Hi, I'm JamieTanna (he/him/his), and I'm currently a Senior Software Engineer at Elastic.
I currently live in Nottingham with my partner Anna Dodson and our cat Morph and our puppy Cookie.
I use my site as a method of blogging about my learnings, as well as sharing information about projects I have
previously, or are currently, working on in my spare time.
I'm a GNU/Linux user, a big advocate for the Free Software Movement, and the IndieWeb movement and I try to self host my own services where possible,
instead of relying on other providers.
I have ADHD (Inattentive Type) and am learning how to make my life work better around it.
Drop me an email at hi@jamietanna.co.uk, or
using any of the other social links below.
Calling Gophers of Manchester!
We are excited to announce our next Manchester Gophers meetup! This meetup is for everyone of all skill levels in Go.
❗Please provide your
We talk with Don MacKinnon, Co-founder and CTO of Searchcraft—a lightspeed search engine built in Rust. We dig into the future of search, how it blends vector embeddings with classic ranking, and what it takes to build developer-friendly, production-grade search from the ground up.
vscode-go v0.48.0 released with golangci-lint v2 supportgolangci-lint v2 showcase and interview with Ldez, episode 104LookPath bug: incorrect expansion of "" and "." in some PATH configurations🛠️ Proposal: cmd/fix: remove all functionalityUnexpected security footguns in Go's parsers by Vasco...
Thorsten Ball returned to Sourcegraph to work on Amp because he believes being able to talk to an alien intelligence that edits your code changes everything. On this episode, Thorsten joins us to discuss exactly how coding agents work, recent advancements in AI tooling, Amp's uniqueness in a sea of competitors, the div...
We finally did it! After recording an episode of @fallthrough.fm, @matthewsanabria.dev and I recorded our post show discussion (featuring @www.jvt.me!).
That’ll be shipping alongside next week’s episode, which includes the wonderful @steveklabnik.com as well!
Whether you're talking to another person, talking to a computer, or just talking to yourself, we use languages every day. For a long time now, there's been a debate about whether natural languages and programming languages are distinct from each other. The creation of large language models and...
We're excited to welcome you back to Batch Bunch on Monday, 14th July (7:00pm - 9:00pm) at The Dice Cup (68-70 Mansfield Rd, Nottingham NG1 3GY).
Bring along…
In episode 27, the panel discussed what languages are, what it means to know things, and what meaning is. In this bonus episode, we extend that conversation to discuss how language affects the tech...
Some tips for making Renovate work even better when working on a large multi-team monorepo, where each team has different requirements for their Renovate usage.
<p>Ted Danson and Jeff Bridges have deep ties! In this episode they get into Jeff’s harrowing experience in the hospital, the music in “Crazy Heart,” how Jeff was practically made to play The Dude in “The Big Lebowski,” how he initially struck out with his now wife, and his starring role in the Hulu thriller “The Old Man.” Bonus: Jeff and Ted ponder the mysteries of marriage. </p><p> </p><p>Like watching your podcasts? Visit <a href="http://youtube.com/teamcoco">http://youtube.com/teamcoco</a> to see full episodes.</p>
<p>Ted Danson can’t help but grin in anticipation whenever he sees the very funny actor and comedian Fred Armisen. Fred talks to Ted about his experience of learning his true ancestry on Finding Your Roots, his showbiz start in Blue Man Group, going from drumming in bands to performing on Saturday Night Live, and more. </p><p>To help those affected by the Southern California wildfires, make a donation to World Central Kitchen today.</p><p>Like watching your podcasts? Visit <a href="http://youtube.com/teamcoco">http://youtube.com/teamcoco</a> to see full episodes. </p>
In this episode we talk about Wordware, programming with LLMs, and what it now means to be a developer. Robert and Filip explain how they're building tools that...
Our old friend Chris McCord, creator of Elixir's Phoenix framework, tells us all about his new remote AI runtime for building Phoenix apps. Along the way, we vibe code one of my silly app ideas, calculate all the money we're going to spend on these tools, and get existential about what it all means.
Chris Anderson joins the show. You may recognize Chris from the early days of CouchDB and Couchbase. Back when the world was just waking up to NoSQL, Chris was at the center of it all, shaping how developers think about data distribution and offline-first architecture.
These days, Chris is working on Vibes.diy and Fir...
ngrok Go SDK v2 released🚁 Go 1.25 interactive tour by Anton ZhiyanovJSON evolution in Go: from v1 to v2 by Anton Zhiyanov📘 Free eBook: Data Serialization in Go by Jonathan HallJSON BenchmarksLightning Round🐍 charm FangYouTube short: CoPilot API is written in Go⌨️ Typst: Compose text fasterJeremy...
This week on The Business of Open Source, I spoke with Nick Veenhof, Director of Contributor Success at GitLab. GitLab has probably the most well-articulated open source strategy out there, and we talked about the two main prongs of that strategy, the co-create strategy and the dual flywheel...
Listen to Still Panicking: How to Pass your Theory Test from Nobody Panic. Still Panicking: Stevie has been smashing it in the latest series of Taskmaster. To celebrate, this week we look back at some practical How-Tos to help guide you through tasks of your own.Stevie recently passed and has many thoughts. Tessa passed a couple of decades ago before there was an app. If you’ve been putting off booking your theory test because you’re worried about failing, or have it looming in a few weeks, this is the episode for you.Recorded and edited by Aniya Das for Plosive.Photos by Marco Vittur, jingle by David Dobson.
Tony Holdstock-Brown is the CEO and founder of Inngest, a tool to run AI and backend workflows at scale.This episode is brought to you by WorkOS. If you're thin...
This week on The Business of Open Source I talked with Alya Abbott, COO of Zulip, about managing community contributors. This is a hot topic for open source companies — and for that matter, open source projects in general, including those that aren’t being monetized in any way. It’s a bit of a...
Go 1.25rc1 releasedOpinion: Go should be more opinionated by Elton MinettoBlog: HTTP QUERY and Go by Kevin McDonaldInterview with Redowan DelowarBlog post: You probably don't need a DI frameworkBlogFx dependency injection framework for GoBlog: How I program with agents
Jerod tells Adam about how bad he hates the taste of Gin, sips on some Generative A Rye (on the rocks), they open the comments section for a bit, and then land the plane talking about being alone, naked, and afraid.
In this episode, Abi Noda speaks with Gilad Turbahn, Head of Developer Productivity, and Amy Yuan, Director of Engineering at Snowflake, about how their team builds and sustains operational excellence. They break down the practices and principles that guide their work—from creating two-way...
I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying open source software packages. We dive into how PURLs provide a universal, common-sense standard that is becoming essential for the future of SBOMs and securing the software supply chain. The show notes and blog post for this episode can be found at
Today's history lesson is about the non-markup language platform engineers love to hate, YAML Ain't Markup Language (YAML). Ingy tells us all about how and why it started, how it evolved over time, and what's happening next with YS. Note: sorry about the audio issues in this episode. We did our...
Jerod is joined by Carson Gross, the creator of htmx –a small, zero-dependency JavaScript library that he says, "completes HTML as a hypertext". Carson built it because he's big on hypermedia, he even wrote a book called Hypermedia Systems. Carson has a lot of strong opinions weakly held that we dive into in this conve...
In this episode of The Tech Trek, Amir sits down with Matt Moore, CTO and co-founder of Chainguard, to explore the escalating importance of software supply chain security. From Chainguard’s origin story at Google to the systemic risks enterprises face when consuming open source, Matt shares the lessons, best practices, and technical innovations that help make open source software safer and more reliable. The conversation also touches on AI’s impact on the attack surface, mitigating threats with engineering rigor, and why avoiding long-lived credentials could be your best defense.🔑 Key Takeaways:Security Starts with Engineering: Doing engineering right makes security (and even compliance) much easier.Control the Full Chain: Building from source and applying best practices at every build stage significantly reduces exposure to CVEs.Attackers Exploit the Edges: Most attacks start small—with a leaked credential or compromised dependency—and cascade through the ecosystem.AI Introduces New Vectors: As AI tools integrate deeper into dev workflows, they bring both value and new risks that require thoughtful containment.You Can’t Leak What You Don’t Have: Eliminating long-lived credentials is one of the simplest and most effective ways to reduce breach risk.⏱ Timestamped Highlights:00:45 – What Chainguard does: securing open source consumption and curating safe containers.02:56 – Chainguard’s origin story and co-founders’ experience at Google.06:50 – Building minimal, hardened container images from source to mitigate CVEs.09:40 – Real-world example: how compiler hardening flags protected Chainguard from a high-severity CVE.10:59 – The invisible sprawl of open source in enterprise stacks—from Kubernetes to AWS SDKs.15:45 – How leaked credentials power cascading supply chain attacks.22:30 – “You can't leak what you don't have”: Chainguard's credential-less auth approach.24:30 – Most breaches come from known vulnerabilities—not zero-days.25:38 – AI and security: new use cases, new threats, and the need for explainability.30:41 – AI adoption in enterprises: security best practices still apply, just to new tools and risks.34:43 – Learn more at chainguard.dev and explore hardened images at images.chainguard.dev.💼 Career Tips (from the episode):Don’t wait for zero-days: Most real-world breaches stem from unpatched, well-known vulnerabilities. Ship secure, stay patched.Build from source: If you're in a security or DevOps role, aim to build and control your stack from the source code up—this provides auditability and trust.Engineering rigor is a differentiator: Whether you're launching a startup or working in enterprise tech, applying fundamental engineering principles helps you scale securely.📚 Resources Mentioned:🛡️ OpenSSF Projects – e.g., SIGstore, Scorecards, SLSA.🛠 Projects Mentioned: Kubernetes, Istio, Flux, Tekton, Cert-Manager, Cloud Code.💬 Quote of the Episode:“If you do engineering right, security becomes easier. And if you do security right, compliance becomes easier.” — Matt Moore
Utpal Nadiger is the cofounder of Digger.dev. Digger built a popular open source IaC orchestration tool. Their new product Infrabase is an AI DevOps agent that ...
In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security.
00:00 Introduction and Guest Welcome
00:19 Mike's Background and Role in Open Source
01:35 Exploring SLSA and GUAC Projects
04:57 Cyber Resiliency Act Overview
06:54 OpenSSF Security Baseline
11:29 Encouraging Community Involvement
18:39 Final Thoughts
Resources:
OpenSSF's OSPS Baseline
GUAC
SLSA
KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman
Guest:
Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.