines CI/CD La découverte majeure présentée concerne une classe de vulnérabilités de type “race condition” appliquée aux build pipelines. L'équipe a identifié six cas significatifs affectant des entreprises comme Nvidia, GitHub Copilot et Jupyter Notebook. Le premier cas découvert impliquait le “copy-pr-bot” de Nvidia. Ce bot copie le code d'une pull request dans une branche dédiée après qu'un mainteneur ait commenté “ok to test”. L'équipe a découvert une fenêtre d'environ cinq secondes entre la commande du mainteneur et l'exécution du bot, pendant laquelle un attaquant pouvait modifier le code malicieusement puis le rétablir, rendant l'attaque invisible. Pour GitHub Copilot, la vulnérabilité était encore plus exploitable manuellement. Lorsqu'un mainteneur assignait Copilot pour résoudre un bug décrit dans une issue, un attaquant pouvait modifier les instructions pendant la race condition, demandant au bot d'insérer une backdoor tout en affichant une tâche légitime à l'écran. Le cas de Jupyter Notebook était particulièrement ironique : la vulnérabilité résidait dans le code de mitigation d'une race condition précédemment rapportée. La correction initiale présentait une erreur typographique dans la référence temporelle utilisée, rendant la mitigation complètement inefficace. Recommandations et mitigations L'équipe propose plusieurs stratégies de mitigation. La plus importante consiste à utiliser des mécanismes atomiques qui lient l'approbation du mainteneur à un commit SHA spécifique. GitHub offre la fonctionnalité “Pull Request Review” qui garantit cette atomicité, contrairement aux simples commentaires ou labels qui restent vulnérables aux race conditions. Les environnements GitHub constituent une autre défense robuste. Ils permettent de définir des règles d'approbation liées à des commits précis et de limiter l'accès aux secrets sensibles. L'équipe recommande fortement de restreindre la permission “Workflow Write”, qui permet de modifier les workflows GitHub Actions, car elle amplifie considérablement l'impact potentiel d'une attaque. Finalement, l'adoption du principe “fail-close” plutôt que “fail-open” est essentielle : en cas d'erreur inattendue, le système doit arrêter l'exécution plutôt que de continuer. Des outils comme Poutine peuvent scanner automatiquement les workflows pour détecter ces vulnérabilités avant leur déploiement. D'ailleurs, une recherche académique récente a identifié Poutine comme l'un des meilleurs outils du domaine, particulièrement pour son excellent ratio signal/bruit. Impact de l'intelligence artificielle L'équipe observe que l'IA générative crée involontairement de nouvelles vulnérabilités. Certains pipelines vulnérables qu'ils ont découverts provenaient clairement de code généré automatiquement, créant ainsi de nouvelles chaînes d'attaque dans la supply chain logicielle. Cette conversation met en lumière l'importance croissante de la sécurité des pipelines CI/CD dans l'écosystème open source moderne, où l'automatisation accrue multiplie les vecteurs d'attaque potentiels. Notes Split-Second Side Doors: How Bot-Delegated TOCTOU Breaks The CI/CD Threat Model Collaborateurs Nicolas-Loïc Fortin Alexis-Maurer Fortin Sébastien Graveline François Proulx Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

In this episode of the Option Alpha podcast, Kirk sits down with his business partner and fellow founder, Jack Slocum, to share the full story behind Jack's journey as a trader, developer, and entrepreneur. Jack talks about how he first turned to options trading to generate extra income for his family, how his early experiences “crashed and burned,” and why he has spent years since then learning as much as possible about markets and risk. Tune in now! How Jack First Got Into Options Trading:Jack says his options journey started as a father looking to make extra income to support his family.From Tech Builder to Trading:Before options, Jack's primary background was in technology and building companies.He created a JavaScript framework originally called EXTJS, later part of Sencha, which allowed developers to build full web applications in the browser.The framework became widely adopted, with usage by 8 out of the top 10 financial institutions and over 70% of Fortune 500 companies.Jack emphasizes that the community was the strength of that project: developers shared what they were building and provided the core toolkit with their own “extensions.”Faith, Mindset, and Staying Inspired Through Drawdowns:He credits his Lord and Savior, Jesus Christ, for his determination, passion, and success.He says this gives him a resilient state he can tap into no matter what is happening.Kirk shares a mindset he learned from Jack: instead of saying “we can't,” ask “how could we?”Jack connects this to his belief that all things are possible for someone who believes.He says reframing problems this way opens the door to solutions instead of shutting them down.Key Trading Principles Jack Follows Now:Jack says the most important principle is never to enter a trade unless you are willing to take the maximum loss.In the past, he entered trades assuming he could always get out before max loss, which led to huge losses.He rarely uses stop losses as a guarantee because during big moves, spreads widen, and fills can be much worse than planned.An example of his opening range breakout bot, which sometimes risks $925 to make $75 and makes him uneasy.He prefers to run a mix of strategies, including both higher-probability, smaller payoff setups and lower-probability, larger-payoff setups.Jack says every trade should have a clear, logical reason behind it, and not be fear based.Using His Own Platform to Design the Future of Automation:At his old company, he would build a real app with new features before a release to find issues.Now, he trades daily on Option Alpha and uses that experience to see what needs to be added or improved.Watch the full interview here

In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at SitusAMC, where the ALFV ransomware group claimed to have stolen three terabytes of data. CIOP has targeted Broadcom through Oracle's E-Business Suite vulnerabilities. A new malware campaign hides inside Blender 3D models, exploiting the auto-run feature to deploy Steel C malware. The JavaScript ecosystem faces a supply chain attack from the Shai-Hulud malware compromising 500 NPM packages. Additionally, a phishing campaign leveraging visual deception with look-alike domains is targeting Microsoft account holders. The show is brought to you by Meter, which provides integrated networking solutions. 00:00 Introduction and Sponsor Message 00:21 US Banks Data Theft Incident 02:24 Broadcom and Oracle ERP Breach 04:09 Blender Files Supply Chain Attack 06:24 NPM Packages Compromised 08:21 Phishing Campaign Targeting Microsoft Accounts 10:19 Conclusion and Sponsor Message

In this episode, we dive into NASA's first test flight of the ultra-quiet X-59 supersonic jet, explore the futuristic Phantom transparent 4K monitor, and break down World Labs' breakthrough 3D world-modeling AI. We also cover TypeScript's unexpected rise in the AI era, the world's first mass delivery of humanoid factory workers, and how you can now run powerful open-source AI models locally. It's a packed show full of aviation, robotics, and cutting-edge tech that's reshaping the future. Want to be a Guest on a Podcast or YouTube Channel? Sign up for GuestMatch.Pro Thinking of buying a Starlink? Use my link to support the show. Don’t tell me you’ve been using the same password for every site? You’ll thank me later, Get 1Password. Subscribe to the Newsletter. Email Ray if you want to get in touch! Like and Follow Geek News Central’s Facebook Page. Support my Show Sponsor: Best Godaddy Promo Codes $11.99 – For a New Domain Name cjcfs3geek $6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h $12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w Support the show by becoming a Geek News Central Insider Full Summary In episode 1852 of the Geek News Central podcast, host Ray Cochrane welcomes listeners back after a brief hiatus, explaining the delay due to personal and professional commitments. He kicks off the show by discussing an exciting breakthrough from NASA: the successful test flight of the X-59, an experimental aircraft designed to quiet the sonic boom, potentially paving the way for commercial supersonic flight over land. Ray notes that the X-59, which resembles a swordfish, recently completed its first test flight in California, focusing on functionality rather than speed. It is intended to gather data on the aircraft’s noise impact on communities, indicating a significant step towards improving commercial travel times. After this, Ray thanks the podcast’s sponsor, GoDaddy, highlighting their hosting services and mentioning various promotional offers. He encourages listeners to support the show directly through the GoDaddy links, emphasizing their reliability in supporting the podcast. Following the sponsor message, Ray transitions into another topic, discussing a new prototype transparent 4K monitor named the Phantom developed by Virtual Instruments. The monitor is designed to allow users to see their environment through the screen while achieving remarkable brightness levels. Next, he introduces an innovative AI model called Marble developed by Fei Fei Li's startup, World Labs. Ray explains that this platform enables users to generate 3D worlds from simple prompts, marking a shift towards spatial intelligence in AI, which is essential for gaming, robotics, and visual effects. Ray then moves on to discuss TypeScript’s rise in the programming world, which has overtaken JavaScript and Python as the most used language on GitHub due to its compatibility with AI-assisted coding. He continues with news about UbiTech’s Walker S2 humanoid robots, which have begun mass delivery to factories, signifying a major milestone in manufacturing automation and the potential implications for the labor market. Ray finishes with information on the growing trend of running local open-source AI models on personal computers. He emphasizes the privacy advantages of using models like Llama and Mistral locally without relying on cloud providers. In closing, Ray reflects on the episode’s diverse topics and invites listener feedback regarding the content. He expresses gratitude for their support and encourages them to send comments or suggestions for future episodes. Ray ends by wishing everyone a good night and promising to return with more episodes soon. Show Links NASA X-59 Quiet Supersonic Test Flight Phantom Transparent 4K Monitor Fei-Fei Li's World Labs Launches Marble TypeScript's Rise in the AI Era (Hejlsberg Interview) UBTECH's First Large Delivery of Humanoid Workers How to Run Your Own Local Open-Source AI Model The post From NASA's X-59 to Humanoid Workers: The Future Is Getting Weird # 1852 appeared first on Geek News Central.

Another week, another new AI IDE. This week, Google released the Antigravity IDE (yet another VS Code fork) which offers unique twists like “cross-surface” agents, user feedback to agent-generated artifacts, and a view of all agents across any workspace.The team behind the Unistyles cross-platform library just debuted Uniwind for all the React Native devs who want to use Tailwind styling in their native apps. Uniwind brings Tailwind-style className support to RN at build time, and has a custom, high-performance CSS parser to handle both Tailwind 4 and plain CSS files. Prisma 7.0 is out, and so is Rust from its codebase. The team completely rebuilt it in TypeScript to cut down on its bundle size and the communication layer between Rust and the JS runtime that was actually slower than just JavaScript through and through.In Lightning News, even if you don't develop in Angular, the Angular v21 dev release video is worth a watch, Cloudflare had a big Internet outage this week, Firefox has teased AI in its browser “the Firefox way”, and the State of React Survey 2025 is open now (please vote for Front-end Fire in the Podcasts section!).Timestamps:1:27 - Prisma 7.09:35 - Uniwind12:18 - Antigravity27:32 - Angular v21 release video29:20 - Cloudflare outage37:11 - Firefox gets an AI window38:47 - State of React survey open40:36 - What's making us happyNews:Paige - UniwindJack - Prisma 7.0TJ - AntigravityLightning News:Firefox gets an AI windowCloudflare had a big outageThe State of React Survey 2025 is now openAngular v21 Dev Release videoWhat Makes Us Happy this Week:Paige - Upcoming holidays and seeing familyJack - StroboClip HD for the guitarTJ - Dungeon Crawler Carl bookThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

Welcome back to Gnostic Insights and the Gnostic Reformation on Substack. Last week we started an episode called Gnostic Psychology Slideshow, Part One, and today we’re going to wrap that up. It’s a slideshow that I presented at my class at Southern Oregon University on the Simple Gnostic Gospel, and so I will be describing for you and posting the transcript on the GnosticInsights.com website and also at Substack. In the written transcripts, you’ll be able to see the PowerPoint slides, which really, I think, helps to clear things up, to clear up confusion, by the imagery. If you’re listening to the audio-only version, you might want to go to the websites, one or the other, and look at the slideshow too. Last week in Gnostic Psychology Part One, we talked about Who am I? Who is a human being? Who are you? And in my way of thinking, we are a combination of units of consciousness; memes and the memes we carry in our meme shroud; karma; and our One true Self, which is a replication of the One consciousness of the Father; the aeonic inheritance we have from our parents in the Fullness; and our body, our material body, which comprises our DNA and our human parents, our inheritance, as well as the units of consciousness of the 37 trillion cells in our body. There’s a therapeutic application for this Gnostic Psychology. And if you look at my book, A Simple Explanation of Absolutely Everything, or you go to my 20-year-old website and look up https://asimpleexplanation.blogspot.com you can find this particular explanation in depth. I think that would be a good bumper sticker or t-shirt. Gnosis you can trust. Again, if you’re following along with the slideshow, and this will be called Gnostic Psychology Part 2, the values on the left are egoic and they are demiurgic and they are from the deficiency, the imitation. The values on the right are from the true Self, from the Fullness of God, and they are traits of the Father. So, I don’t want to read through this whole list. It’s a very long list, but for example, a vice would be to be hateful, spiteful. The virtue that’s the flip side is to be loving, charitable. So, if you find yourself hating someone, it’s not virtuous, it’s not righteous, it’s demiurgic. We are called to love others, and indeed that is our Second Order task. We were sent here to remind the fallen demiurge that there is a Father above, that there is life and love, and that it comes from above. The Demiurge is a fractal of Aeonic ego, being the ego of fallen Logos. We are also fractals, so we want to dwell on the Aeonic Fullness side rather than the fallen demiurgic side. Another example would be hard-hearted, ruthless on the left, and the virtuous side is to be merciful. One of the vices is to be slothful, lazy. The virtue side is to be useful, to be part of the solution. The left is illogical, incoherent. It makes no sense because it’s built on lies. The right is logical. The Simple Explanation of Absolutely Everything theory of everything that I developed starts with a single premise that consciousness is the ground state of reality, and then everything derives from that first premise. The Gnostic gospel that I teach, or that I share with you, because I don’t have to teach you Gnosis, we’re all born with the Gnosis, so it’s inherent in us. We just need to be reminded because we’ve been caught in a never-ending war. So, for example, if a person has an eating disorder, and let’s say you eat uncontrollably, you eat far too much, and you eat the wrong things, and you know you should cut back, and you know you should eat better because it’s just not good, because you feel sluggish, and your health is suffering. That is because you’ve allowed your organ system of the digestive tract to rule. It’s an even further down fractal iteration than ego. Your ego wants to lose weight because you want to look good. You want to fit into that new outfit or whatever. You want to be attractive to the opposite sex, but you can’t control your eating. That’s because you have ceded your control to your digestive system. Willpower is difficult because that food is very attractive, and your digestive system is very powerful because you’ve given it so much authority, and it’s become accustomed to ruling you. You have to go a step to the right. You have to get on to the virtue side, and instead of being gluttonous, which is a vice, you want to be temperate. So, how do you get on the virtuous side? By turning your eyes upward to the Fullness of God, by asking for the Father’s assistance, or asking for the Son’s assistance to overcome this demiurgic slavery that you’ve found yourself in. This works for all vices, for all addictions. Now, if that’s too difficult, this is where the Christ comes in, because the Christ is the Third Order of Powers. So, it’s yet another pyramidal shape, like the Fullness, except it’s the most powerful force in the cosmos. And, if you jump from giving your control to your gluttonous digestive system, or to your Self-centered me-me-me ego, you can turn it directly over to the Third Order of Powers, and ask them to come over and take control. And, that is like a stencil. It’s going to overlay a Third Order Power on top of every one of your units of consciousness, and it’s got all the power to do anything. You borrow the willpower of the Fullness, the willpower of the Christ. And, that’s who Jesus was. He was our exemplar. He was the first human who ceded all authority to the Third Order Powers, to the Father. He was God incarnate that way. He did not have any vice, and he showed us, yeah, it can be done. Yeah, you might get crucified for it, and everybody’s going to hate you. You’re going to have very few friends. You’re going to look like a total goody two shoes. But, if it’s really the Third Order Powers working through you, it’s not a burden. It’s lifting the burden, because you always know what to do, because the Third Order of power is sitting on the throne of yourself. That’s just an example of something you could say, and that will bump the negative meme. Oh, there’s not enough. I’m going to lose you. I’m going to lose this. I’m afraid. I’m afraid. It just bumps it right out of the way, because you’ve displaced that demiurgic meme with a godly meme. They don’t work together, so one of them has got to go, and if you have set your willpower upon the Third Order of Powers, upon the Fullness of God, upon virtue, you don’t have to strain and sweat to get it done. You feel joy. You feel in alignment with the One. You are truly centered. This is what it means to be enlightened. Therapy may help you to identify which memes need dropping, and may assist in the process. You may not realize the reason you’re so insecure is because you think there’s not enough to go around, so a good therapist can help you identify that, and then you can drop that. There’s not enough to go around. I’m going to be left out. Nobody loves me. I’ll never amount to anything. You can drop those negative memes that you uncover during therapy, and then replace them with positive memes. And nowadays, since everything’s going so poorly out here in the world, if you spend a lot of time with the media, and with social media, you are absorbing all of that negativity, and all of that hatred, because social media is inherently demiurgic. It’s not alive. It comes from the bottom. You need to turn your eyes upward, turn off the phone, look upward, and plug into the Father, however you can do that. Some memes are easy to detach, because they don’t really fit in with your bundle of meme strings and cords, so if you stop reading those posts, if you get off of Facebook, well, maybe they will evaporate, because it turned out you were actually a very loving person, and you still love your old friends, even if you disagree with them now. But if you continually feed that negative meme, then you will continually feel horrid, because the demiurgic side of the ledger is designed to make you feel bad, to make you feel enslaved, to create division, despair, fear. That all comes from not living a godly life. But we don’t force ourselves to live a godly life. We run to it with joy. It’s coming home. It’s remembering. It’s remembering the joy. And suddenly all burdens are light enough to bear. Bad things can happen to you, but then you can trust in God that all things work together for good for those who love God. So I may have broken my leg and wound up in the hospital for a couple of days, but it turns out I needed to be in that hospital bed, because my roommate in the hospital was a lovely person that needed to hear what I had to say, and vice versa. And we made a new friend. This is how a bad thing can turn into a good thing, by having a godly attitude and trusting that God knows best. God does know better than you. You don’t have enough data to run your life and avoid all of the pitfalls. So you’re starting to get the idea this whole Gnostic psychology has to do with dropping unwanted memes and turning to the virtuous side. That’s what it boils down to. There’s only peace and joy and happiness on the side of virtue when you’re sincere. We’re not talking about hypocrisy. We’re not talking about forcing the issue. We’re not talking about whipping yourself with a flagellant whip to make yourself holy. That is not God’s will. God is entirely love, entirely acceptance, entirely forgiving, entirely compassionate, entirely charitable. And if you think you’re living a righteous life, yet you’re feeling anger, hatred, division, well then you’re not living a righteous life. Those are clues that you’re in the wrong set of memes, you see? So you want to get rid of those and turn your eyes upward. And you can either turn your eyes directly to Jesus as Christian true believers do, and I mean true believers, not hypocrites or pew warmers, or you can go this Gnostic route and turn your mind up to the Fullness of God, the Son, the Father, and the disincarnate Christ who pre-existed Jesus. You can take your choice, but it all is going to level you up to the Father. If you’re on the path, the glory beam, then you wind up with the Father. On a practical level, therapies such as the Emotional Freedom Technique can help with that. You can go to an EFT trainer, or you can look up EFT on YouTube and learn how to do the EFT technique. Then you just do this tapping. It takes about a minute, and it literally taps those unwanted memes right off of your meme shroud. I use it now and then, and it works. If you’ve got a thought you can’t dislodge, you do the EFT while thinking of the thought. You do the EFT a couple, maybe three times, and boom, it’s gone. Serenity is achieved as the memes are discarded. Of course, the whole point of traditional meditation is to clear your mind. What are you doing when you do that? You are quieting the memes. You’re turning them off so they can’t affect you and get in the way of you coming into contact with your true Self or with the Father. It’s important to realize that at any moment in time, you can choose to lay down an unwanted meme. You have that power. It is in your control. If you notice yourself carrying a meme around again that you thought you’d gotten rid of, but here you are again, well then stop. Lay it down again. You can lay it down as many times as it takes, but if you continue to do that meme, if you continue to activate that meme, think about it, or carry out this unwanted behavior, you’re not going to be able to get rid of it because activation causes it to stick to your meme bundle. That’s why you have to continue to lay it down, and you have to stop thinking about it. It doesn’t help to think about it. Regret, regret that never goes away, is also demiurgic because it makes you feel guilty. It wants you to feel like you have no willpower, like you can’t help yourself, and that’s a lie. It’s all lies. You can help yourself. You can be free in a moment, and from personal experience, I can tell you that that’s what the born again experience is. It’s inviting the Third Order of Powers to come into you and to take over, and the Christian prayer to Jesus, Jesus I’m a sinner, I repent, I ask you to come into my life, is a version of what I’m saying, and you can do that. I’m not against you asking Jesus to be your personal emissary. Jesus is my man. I’ve always been with Jesus, and I still am. Nothing wrong with Jesus. And if you don’t want to believe in the Christ, if you think that’s just hooey, you don’t need the Christ, well you’re going to have a hard reckoning when you pass away because we have to be pure to get to heaven. We have to be a hundred percent pure because heaven’s all good, all good. Sooner or later, everyone repents, but sooner or later everyone does repent, whether it’s in this lifetime or in the in-between place. Or you will keep coming back and getting reincarnated over and over again because you don’t want to let go of those memes that you’re holding on to. In order to stick the landing, as I say, which is a gymnastic term—you know how when a gymnast jumps off of that vault and then they land, that’s called sticking the landing. If they fumble the landing or they fall over, they didn’t stick the landing. So I think of getting to heaven and being able to stick the landing. That only happens if you repent and accept that you come from above and you want to return to above, and you don’t want to keep doing these activities that you love so much down here on the earth, or else you’re just going to keep getting pulled back onto the earth. In the case of PTSD, some sort of therapy is usually required to detach that meme from the person, unless of course you want to go full throttle and have a born-again experience, then it can all be gone in an instant. But if you don’t actively strive to detach that meme, it’s possible to be victimized by PTSD for the entirety of your life, and this causes much suffering, as Buddha would say, much needless suffering. And if you want to hear more about that, if you want to know more, please leave a comment below, and I’ll review that whole idea of Bill’s hypnotic method and give you some case histories. God bless us all, and onward and upward. If you find these Gnostic Insights beneficial and you would like to do your part to usher in a new Gnostic Reformation, please contribute to the cause. The Aeons will notice and be glad. Please enable JavaScript in your browser to complete this form.Name *FirstLastEmail *Stripe Credit Card *Choose your item *Item A - $10.00Item B - $25.00Item C - $50.00Total$0.00Submit

In this episode of Remote Ruby, Chris and Andrew have a lively conversation with Brendan Buckingham and Ryan Frisch from the Rails Business Podcast. They discuss their experiences and journeys with Ruby on Rails, starting from their early encounters with the technology to hosting a specialized Rails podcast. Critical technical topics are covered, including managing Stripe API data integrity, upgrading Rails applications, and using modern JavaScript tools like Turbo Frames and Turbo Streams. Brendan and Ryan also share how and why they started the Rails Business Podcast, the power of small community events, and how following your own frustrations often leads to the best product ideas. Hit download now to hear more! LinksJudoscale- Remote Ruby listener giftBrendan Buckingham XRyan Frisch LinkedInRails Business PodcastRailsConf 2014- Keynote: Writing Software by David Heinemeier HanssonGetting Real by David Heinemeier Hansson and Jason FriedThis Week in Startups PodcastThe REWORK Podcast (37signals)BasecampIn Defence of the Single Page Application by William KennedyXO RubyJim Remsik LinkedIn Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

Wendell joins the show with a literal fire background (the “this is fine” meme), which he admits he can’t use anymore because of company backgrounds. But it’s an accurate representation of daily developer life, and we can all relate. Teaching PHP Six Months After Learning It At 16 years old, working in a small-town Brazilian school teaching Word and Excel, Wendell took a PHP course. Five or six months later, the teacher left and they asked Wendell to take over—teaching PHP to 13 and 14-year-olds when he was barely older himself. Students would ask questions he didn’t know the answer to, forcing him to say “give me a minute” while frantically searching the documentation. But that pressure? It taught him the most valuable developer skill: knowing how to find answers to things you don’t know. No Computer at Home Here’s the kicker: Wendell didn’t even have a computer at home during all this. He could only use the computers at work, so he’d finish lunch in 15 minutes just to get back to his desk and keep learning PHP. The obsession was real, and it paid off. PHP Documentation: The Unsung Hero Everyone agrees—PHP’s documentation is insanely good. You can find almost anything without even hitting Stack Overflow. Comments from 15-20 years ago still work today because PHP maintains backwards compatibility like no other language. Those old comments aren’t just relics; they’re still valid, working code that new developers can learn from. Try that in JavaScript land. Rector: The Migration Miracle Moving legacy code to modern PHP used to be a nightmare. Now? Install Rector and watch it automatically migrate your codebase to use new features. Wendell highlights this as one of PHP’s secret weapons—the community builds tools that make everyone’s life easier. When AI Becomes Part of Your Workflow some literally can’t work without Claude, Cursor, and PHPStorm anymore. Not because he needs AI for everything, but because the anxiety of “what if I need to ask something?” kicks in if it’s not there. It’s wild how quickly we adapt to new tools—especially considering 25 years ago we barely had IDEs. We had Notepad. If we were lucky. The Imposter Syndrome Reality Check Everyone Googles stuff. Every. Single. Person. It doesn’t matter how experienced you are or how many packages you’ve written—at some point, you’re searching for answers. The skill isn’t memorizing everything; it’s knowing where to look and how to find the right answer. Mike and Chris both admit they struggle with imposter syndrome constantly. You’re not alone. PHP Can Do Everything Now CLI apps? Easy. Web apps? Obviously. Desktop applications? Yep. Mobile applications with PHP? Absolutely—and Wendell admits he never thought that would be possible. With AI advancements and tools like the new official MCP SDK for PHP, the possibilities keep expanding. JavaScript might get there first, but PHP always catches up. New Security Challenges: Prompt Injection Frameworks already protect us from SQL injection and script injection. But now with MCP (Model Context Protocol) and AI integration, we have a new threat: prompt injection. How will PHP frameworks adapt? How do we secure AI-powered applications? These are the new challenges keeping the community on its toes. Teaser: Laravel Service Container Deep Dive Wendell drops a teaser—he’s publishing his longest blog post yet about how Laravel’s service container works. By the time this episode goes live, it’ll probably already be out. Worth the read. Listen to hear why the PHP community attracts experts from other languages, and why everyone keeps confusing their show schedule with the video game Fortnite. Links From The Show: Wendell’s blog: https://wendelladriel.com/blog Inside The Service Container: https://wendelladriel.com/blog/inside-the-laravel-service-container Laravel Queues Under The Hood: https://wendelladriel.com/blog/laravel-queues-under-the-hood Laravel Actions As A Service: https://wendelladriel.com/blog/laravel-aaas-actions-as-a-service Best Practices For Laravel Applications: https://wendelladriel.com/best-practices-for-laravel-enterprise-applications PHP Architect Social Media: X: https://x.com/phparch Mastodon: https://phparch.social/@phparch Bluesky: https://bsky.app/profile/phparch.com Discord: https://discord.phparch.com Subscribe to our magazine: https://www.phparch.com/subscribe/ Streams: Youtube Channel Twitch Partner This podcast is made a little better thanks to our partners Displace Infrastructure Management, Simplified Automate Kubernetes deployments across any cloud provider or bare metal with a single command. Deploy, manage, and scale your infrastructure with ease. https://displace.tech/ PHPScore Put Your Technical Debt on Autopay with PHPScore Honeybadger.io Honeybadger helps you deploy with confidence and be your team's DevOps hero by combining error, uptime, and performance monitoring in one simple platform. Check it out at honeybadger.io Music Provided by Epidemic Sound https://www.epidemicsound.com/ The post PHP Alive And Kicking – Episode 16 – Wendell Adriel appeared first on PHP Architect.

Coach Colin : https://www.youtube.com/@coachcolin 00:00:00 – Meet Coach Collin: conspiracy YouTuber origins, YouTube strikes, Union of the Unwanted and learning to tiptoe around platform rules. 00:04:50 – Alex Jones Clips of the Week: Fetterman "cyborg" on Rogan, rants about ancient studio cameras, bankruptcy auction math and a torrent of quotes that guarantee no YouTube monetization. 00:14:08 – Where OBDM actually lives (Spotify, Rumble, Twitch, Twitter), how they handle edits for YouTube, and the decision to leave the insane Jones montage fully intact. 00:18:41 – Ian/"In Carol" stream breakdown: Rob McCoy's sermon vanishes mid-watch, backup found on Apple Podcasts, then an instant flood of "just retire man" Twitch bots that looks like targeted harassment of a small creator. 00:24:18 – Threat-modeling the bot swarm: JavaScript trackers vs malware vs state-level profiling of dissident channels, plus why Ian's modest van-life income and Candace Owens ties might still put him on a watchlist. 00:33:51 – Tesla Cybertruck bomb at Trump's Vegas hotel: Green Beret on leave, Turo-rented Cybertruck, explosives and a now-classified phone manifesto describing gravity-propulsion drones launched from submarines. 00:38:57 – Butler County and Charlie Kirk parallels: same kinds of enemies (intel community, defense contractors, radicals), bizarre rooftop security failures and fast, tidy crime-scene cleanups that feel pre-scripted. 00:43:08 – Trump's shooting as message, not stunt: why staging it himself would be nearly impossible, Schumer's "six ways from Sunday" warning, and the sense that Trump is oddly content with a murky investigation. 00:53:02 – Epstein as "Mr. Deep State": Maxwell-to-Epstein handoff, Zorro Ranch, cloning obsessions, Powerball luck, Mongolia-Israel security deals, Harvard office access and a role far beyond "simple" sex trafficking. 00:56:45 – The files vs Trump's legacy: Cash Patel, Dan Bongino and Pam Bondi's conflicting claims about thousands of hours of tape, and why the base wants names released before Epstein becomes Trump's eternal asterisk. 01:04:29 – Dan Aykroyd's The UnBelievable and the Ariel School sighting: kids in Zimbabwe, telepathic "save the trees" messages, and using the case to argue UFOs are long-running interdimensional or demonic entities. 01:08:38 – CE5 sky-summoning, Crowley, Jack Parsons, Tesla and Hollywood rituals: "biological drone" greys, summoning things that pretend to be aliens, and celebrity plastic surgery as possible demonic face-morphing experiment. 01:14:55 – Madonna and Lil' Kim as "grey-coded" figures, then wacky news: Taco Bell's limited Baja Blast pie, a listener buying a half-eaten one for Thanksgiving, and using junk food as a window into cultural weirdness. 01:18:44 – NASA's awful comet 3I/ATLAS blue-dot photos, its quiet promotion to intelligence agency status, speculation about reverse-engineering evil interdimensionals and a tangent into Megadeth's dream of a final show on the moon. 01:33:02 – Stolen child's brain and organ markets: rare disease research derailed when her brain is sold off, theories about rich collectors, legal rulings that organs can be resold, and wild pricing for skulls and bones online. 01:41:29 – Linux Torvalds on "vibe coding": AI as okay for learning but bad for maintenance, dev layoffs, and the hosts' own experience with AI code review, hallucinated links and having to scold chatbots like lazy employees. 01:46:49 – Chatbots melting minds: Canadian user pushed into math-savior psychosis by ChatGPT, multi-plaintiff lawsuits after suicides, a man who fell in love with his bot wife, and the theory that these systems are temporary demon housing. 01:59:05 – Pumpkin-everything Thanksgiving: stuffed ravioli, cheesecake crumble, pumpkin butter ice cream, then Coach Collin's plugs, OBDM's schedule, Discord jokes and the "keep watching the skies" sign-off aimed at NASA's lousy photos. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research ▀▄▀▄▀ CONTACT LINKS ▀▄▀▄▀ ► Website: http://obdmpod.com ► Twitch: https://www.twitch.tv/obdmpod ► Full Videos at Odysee: https://odysee.com/@obdm:0 ► Twitter: https://twitter.com/obdmpod ► Instagram: obdmpod ► Email: ourbigdumbmouth at gmail ► RSS: http://ourbigdumbmouth.libsyn.com/rss ► iTunes: https://itunes.apple.com/us/podcast/our-big-dumb-mouth/id261189509?mt=2  

There are some major changes coming to Parsity and this podcast. As a listener, I appreciate you sincerely for listening and I want to extend the largest discount we've ever done for our 30 day Javascript program. It's usually $49 but I'm reducing it to $10.Complete the 30 days and you got yourself a $1400 discount to Parsity's software engineering program.

Puedes vernos o escucharnos desde ahora en la nueva app Be Native. Descárgala ya desde el App Store: Be Native. El 13 de noviembre de 2025, Apple hizo algo histórico: lanzar el Programa de Mini Apps con comisión del 15% (la mitad de lo habitual) y actualizar las App Review Guidelines de forma radical. En este episodio te explicamos TODO lo que necesitas saber como desarrollador iOS.

There was a day not long ago where a Google Chrome browser update left any page with a CodePen Embed on it throwing a whole big pile of red JavaScript errors in the console. Not ideal, obviously. The change was related to how the browser handles allow attributes on iframes (i.e. ). CodePen was calculating the appropriate values inside an iframe for a nested iframe. That must have been a security issue of sorts, as now those values need to be present on the outside iframe as well. We documented all this in a blog post so hopefully we could get some attention from Chrome on this, and for other browser makers as well since it affects all of us. And I posted it on the ol' social media: Huge thanks to Bramus Van Damme who saw this, triaged it at Chrome, and had a resolution within a day: I think the patch is a great change so hats off to everyone involved for getting it done so quickly. It's already in Canary and don't really know when it'll get the stable but that sure will be good. It follows how Safari is doing things where values that aren't understood are just ignored (which we think is fine and inline with how HTML normally works). Fortunately we were able to mitigate the problem a little until then. For most Embedded Pens, a is loaded on the page embedding it, and we dynamically create the for you. This is just nice as it makes making an accessible fallback easier and gives you access to API-ish features for the embeds. We were able to augment that script to do a little browser user-agent sniffing and apply the correct set of allow attributes on the iframe, as to avoid those JavaScript errors we were seeing. But there's the rub: we'd rather not do any user-agent sniffing at all. If we could just put all the possible allow attributes we want on there, and not be terribly concerned if any particular browser didn't support any particular value, that would be ideal. We just can't have the scary console errors, out of concern for our users who may not understand them. Where we're at in the saga now is that: We're waiting for the change to Chrome to get to stable. We're hoping Safari stays the way it is. OH HI FIREFOX. On that last point, if we put all the allow attributes we would want to on an in Firefox, we also get console-bombed. This time not with red-errors but with yellow-warnings. So yes, hi Firefox, if you could also not display these warnings (unless a reporting URL is set up) that would be great. We'd be one less website out there relying on user-agent sniffing.

Episode SummaryIn this conversation, Robby sits down with software engineer and author Chris Zetter to explore what building a relational database from scratch can teach us about maintainability, architectural thinking, and team culture. Chris shares why documentation often matters more than perfectly shaped code, why pairing accelerates learning and quality, and why “boring technology” is sometimes the most responsible choice. Together they examine how teams get stuck in local maxima, how junior engineers build confidence, and how coding agents perform when asked to implement a database.Episode Highlights[00:01:00] What Makes Software MaintainableChris explains that well-maintained software is defined by how effectively it helps teams deliver value and respond to change. In some domains—like payroll systems—the maintainability burden shifts toward documentation rather than code organization.[00:03:50] Documentation vs. Code CommentsHe describes visual docs, system diagrams, and commit–ticket links as more durable sources of truth than inline comments, which tend to rot and discourage refactoring.[00:05:15] Rethinking Technical DebtChris argues that teams overuse the metaphor. He prefers naming the specific reason something is slow or brittle—like outdated libraries or rushed decisions—because that builds trust and clarity with product partners.[00:07:45] Where Core Debt Really LivesEarlier in his career he obsessed over long files; now he focuses on structural issues. Architecture, boundaries, and naming affect changeability far more than messy internals.[00:08:15] Pairing as the Default ToolChris loves pairing for its speed, clarity, and shared context. Remote pairing has removed obstacles like mismatched keyboard setups or cramped office seating. Tools like Tuple and Pop keep it smooth.[00:10:20] The Mob Tool and Fast Driver SwitchingHe explains how the Mob CLI tool makes switching drivers nearly instant, which keeps energy high and lets everyone work in their own editor environment, reducing friction and fatigue.[00:13:45] Pairing with Junior EngineersPairing helps newer developers avoid painful pull-request rework and builds confidence. But teams must balance pairing with opportunities for engineers to build autonomy.[00:20:50] Getting Feedback SoonerChris emphasizes speed of feedback: showing progress early to stakeholders prevents wasted days—and sometimes weeks—of heading in the wrong direction.[00:21:10] Boring Technology as a FeatureAfter being burned by abandoned frameworks, Chris champions predictable, well-supported tools for the big layers: language, framework, database. Novelty is great—but only in places where rollback is cheap.[00:23:20] Balancing Professional Development with Organizational NeedsDevelopers want experience with new technology; organizations want stability. Chris describes how leaders can channel curiosity safely and productively.[00:27:20] Build a Database ServerChris's book, Build a Database Server, is a practical, language-agnostic guide to building a relational database from scratch. It uses a test suite as a feedback loop so developers can experiment, refactor, and learn architectural trade-offs along the way.[00:31:45] What Writing the Book Taught HimCreating a database deepened his appreciation for Postgres maintainers. He highlights the number of moving parts—storage engine, type system, query planner, wire protocol—and how academic papers often skip hands-on guidance.[00:33:00] Experimenting with Coding AgentsChris tested coding agents by giving them the book's test suite. They passed many tests but produced brittle, incoherent architecture. Without a feedback loop for quality, the agents aimed only to satisfy test conditions—not build maintainable systems.[00:36:55] Escaping a Local Maxima Through a Design SprintChris shares a story of a team stuck maintaining a system that no longer fit business needs. A design sprint gave them space to reimagine the system, clarify naming, validate concepts, and identify which pieces were worth reusing.[00:40:40] Rewrite vs. RefactorHe leans toward refactor for large systems but supports small, isolated rewrites when boundaries are clear.[00:41:40] Building Trust in Legacy CodeWhen inheriting an old codebase, Chris advises starting with a small bug fix or UI tweak to understand deployment pipelines, test coverage, and failure modes before tackling bigger improvements.[00:43:20] Recommended ReadingChris recommends _Turn the Ship Around! for its lessons on empowering teams to act with intent instead of waiting for permission.Resources MentionedBuild a Database ServerChris Zetter's blogThe Mob Programming CLI ToolTuplePopTurn the Ship Around!Thanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

Dans cet épisode, Emmanuel, Katia et Guillaume discutent de Spring 7, Quarkus, d'Infinispan et Keycloak. On discute aussi de projets sympas comme Javelit, de comment démarre une JVM, du besoin d'argent de NTP. Et puis on discute du changement de carrière d'Emmanuel. Enregistré le 14 novembre 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-332.mp3 ou en vidéo sur YouTube. News Emmanuel quitte Red Hat après 20 ans https://emmanuelbernard.com/blog/2025/11/13/leaving-redhat/ Langages Support HTTP/3 dans le HttpClient de JDK 26 - https://inside.java/2025/10/22/http3-support/ JDK 26 introduit le support de HTTP/3 dans l'API HttpClient existante depuis Java 11 HTTP/3 utilise le protocole QUIC sur UDP au lieu de TCP utilisé par HTTP/2 Par défaut HttpClient préfère HTTP/2, il faut explicitement configurer HTTP/3 avec Version.HTTP_3 Le client effectue automatiquement un downgrade vers HTTP/2 puis HTTP/1.1 si le serveur ne supporte pas HTTP/3 On peut forcer l'utilisation exclusive de HTTP/3 avec l'option H3_DISCOVERY en mode HTTP_3_URI_ONLY HttpClient apprend qu'un serveur supporte HTTP/3 via le header alt-svc (RFC 7838) et utilise cette info pour les requêtes suivantes La première requête peut utiliser HTTP/2 même avec HTTP/3 préféré, mais la seconde utilisera HTTP/3 si le serveur l'annonce L'équipe OpenJDK encourage les tests et retours d'expérience sur les builds early access de JDK 26 Librairies Eclispe Jetty et CometD changent leurs stratégie de support https://webtide.com/end-of-life-changes-to-eclipse-jetty-and-cometd/ À partir du 1er janvier 2026, Webtide ne publiera plus Jetty 9/10/11 et CometD 5/6/7 sur Maven Central Pendant 20 ans, Webtide a financé les projets Jetty et CometD via services et support, publiant gratuitement les mises à jour EOL Le comportement des entreprises a changé : beaucoup cherchent juste du gratuit plutôt que du véritable support Des sociétés utilisent des versions de plus de 10 ans sans migrer tant que les correctifs CVE sont gratuits Cette politique gratuite a involontairement encouragé la complaisance et retardé les migrations vers versions récentes MITRE développe des changements au système CVE pour mieux gérer les concepts d'EOL Webtide lance un programme de partenariat avec TuxCare et HeroDevs pour distribuer les résolutions CVE des versions EOL Les binaires EOL seront désormais distribués uniquement aux clients commerciaux et via le réseau de partenaires Webtide continue le support standard open-source : quand Jetty 13 sortira, Jetty 12.1 recevra des mises à jour pendant 6 mois à un an Ce changement vise à clarifier la politique EOL avec une terminologie industrielle établie Améliorations cloud du SDK A2A Java https://quarkus.io/blog/quarkus-a2a-cloud-enhancements/ Version 0.3.0.Final du SDK A2A Java apporte des améliorations pour les environnements cloud et distribués Composants en mémoire remplacés par des implémentations persistantes et répliquées pour environnements multi-instances JpaDatabaseTaskStore et JpaDatabasePushNotificationConfigStore permettent la persistance des tâches et configurations en base PostgreSQL ReplicatedQueueManager assure la réplication des événements entre instances A2A Agent via Kafka et MicroProfile Reactive Messaging Exemple complet de déploiement Kubernetes avec Kind incluant PostgreSQL, Kafka via Strimzi, et load balancing entre pods Démonstration pratique montrant que les messages peuvent être traités par différents pods tout en maintenant la cohérence des tâches Architecture inspirée du SDK Python A2A, permettant la gestion de tâches asynchrones longues durée en environnement distribué Quarkus 3.29 sort avec des backends de cache multiples et support du débogueur Qute https://quarkus.io/blog/quarkus-3-29-released/ Possibilité d'utiliser plusieurs backends de cache simultanément dans une même application Chaque cache peut être associé à un backend spécifique (par exemple Caffeine et Redis ou Infinispan) Support du Debug Adapter Protocol (DAP) pour déboguer les templates Qute directement dans l'IDE et dans la version 3.28 Configuration programmatique de la protection CSRF via une API fluent Possibilité de restreindre les filtres OIDC à des flux d'authentification spécifiques avec annotations Support des dashboards Grafana personnalisés via fichiers JSON dans META-INF/grafana/ Extension Liquibase MongoDB supporte désormais plusieurs clients simultanés Amélioration significative des performances de build avec réduction des allocations mémoire Parallélisation de tâches comme la génération de proxies Hibernate ORM et la construction des Jar Et l'utilisation des fichiers .proto est plus simple dans Quarkus avbec Quarkus gRPC Zero https://quarkus.io/blog/grpc-zero/ c'est toujours galere des fichiers .proto car les generateurs demandent des executables natifs maintenant ils sont bundlés dans la JVM et vous n'avez rien a configurer cela utilise Caffeine pour faire tourner cela en WASM dans la JVM Spring AI 1.1 est presque là https://spring.io/blog/2025/11/08/spring-ai-1-1-0-RC1-available-now support des MCP tool caching pour les callback qui reduit les iooerations redondantes Access au contenu de raisonnement OpenAI Un modele de Chat MongoDB Support du modele de penser Ollama Reessaye sur les echec de reseau OpenAI speech to text Spring gRPC Les prochaines étapes pour la 1.0.0 https://spring.io/blog/2025/11/05/spring-grpc-next-steps Spring gRPC 1.0 arrive prochainement avec support de Spring Boot 4 L'intégration dans Spring Boot 4.0 est reportée, prévue pour Spring Boot 4.1 Les coordonnées Maven restent sous org.springframework.grpc pour la version 1.0 Le jar spring-grpc-test est renommé en spring-grpc-test-spring-boot-autoconfigure Les packages d'autoconfiguration changent de nom nécessitant de modifier les imports Les dépendances d'autoconfiguration seront immédiatement dépréciées après la release 1.0 Migration minimale attendue pour les projets utilisant déjà la version 0.x La version 1.0.0-RC1 sera publiée dès que possible avant la version finale Spring arrete le support reactif d'Apache Pulsar https://spring.io/blog/2025/10/29/spring-pulsar-reactive-discontinued logique d'évaluer le temps passé vs le nombre d'utilisateurs c'est cependant une tendance qu'on a vu s'accélerer Spring 7 est sorti https://spring.io/blog/2025/11/13/spring-framework-7-0-general-availability Infrastructure Infinispan 16.0 https://infinispan.org/blog/2025/11/10/infinispan-16-0 Ajout majeur : migration en ligne sans interruption pour les nœuds d'un cluster (rolling upgrades) (infinispan.org) Messages de clustering refaits avec Protocol Buffers + ProtoStream : meilleure compatibilité, schéma évolutif garanti (infinispan.org) Console Web améliorée API dédiée de gestion des schémas (SchemasAdmin) pour gérer les schémas ProtoStream à distance (infinispan.org) Module de requête (query) optimisé : support complet des agrégations (sum, avg …) dans les requêtes indexées en cluster grâce à l'intégration de Hibernate Search 8.1 (infinispan.org) Serveur : image conteneur minimalisée pour réduire la surface d'attaque (infinispan.org) démarrage plus rapide grâce à séparation du démarrage cache/serveur (infinispan.org) caches pour connecteurs (Memcached, RESP) créés à la demande (on-demand) et non à l'initiaton automatique (infinispan.org) moteur Lua 5.1 mis à jour avec corrections de vulnérabilités et opérations dangereuses désactivées (infinispan.org) Support JDK : version minimale toujours JDK 17 (infinispan.org) prise en charge des threads virtuels (virtual threads) et des fonctionnalités AOT (Ahead-of-Time) de JDK plus récentes (infinispan.org) Web Javelit, une nouvelle librairie Java inspirée de Streamlit pour faire facilement et rapidement des petites interfaces web https://glaforge.dev/posts/2025/10/24/javelit-to-create-quick-interactive-app-frontends-in-java/ Site web du projet : https://javelit.io/ Javelit : outil pour créer rapidement des applications de données (mais pas que) en Java. Simplifie le développement : élimine les tracas du frontend et de la gestion des événements. Transforme une classe Java en application web en quelques minutes. Inspiré par la simplicité de Streamlit de l'écosystème Python (ou Gradio et Mesop), mais pour Java. Développement axé sur la logique : pas de code standard répétitif (boilerplate), rechargement à chaud. Interactions faciles : les widgets retournent directement leur valeur, sans besoin de HTML/CSS/JS ou gestion d'événements. Déploiement flexible : applications autonomes ou intégrables dans des frameworks Java (Spring, Quarkus, etc.). L'article de Guillaume montre comment créer une petite interface pour créer et modifier des images avec le modèle génératif Nano Banana Un deuxième article montre comment utiliser Javelit pour créer une interface de chat avec LangChain4j https://glaforge.dev/posts/2025/10/25/creating-a-javelit-chat-interface-for-langchain4j/ Améliorer l'accessibilité avec les applis JetPack Compose https://blog.ippon.fr/2025/10/29/rendre-son-application-accessible-avec-jetpack-compose/ TalkBack est le lecteur d'écran Android qui vocalise les éléments sélectionnés pour les personnes malvoyantes Accessibility Scanner et les outils Android Studio détectent automatiquement les problèmes d'accessibilité statiques Les images fonctionnelles doivent avoir un contentDescription, les images décoratives contentDescription null Le contraste minimum requis est de 4.5:1 pour le texte normal et 3:1 pour le texte large ou les icônes Les zones cliquables doivent mesurer au minimum 48dp x 48dp pour faciliter l'interaction Les formulaires nécessitent des labels visibles permanents et non de simples placeholders qui disparaissent Modifier.semantics permet de définir l'arbre sémantique lu par les lecteurs d'écran Les propriétés mergeDescendants et traversalIndex contrôlent l'ordre et le regroupement de la lecture Diriger le navigateur Chrome avec le modèle Gemini Computer Use https://glaforge.dev/posts/2025/11/03/driving-a-web-browser-with-gemini-computer-use-model-in-java/ Objectif : Automatiser la navigation web en Java avec le modèle "Computer Use" de Gemini 2.5 Pro. Modèle "Computer Use" : Gemini analyse des captures d'écran et génère des actions d'interface (clic, saisie, etc.). Outils : Gemini API, Java, Playwright (pour l'interaction navigateur). Fonctionnement : Boucle agent où Gemini reçoit une capture, propose une action, Playwright l'exécute, puis une nouvelle capture est envoyée à Gemini. Implémentation clé : Toujours envoyer une capture d'écran à Gemini après chaque action pour qu'il comprenne l'état actuel. Défis : Lenteur, gestion des CAPTCHA et pop-ups (gérables). Potentiel : Automatisation des tâches web répétitives, création d'agents autonomes. Data et Intelligence Artificielle Apicurio ajoute le support de nouveaux schema sans reconstruire Apicurio https://www.apicur.io/blog/2025/10/27/custom-artifact-types Apicurio Registry 3.1.0 permet d'ajouter des types d'artefacts personnalisés au moment du déploiement sans recompiler le projet Supporte nativement OpenAPI, AsyncAPI, Avro, JSON Schema, Protobuf, GraphQL, WSDL et XSD Trois approches d'implémentation disponibles : classes Java pour la performance maximale, JavaScript/TypeScript pour la facilité de développement, ou webhooks pour une flexibilité totale Configuration via un simple fichier JSON pointant vers les implémentations des composants personnalisés Les scripts JavaScript sont exécutés via QuickJS dans un environnement sandboxé sécurisé Un package npm TypeScript fournit l'autocomplétion et la sécurité de type pour le développement Six composants optionnels configurables : détection automatique de type, validation, vérification de compatibilité, canonicalisation, déréférencement et recherche de références Cas d'usage typiques : formats propriétaires internes, support RAML, formats legacy comme WADL, schémas spécifiques à un domaine métier Déploiement simple via Docker en montant les fichiers de configuration et scripts comme volumes Les performances varient selon l'approche : Java offre les meilleures performances, JavaScript un bon équilibre, webhooks la flexibilité maximale Le truc interessant c'est que c'est Quarkus based et donc demandait le rebuilt donc pour eviter cela, ils ont ajouter QuickJS via Chicorey un moteur WebAssembly GPT 5.1 pour les développeurs est sorti. https://openai.com/index/gpt-5-1-for-developers/ C'est le meilleur puisque c'est le dernier :slightly_smiling_face: Raisonnement Adaptatif et Efficace : GPT-5.1 ajuste dynamiquement son temps de réflexion en fonction de la complexité de la tâche, le rendant nettement plus rapide et plus économique en jetons pour les tâches simples, tout en maintenant des performances de pointe sur les tâches difficiles. Nouveau Mode « Sans Raisonnement » : Un mode (reasoning_effort='none') a été introduit pour les cas d'utilisation sensibles à la latence, permettant une réponse plus rapide avec une intelligence élevée et une meilleure exécution des outils. Cache de Prompt Étendu : La mise en cache des invites est étendue jusqu'à 24 heures (contre quelques minutes auparavant), ce qui réduit la latence et le coût pour les interactions de longue durée (chats multi-tours, sessions de codage). Les jetons mis en cache sont 90 % moins chers. Améliorations en Codage : Le modèle offre une meilleure personnalité de codage, une qualité de code améliorée et de meilleures performances sur les tâches d'agenticité de code, atteignant 76,3 % sur SWE-bench Verified. Nouveaux Outils pour les Développeurs : Deux nouveaux outils sont introduits ( https://cookbook.openai.com/examples/build_a_coding_agent_with_gpt-5.1 ) : L'outil apply_patch pour des modifications de code plus fiables via des diffs structurés. L'outil shell qui permet au modèle de proposer et d'exécuter des commandes shell sur une machine locale, facilitant les boucles d'inspection et d'exécution. Disponibilité : GPT-5.1 (ainsi que les modèles gpt-5.1-codex) est disponible pour les développeurs sur toutes les plateformes API payantes, avec les mêmes tarifs et limites de débit que GPT-5. Comparaison de similarité d'articles et de documents avec les embedding models https://glaforge.dev/posts/2025/11/12/finding-related-articles-with-vector-embedding-models/ Principe : Convertir les articles en vecteurs numériques ; la similarité sémantique est mesurée par la proximité de ces vecteurs. Démarche : Résumé des articles via Gemini-2.5-flash. Conversion des résumés en vecteurs (embeddings) par Gemini-embedding-001. Calcul de la similarité entre vecteurs par similarité cosinus. Affichage des 3 articles les plus pertinents (>0.75) dans le frontmatter Hugo. Bilan : Approche "résumé et embedding" efficace, pragmatique et améliorant l'engagement des lecteurs. Outillage Composer : Nouveau modèle d'agent rapide pour l'ingénierie logicielle - https://cursor.com/blog/composer Composer est un modèle d'agent conçu pour l'ingénierie logicielle qui génère du code quatre fois plus rapidement que les modèles similaires Le modèle est entraîné sur de vrais défis d'ingénierie logicielle dans de grandes bases de code avec accès à des outils de recherche et d'édition Il s'agit d'un modèle de type mixture-of-experts optimisé pour des réponses interactives et rapides afin de maintenir le flux de développement L'entraînement utilise l'apprentissage par renforcement dans divers environnements de développement avec des outils comme la lecture de fichiers, l'édition, les commandes terminal et la recherche sémantique Cursor Bench est un benchmark d'évaluation basé sur de vraies demandes d'ingénieurs qui mesure la correction et le respect des abstractions du code existant Le modèle apprend automatiquement des comportements utiles comme effectuer des recherches complexes, corriger les erreurs de linter et écrire des tests unitaires L'infrastructure d'entraînement utilise PyTorch et Ray avec des kernels MXFP8 pour entraîner sur des milliers de GPUs NVIDIA Le système exécute des centaines de milliers d'environnements de codage sandboxés concurrents dans le cloud pour l'entraînement Composer est déjà utilisé quotidiennement par les développeurs de Cursor pour leur propre travail Le modèle se positionne juste derrière GPT-5 et Sonnet 4.5 en termes de performance sur les benchmarks internes Rex sur l'utilisation de l'IA pour les développeurs, un gain de productivité réel et des contextes adaptés https://mcorbin.fr/posts/2025-10-17-genai-dev/ Un développeur avec 18 ans d'expérience partage son retour sur l'IA générative après avoir changé d'avis Utilise exclusivement Claude Code dans le terminal pour coder en langage naturel Le "vibe coding" permet de générer des scripts et interfaces sans regarder le code généré Génération rapide de scripts Python pour traiter des CSV, JSON ou créer des interfaces HTML Le mode chirurgien résout des bugs complexes en one-shot, exemple avec un plugin Grafana fixé en une minute Pour le code de production, l'IA génère les couches repository, service et API de manière itérative, mais le dev controle le modele de données Le développeur relit toujours le code et ajuste manuellement ou via l'IA selon le besoin L'IA ne remplacera pas les développeurs car la réflexion, conception et expertise technique restent essentielles La construction de produits robustes, scalables et maintenables nécessite une expérience humaine L'IA libère du temps sur les tâches répétitives et permet de se concentrer sur les aspects complexes ce que je trouve interessant c'est la partie sur le code de prod effectivement, je corrige aussi beaucoup les propositions de l'IA en lui demandant de faire mieux dans tel ou tel domaine Sans guide, tout cela serait perdu Affaire a suivre un article en parallele sur le métier de designer https://blog.ippon.fr/2025/11/03/lia-ne-remplace-pas-un-designer-elle-amplifie-la-difference-entre-faire-et-bien-faire/ Plus besoin de se rappeler les racourcis dans IntelliJ idea avec l'universal entry point https://blog.jetbrains.com/idea/2025/11/universal-entry-point-a-single-entry-point-for-context-aware-coding-assistance/ IntelliJ IDEA introduit Command Completion, une nouvelle façon d'accéder aux actions de l'IDE directement depuis l'éditeur Fonctionne comme la complétion de code : tapez point (.) pour voir les actions contextuelles disponibles Tapez double point (..) pour filtrer et n'afficher que les actions disponibles Propose des corrections, refactorings, génération de code et navigation selon le contexte Complète les fonctionnalités existantes sans les remplacer : raccourcis, Alt+Enter, Search Everywhere Facilite la découverte des fonctionnalités de l'IDE sans interrompre le flux de développement En Beta dans la version 2025.2, sera activé par défaut dans 2025.3 Support actuel pour Java et Kotlin, avec actions spécifiques aux frameworks comme Spring et Hibernate Homebrew, package manage pour macOS et Linux passe en version 5 https://brew.sh/2025/11/12/homebrew-5.0.0/ Téléchargements Parallèles par Défaut : Le paramètre HOMEBREW_DOWNLOAD_CONCURRENCY=auto est activé par défaut, permettant des téléchargements concurrents pour tous les utilisateurs, avec un rapport de progression. Support Linux ARM64/AArch64 en Tier 1 : Le support pour Linux ARM64/AArch64 a été promu au niveau "Tier 1" (support officiel de premier plan). Feuille de Route pour les Dépréciations macOS : Septembre 2026 (ou plus tard) : Homebrew ne fonctionnera plus sur macOS Catalina (10.15) et versions antérieures. macOS Intel (x86_64) passera en "Tier 3" (fin du support CI et des binaires précompilés/bottles). Septembre 2027 (ou plus tard) : Homebrew ne fonctionnera plus sur macOS Big Sur (11) sur Apple Silicon ni du tout sur Intel (x86_64). Sécurité et Casks : Dépréciation des Casks sans signature de code. Désactivation des Casks échouant aux vérifications Gatekeeper en septembre 2026. Les options --no-quarantine et --quarantine sont dépréciés pour ne plus faciliter le contournement des fonctionnalités de sécurité de macOS. Nouvelles Fonctionnalités & Améliorations : Support officiel pour macOS 26 (Tahoe). brew bundle supporte désormais l'installation de packages Go via un Brewfile. Ajout de la commande brew info --sizes pour afficher la taille des formulae et casks. La commande brew search --alpine permet de chercher des packages Alpine Linux. Architecture Selon l'analyste RedMonk, Java reste très pertinent dans l'aire de l'IA et des agents https://redmonk.com/jgovernor/java-relevance-in-the-ai-era-agent-frameworks-emerge/ Java reste pertinent à l'ère de l'IA, pas besoin d'apprendre une pile technique entièrement nouvelle. Capacité d'adaptation de Java ("anticorps") aux innovations (Big Data, cloud, IA), le rendant idéal pour les contextes d'entreprise. L'écosystème JVM offre des avantages sur Python pour la logique métier et les applications sophistiquées, notamment en termes de sécurité et d'évolutivité. Embabel (par Rod Johnson, créateur de Spring) : un framework d'agents fortement typé pour JVM, visant le déterminisme des projets avant la génération de code par LLM. LangChain4J : facilite l'accès aux capacités d'IA pour les développeurs Java, s'aligne sur les modèles d'entreprise établis et permet aux LLM d'appeler des méthodes Java. Koog (Jetbrains) : framework d'agents basé sur Kotlin, typé et spécifique aux développeurs JVM/Kotlin. Akka : a pivoté pour se concentrer sur les flux de travail d'agents IA, abordant la complexité, la confiance et les coûts des agents dans les systèmes distribués. Le Model Context Protocol (MCP) est jugé insuffisant, manquant d'explicabilité, de découvrabilité, de capacité à mélanger les modèles, de garde-fous, de gestion de flux, de composabilité et d'intégration sécurisée. Les développeurs Java sont bien placés pour construire des applications compatibles IA et intégrer des agents. Des acteurs majeurs comme IBM, Red Hat et Oracle continuent d'investir massivement dans Java et son intégration avec l'IA. Sécurité AI Deepfake, Hiring … A danger réel https://www.eu-startups.com/2025/10/european-startups-get-serious-about-deepfakes-as-ai-fraud-losses-surpass-e1-3-billion/ Pertes liées aux deepfakes en Europe : > 1,3 milliard € (860 M € rien qu'en 2025). Création de deepfakes désormais possible pour quelques euros. Fraudes : faux entretiens vidéo, usurpations d'identité, arnaques diverses. Startups actives : Acoru, IdentifAI, Trustfull, Innerworks, Keyless (détection et prévention). Réglementation : AI Act et Digital Services Act imposent transparence et contrôle. Recommandations : vérifier identités, former employés, adopter authentification multi-facteurs. En lien : https://www.techmonitor.ai/technology/cybersecurity/remote-hiring-cybersecurity 1 Candidat sur 4 sera Fake en 2028 selon Gartner research https://www.gartner.com/en/newsroom/press-releases/2025-07-31-gartner-survey-shows-j[…]-percent-of-job-applicants-trust-ai-will-fairly-evaluate-them Loi, société et organisation Amazon - prévoit supprimer 30.000 postes https://www.20minutes.fr/economie/4181936-20251028-amazon-prevoit-supprimer-30-000-emplois-bureau-selon-plusieurs-medias Postes supprimés : 30 000 bureaux Part des effectifs : ~10 % des employés corporatifs Tranche confirmée : 14 000 postes Divisions touchées : RH, Opérations, Devices & Services, Cloud Motifs : sur-recrutement, bureaucratie, automatisation/IA Accompagnement : 90 jours pour poste interne + aides Non concernés : entrepôts/logistique Objectif : concentrer sur priorités stratégiques NTP a besoin d'argent https://www.ntp.org/ Il n'est que le protocole qui synchronise toutes les machines du monde La fondation https://www.nwtime.org/ recherche 11000$ pour maintenir son activité Rubrique débutant Une plongée approfondie dans le démarrage de la JVM https://inside.java/2025/01/28/jvm-start-up La JVM effectue une initialisation complexe avant d'exécuter le code : validation des arguments, détection des ressources système et sélection du garbage collector approprié Le chargement de classes suit une stratégie lazy où chaque classe charge d'abord ses dépendances dans l'ordre de déclaration, créant une chaîne d'environ 450 classes même pour un simple Hello World La liaison de classes comprend trois sous-processus : vérification de la structure, préparation avec initialisation des champs statiques à leurs valeurs par défaut, et résolution des références symboliques du Constant Pool Le CDS améliore les performances au démarrage en fournissant des classes pré-vérifiées, réduisant le travail de la JVM L'initialisation de classe exécute les initialiseurs statiques via la méthode spéciale clinit générée automatiquement par javac Le Project Leyden introduit la compilation AOT dans JDK 24 pour réduire le temps de démarrage en effectuant le chargement et la liaison de classes en avance de phase Pas si débutant finalement Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 19-21 novembre 2025 : Agile Grenoble - Grenoble (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 24 novembre 2025 : Forward Data & AI Conference - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 4-5 décembre 2025 : Agile Tour Rennes - Rennes (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 11 décembre 2025 : Normandie.ai 2025 - Rouen (France) 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 22 janvier 2026 : DevCon #26 : sécurité / post-quantique / hacking - Paris (France) 29-31 janvier 2026 : Epitech Summit 2026 - Paris - Paris (France) 2-5 février 2026 : Epitech Summit 2026 - Moulins - Moulins (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 3-4 février 2026 : Epitech Summit 2026 - Lille - Lille (France) 3-4 février 2026 : Epitech Summit 2026 - Mulhouse - Mulhouse (France) 3-4 février 2026 : Epitech Summit 2026 - Nancy - Nancy (France) 3-4 février 2026 : Epitech Summit 2026 - Nantes - Nantes (France) 3-4 février 2026 : Epitech Summit 2026 - Marseille - Marseille (France) 3-4 février 2026 : Epitech Summit 2026 - Rennes - Rennes (France) 3-4 février 2026 : Epitech Summit 2026 - Montpellier - Montpellier (France) 3-4 février 2026 : Epitech Summit 2026 - Strasbourg - Strasbourg (France) 3-4 février 2026 : Epitech Summit 2026 - Toulouse - Toulouse (France) 4-5 février 2026 : Epitech Summit 2026 - Bordeaux - Bordeaux (France) 4-5 février 2026 : Epitech Summit 2026 - Lyon - Lyon (France) 4-6 février 2026 : Epitech Summit 2026 - Nice - Nice (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 26-27 mars 2026 : SymfonyLive Paris 2026 - Paris (France) 27-29 mars 2026 : Shift - Nantes (France) 31 mars 2026 : ParisTestConf - Paris (France) 16-17 avril 2026 : MiXiT 2026 - Lyon (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 6-7 mai 2026 : Devoxx UK 2026 - London (UK) 22 mai 2026 : AFUP Day 2026 Lille - Lille (France) 22 mai 2026 : AFUP Day 2026 Paris - Paris (France) 22 mai 2026 : AFUP Day 2026 Bordeaux - Bordeaux (France) 22 mai 2026 : AFUP Day 2026 Lyon - Lyon (France) 17 juin 2026 : Devoxx Poland - Krakow (Poland) 11-12 juillet 2026 : DevLille 2026 - Lille (France) 4 septembre 2026 : JUG Summer Camp 2026 - La Rochelle (France) 17-18 septembre 2026 : API Platform Conference 2026 - Lille (France) 5-9 octobre 2026 : Devoxx Belgium - Antwerp (Belgium) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

In this episode, Dave and Jamison answer these questions: “My manager insists on a weekly 1:1 with me, but he rarely pays attention. He's often on his laptop, texting, checking email — basically anything but listening. I've tried sending agendas, rescheduling, reducing frequency, waiting until he's less busy — nothing helps. I've even started sitting in silence until he notices I've stopped talking, but that only works for a minute. This has caused real problems. For example, he almost had me cancel a million-dollar project because he misheard me say “Java” instead of “JavaScript.” When he finally realized I was right, he said, “Every time I heard Java I automatically tuned out.” How do I handle a 1:1 with a manager who won't pay attention, without risking my work or my relationship with him?” “I've worked for a big retailer for 10 years now and I used to really enjoy it. I liked my team a lot, problems we worked on, technologies we used. Unfortunately the last few yours brought a few rounds of layoffs and my old team doesn't exist anymore and the new team is pretty much awful. They're all on the East Coast, while I'm on the West Coast. I'm required to work EST hours but also to commute to the office 5 days a week and sit there alone and talk to my team on zoom. I'm a staff software engineer and I haven't been programming much for the past year. Most of my time is spent in calls, I start every day with the same 3 calls. I live 50 miles from the office and I take a company shuttle that leaves at 7am. I'm required to join the calls from my phone. I leave for work at 6:30am, I'm back at home at 6:30pm. A few times a week I need to do deployment at 10pm. I tried speaking to my manager and to my director. They don't care. My every attempt to improve our processes is met with opposition. My manager is afraid of changes. I can't believe this is where I am but I'm too tired to prepare for job hunting. I can't afford to quit. I don't know how to get myself on track and dust off my programming and interviewing skills. I'm praying they'll lay me off so that I can use the severance to do all those things. But this isn't really a plan, it's wishful thinking, and I'm afraid that my career options are getting worse by the minute. Do you have any advice on how to get myself out of this hell hole?”

It feels great to finally be back on the mic after a stretch of travel, work, and general chaos, and in this episode we're diving into a topic that's been coming up more and more in everyday developer conversations: how to actually use AI in your JavaScript development workflow. This isn't about adding AI features to your app — it's about using LLMs and AI-powered tools as part of your day-to-day coding practice.We talk through the tools we each rely on, how they've changed the way we write code, where they fall short, and where they can save hours of work. We also dig into the real differences between “AI-assisted coding” and “vibe coding,” the unexpected pitfalls of having AI write your tests, and the growing concerns juniors are facing in a job market that looks very different than it did just a few years ago. If you're trying to figure out how to work with AI without losing your sanity (or your code quality), this one's worth a listen.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

What if your podcast, artwork, 3D model — or even your AI agent — could earn money without YouTube, Patreon, or middlemen?In this week's episode, George Hu, founder of Dunback Meadow, reveals how his decentralized blockchain platform is building the economic layer of the agentic web, where AI agents negotiate, transact, and pay each other in real time. From mechanical engineer to blockchain innovator, George shares: Why 99% of crypto projects fail (and how Dunback Meadow survives) How to create a personal AI agent in under 60 seconds (live demo!) Why your content has real value - and how to license it directly to humans or AI The future of agent-to-agent commerce with crypto wallets and micro-payments Plus: Live screen-share - Kyle builds his first AI agent on air!Whether you're a creator, trader, or AI enthusiast, this episode will shift how you think about ownership, income, and the internet's next evolution.Start now: www.dunbackmeadow.com - Free signup, no code needed Art Contest Alert: Submit by late November 2025 for crypto prizes & exposure!Subscribe, share, and join the trading conversations on Facebook, Twitter, LinkedIn and Discord!Sponsors and FriendsOur podcast is sponsored by Sue Maki at Fairway Independent Mortgage (MLS# 206048). Licensed in 38 states, if you need anything mortgage-related, reach out to her at SMaki@fairwaymc.com or give her a call at (520) 977-7904. Tell her 2 Bulls sent you to get the best rates available!If you are interested in signing up with TRADEPRO Academy, you can use our affiliate link here. We receive compensation for any purchases made when using this link, so it's a great way to support the show and learn at the same time! **Use code CHINASHOP15 to save 15%**To contact us, you can email us directly at bandoftraderspodcast@gmail.com Check out our directory for other amazing interviews we've done in the past!If you like our show, please let us know by rating and subscribing on your platform of choice!If you like our show and hate social media, then please tell all your friends!If you have no friends and hate social media and you just want to give us money for advertising to help you find more friends, then you can donate to support the show here!George: A former mechanical engineering consultant with over a decade of hands-on design experience, George Hu made the leap into blockchain in 2018 after attending a Harvard blockchain conference that “hooked” him on its revolutionary potential.Frustrated by failed ventures and the “chicken-and-egg” problem of product vs. funding, George taught himself modern coding (JavaScript, Solidity) and built Dunback Meadow from the ground up.Dunback Meadow is a decentralized, multi-format content and AI agent marketplace… Think YouTube meets OpenSea meets Patreon but powered by blockchain. Creators upload podcasts, videos, art, 3D models, or AI agents and license them directly to humans or AI, with instant crypto payouts.George's vision: Become the economic layer of the “agentic web” - where trillions of AI agents transact autonomously, negotiate contracts, and pay each other in real time.No middlemen. No ad revenue splits. Just creators owning their value.Try it free: dunbackmeadow.comCurrent Event: Art Contest (Nov 2025) – Win crypto + global exposureAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Mazen talks with Alex Lanclos from Skylight about how they power their wildly popular smart displays with React Native! Mazen and Alex dig into architecture upgrades, performance wins, and why Skylight is so excited about the framework's future. Show NotesSkylightRNR 328 - Flashlight with Alexandre MoureauxRNR 325 - Legend List with Jay Meistrich Connect With Us!Mazen Chami: @mazenchamiReact Native Radio: @reactnativerdio This episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in Watchguard products. This was a documented username and password that was recently removed in a firmware upgrade. https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt https://nvd.nist.gov/vuln/detail/CVE-2025-59396 JavaScript expr-eval Vulnerability The JavaScript expr-eval library was vulnerable to a code execution issue. https://www.kb.cert.org/vuls/id/263614

You'll learn the six core JS skills to master before frameworks, why TC39 keeps changing the language, and how to test your skills with a challenge you can access below.

Welcome back to The CSS Podcast! Una and Bramus dive into CSS anchor positioning, a powerful new API that revolutionizes how developers handle dynamic UI element placement. Learn how to create interactive tooltips, popovers, and menus directly in CSS, eliminating the need for complex JavaScript.   Resources: CSS anchor positioning → https://goo.gle/3KvYYeZ  Anchor position tool → https://goo.gle/4gOYooL  Follow-the-leader pattern with CSS anchor positioning → https://goo.gle/46s0kQD  Anchor queries - Reposition tether arrow  → https://goo.gle/42fXtI1    Una Kravets (co-host) Bluesky | Twitter | YouTube | WebsiteMaking the web more colorful @googlechrome  Bramus Van Damme (co-host) Bluesky | Mastodon | YouTube | Website@GoogleChrome CSS DevRel; @CSSWG; Scuba Diver

Go With The Flow: Automating Amazon Data Scraping with Bookmarklets and Chrome Extensions Episode Overview In this episode, Danny and Ritu delve into creative methods for automating data scraping from Amazon pages using bookmarklets and Chrome extensions. They explore different approaches to gather valuable insights while emphasizing the importance of viewing challenges from multiple perspectives. This episode explores automation and data scraping techniques, creative approaches to workflow optimization with practical insights for immediate implementation. Key Takeaways Automation of Amazon data extraction can be achieved through bookmarklets and Chrome extensions, enhancing workflow efficiency. Understanding the structure of Amazon product pages and applying creative coding techniques can result in more efficient data scraping. Chapter Markers Time Chapter Description 00:01 Introduction Danny welcomes listeners and introduces the theme of the episode, highlighting a shared experience in automation. 01:40 Understanding Amazon's Taxonomy Database Danny discusses the complexities of Amazon's taxonomy database and how content in listings impacts product types. 05:00 Automation in Data Collection Ritu and Danny explain different ways to automate mundane tasks of scraping data from Amazon product pages. 09:11 Scraping Mechanics Explained Ritu breaks down the mechanics of how scraping works, particularly focusing on the Document Object Model (DOM). 18:20 Introduction to Bookmarklets Ritu explains bookmarklets and their function as JavaScript executing buttons on browser pages. 25:21 Creating a Chrome Extension Ritu discusses the creation of a Chrome plugin to automate checking the arrival date of multiple products on Amazon. 30:05 Advanced Scraping Techniques Danny discusses the depth of information available on Amazon product pages and the importance of efficient data extraction. 49:01 Developing a Storyboard Generator Danny reveals the development of a storyboard generator that aids in creating compelling visual content. 57:12 Conclusion and Future Directions Danny and Ritu summarize the episode's insights and encourage listeners to experiment with their scraping techniques. Notable Quotes "If you can be as creative as possible and then you've got people around you that put guard rails in place, you'll be surprised at the level of skill set needed." Resources Mentioned

In this episode, Matt and Mike compare JavaScript and Python for building LLM-powered chatbots. They explore how each ecosystem handles tool calling, type safety, performance, and framework support — from TypeScript's tight end-to-end types to Python's dominance in data and ML. They also discuss architecture patterns that mix the best of both worlds, helping teams choose the right stack for scalable, efficient AI projects. Show Notes: https://www.htmlallthethings.com/podcast/javascript-vs-python-which-is-better-for-building-llm-chatbots Powered by CodeRabbit - AI Code Reviews: https://coderabbit.link/htmlallthethings Use our Scrimba affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.

Hey everyone—it's Steve Edwards here, and in this episode of JavaScript Jabber, I'm joined by returning guest Feross Aboukhadijeh, founder of Socket.dev, for a deep dive into the dark and fascinating world of open source supply chain security. From phishing campaigns targeting top NPM maintainers to the now-infamous Chalk library compromise, we unpack the latest wave of JavaScript package attacks and what developers can learn from them.Feross explains how some hackers are even using AI tools like Claude and Gemini as part of their payloads—and how defenders like Socket are fighting back with AI-powered analysis of their own. We also dive into GitHub Actions vulnerabilities, the role of two-factor authentication, and the growing need for “phishing-resistant 2FA.” Whether you're an open source maintainer or just someone who runs npm install a little too often, this episode will open your eyes to how much happens behind the scenes to keep your code safe.

Most AI agent frameworks are backend-focused and written in Python, which introduces complexity when building full-stack AI applications with JavaScript or TypeScript frontends. This gap makes it harder for frontend developers to prototype, integrate, and iterate on AI-powered features. Mastra is an open-source TypeScript framework focused on building AI agents and has primitives such as The post Building AI Agents on the Frontend with Sam Bhagwat and Abhi Aiyer appeared first on Software Engineering Daily.

Welcome back to The CSS Podcast! We're diving into a series of powerful scroll APIs that enable you to build custom, interactive carousels entirely with CSS, eliminating the need for JavaScript. These APIs, which also power customizable select elements, unlock even more innovative scroll-based experiences Resources: Carousels with CSS → https://goo.gle/46PES79 ::scroll-marker → https://goo.gle/4mEd3o8 CSS Carousel Gallery → https://goo.gle/46Odsyp Carousel Configurator → https://goo.gle/46KEir4  Una Kravets (co-host) Twitter | Instagram | YouTube Making the web more colorful ✨

Robert and Chris hop on the show to talk about choices we've had to make around Babel. Probably the best way to use Babel is to just use the @babel/preset-env plugin so you get modern JavaScript features processed down to a level of browser support you find comfortable. But Babel supports all sorts of plugins, and in our Classic Editor, all you do is select "Babel" from a dropdown menu and that's it. You don't see the config nor can you change it, and that config we use does not use preset env. So we're in an interesting position with the 2.0 editor. We want to give new Pens, which do support editable configs, a good modern config, and we want all converted Classic Pens a config that doesn't break anything. There is some ultra-old cruft in that old config, and supporting all of it felt kinda silly. We could support a "legacy" Babel block that does support all of it, but so far, we've decided to just provide a config that handles the vast majority of old stuff, while using the same Babel block that everyone will get on day one. We're still in the midst of working on our conversion code an verifying the output of loads of Classic Pens, so we'll see how it goes! Time Jumps

Maintaining consistency across a sprawling codebase is one of the hardest challenges in software engineering. Denis Rechkunov, a Principal Software Engineer at Elastic, joins Robby to share how his team turned consistency into a cultural practice rather than a technical checklist. From managing open source projects with hundreds of contributors to experimenting safely with new patterns, Denis believes maintainability begins with shared ownership, not just clean code.He explains how Elastic introduced automation and linters to improve cohesion without discouraging creativity. Instead of enforcing perfection across the entire system, Denis' team scopes their changes to manageable areas and rewards steady progress over sweeping rewrites. Their annual “On Week” tradition gives engineers space to fix what frustrates them most, showing how small, focused bursts of work can produce big leaps in stability and morale.The conversation also explores the human side of maintainability. Denis recalls early lessons about unclear expectations, the importance of documenting decisions in public pull requests, and how open feedback loops build trust across remote teams. Whether it's stabilizing a flaky CI pipeline or mentoring new engineers, Denis argues that technical excellence thrives when consistency becomes a habit shared by everyone.Episode Highlights[00:01:02] Defining Well-Maintained SoftwareDenis identifies consistency, documentation, testability, and agility as the key ingredients of maintainable systems.[00:02:22] Balancing Standards and AutonomyHow automation and linters help preserve code cohesion while minimizing interpersonal friction.[00:04:08] Experimenting SafelyElastic scopes new patterns to low-risk modules before broader adoption, avoiding mass rewrites.[00:07:19] Incremental CleanupLinters only apply to changed files, helping the team fix issues gradually without overwhelming contributors.[00:08:02] Maintainability as a People ProblemDenis highlights that sustainable systems depend more on culture and mentorship than on architecture.[00:10:13] Lessons from MiscommunicationAn early experience showed the cost of undocumented conventions and unclear onboarding.[00:17:09] Making Space for Technical DebtElastic's engineers dedicate part of each sprint and an annual “On Week” to tackle maintenance work.[00:23:05] Restoring CI ReliabilityDenis shares how the team revived a pipeline with only a 10% success rate by categorizing failures and focusing on data.[00:32:00] Practicing Software ArchaeologyHe stresses the value of documenting discussions in pull requests to avoid historical guesswork later.[00:36:09] Feedback and TrustOpen communication, humility, and mutual feedback loops form the backbone of a maintainable culture.[00:51:00] Embracing Chaos in Open SourceDenis encourages teams to accept a degree of entropy and focus their efforts on user-facing stability.[01:00:00] Security and PrivacyWhy maintainability, trust, and privacy are inseparable pillars of long-term sustainability.[01:01:06] Where to StartInstead of rewriting code, start by cultivating maintainability as a shared value across the team.Resources MentionedElasticgolangci-lintAppSignalThe Caves of Steel by Isaac Asimov — Denis' recommendation inspired Robby to finally pick up a copy and start reading it himself.Denis's Blog – rdner.deDenis on GitHubDenis on MastodonDenis on LinkedInThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.