Post details
Utpal Nadiger is the cofounder of Digger.dev. Digger built a popular open source IaC orchestration tool. Their new product Infrabase is an AI DevOps agent that ...

Utpal Nadiger is the cofounder of Digger.dev. Digger built a popular open source IaC orchestration tool. Their new product Infrabase is an AI DevOps agent that ...
In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security. 00:00 Introduction and Guest Welcome 00:19 Mike's Background and Role in Open Source 01:35 Exploring SLSA and GUAC Projects 04:57 Cyber Resiliency Act Overview 06:54 OpenSSF Security Baseline 11:29 Encouraging Community Involvement 18:39 Final Thoughts Resources: OpenSSF's OSPS Baseline GUAC SLSA KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman Guest: Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.
Deepak Prabhakara is the CEO and Co-founder of BoxyHQ. BoxyHQ enables you to add plug-and-play enterprise-ready features to your SaaS product.What we coverAn in...
Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," exploring the massive disconnect between the corporate world that consumes open source and the hobbyist community that actually produces it. The conversation reveals this isn't a new problem, but a long-standing reality whose consequences for security, stability, and the future of software we are only now beginning to truly confront. The show notes and blog post for this episode can be found at
Don't forget to visit cupogo dot dev, where you can find links to all the things!🤖 Ezo Saleh - How We Built Rock-Solid Agentic Orchestration with Go🔥 Anubis🥨 Godump - pretty printer🪳 gcassert💧 isLitOrSingle
Josh Twist is the founder of Zuplo, an API gatewayIntroducing Josh Twist, the founder of Zuplo. 0:00Zuplo vs Azure API management.How do you make this fit into ...
How do you do onboarding in a way developers actually like?Kilian is the founder of Polypane - The browser for ambitious web developers https://polypane.app/Kil...
Lessons from 100+ DevTool founders - DevTools successes, failures and stories in a free weekly email and podcast.
Justin Searls joins Jerod in Apple's WWDC wake for hot takes about frosty UIs. We go (almost) point-by-point through the keynote, dissecting and reacting along the way. Concentricity!
The Future of Sustainability in Open Source Can open source ever truly be sustainable?In this mind-bending episode, Hazel Weakly guides us through the social, economic, and emotional layers of open...
Getting out there, showing what you're currently doing / learning, starting a blog, creating content to help other software engineers, those are all good way to distinguish yourself. You might want to consider speaking at conferences as well. In this episode we're talking with Matt Boyle about...
Listen to Scott & Mark Learn To... How Not to Ship the Org Chart from Scott & Mark Learn To.... In this episode of Scott & Mark Learn To, Scott Hanselman and Mark Russinovich discuss the concept of shipping the org chart, a term used to describe when different teams' outputs are inconsistently integrated, reflecting the organizational structure rather than a cohesive product. Scott recounts his experience test-driving an electric vehicle with a disjointed interface, which made him question the internal coordination within the automaker. Mark explains how Microsoft addresses this issue through standardization and tooling, emphasizing the need for consistent APIs and user experiences. They also debate the balance between maintaining consistency and fostering innovation, and how large tech companies like Microsoft and Apple manage these challenges. Takeaways: Establishing UX design standards helps maintain a consistent user experience across features Inconsistent design or functionality can impact user perception and trust in a product Integrating quality checks early (shift left) helps prevent issues and reduces later fixes Who are they? View Scott Hanselman on LinkedIn View Mark Russinovich on LinkedIn Listen to other episodes at scottandmarklearn.to Watch Scott and Mark Learn on YouTube Discover and follow other Microsoft podcasts at microsoft.com/podcasts Download the Transcript
Lessons from 100+ DevTool founders - DevTools successes, failures and stories in a free weekly email and podcast.
Hosts Richard, Abby, and Eriol chat with Sarah Rainsberger of Astro about her journey from teaching math to open source, inclusive docs, and using low-tech tools like Chromebooks for coding.
We're on location at Microsoft Build 2025 with Amanda Silver, Corporate Vice President of Microsoft's Developer Division. Amanda leads product, design, user research, and engineering systems for some of the tools you use every day. We discuss the latest AI announcements from Microsoft at Build 2025, how AI is reshaping...
Go 1.24.4 and 1.23.10 releasedCommit 4d1c255: net/http: strip sensitive proxy headers from redirect requests🚫 [ On | No ] syntactic support for error handling by Robert Griesemer💉 You probably don't need a DI framework by Redowan Delowar🌩️ Lightning Round🗳️ Stack Overflow 2025 Developer Survey🪲...
The ever-provocative Steve Yegge joins us fresh off a vibe coding bender so productive, he wrote a book on the topic alongside award-winning author Gene Kim. Steve tells us why he believes the IDE is dead, why babysitting AI agents is more fun than coding, when vibe coding might take over the enterprise, how software d...
We bring you back to Microsoft Build 2025 to nerd out with Craig Loewen on Windows Subsystem for Linux and Mads Torgersen on leading the design of C#.
Last week, our colleague (and frequent Oxide and Friends guest) Steve Klabnik made some new friends on the Internet with a blog entry on AI discourse. Bryan and Adam were joined by Steve to try to de-polarize the discussion a little.In addition to Bryan Cantrill and Adam Leventhal, we were joined...
Welcome back to #define, our game of obscure jargon, fake definitions, and expert tomfoolery. We've gathered some awesome friends, new and old, to see who has the best vocabulary and who can trick the everyone else into thinking that they do.
We all use open source software on a daily basis. Even though the software is free to consume doesn't mean it's free to produce. Over the years, there have been many attempts to support open source...
99 Dev Problems features candid developer conversations on challenges, career growth, and tech trends. With insights, stories, and solutions from those in th...
I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is able to incredible insights into the world of open source. We chat all about how Ecosyste.ms works and how he manages to wrangle all this data. The show notes and blog post for this episode can be found at
Lessons from 100+ DevTool founders - DevTools successes, failures and stories in a free weekly email and podcast.
Listen to Ep 200: Ed Gamble and James Acaster (with special guest genie Rylan Clark) from Off Menu with Ed Gamble and James Acaster. As we round off another hundo, it’s time to flip the table once again and make Ed and James the guest diners in the dream restaurant. Have their choices changed over the last 100 episodes? And will they exploit as many loopholes as their first attempt? And, once again, the genie is transferring his powers to one of our favourite guests from the last century, Rylan Clark!A massive thanks to Rylan for being our guest genie. A huge thank you to you all for listening to our stupid podcast over the last 200 episodes. And an extra special thanks, as per, to No Context Off Menu, for memeing the heck out of us (follow them @nocontxtoffmenu). Recorded by and edited by Ben Williams for Plosive.Artwork by Paul Gilbey (photography and design) and Amy Browne (illustrations).Follow Off Menu on Twitter and Instagram: @offmenuofficial.And go to our website www.offmenupodcast.co.uk for a list of restaurants recommended on the show.Watch Ed and James's YouTube series 'Just Puddings'. Watch here.
Service catalogs promise a lot of things: powerful automations, insights into your technology estate.But over the last few years, many of us have learned tha...
See why organizational awareness is an incident superpower with incident.io Product Engineer Lawrence Jones. Lawrence discusses the importance of leveraging organizational context during incident response. He emphasizes using structured data and service catalogs to enhance incident management by bringing valuable organizational knowledge directly to responders.
About the talk: Technical Documentation - How Can I Write Them Better and Why Should I Care?Gathering pieces of information for a task to deliver/modify a f...
Podcast Episode · Taskmaster The Podcast · 22/05/2025 · 49m
One hundred! The hundo! The big 1-0-0! In a milestone episode, Ed and James finally reveal their dream meals. And who better for the genie to transfer his powers to than Off Menu fave and this episode’s special guest host, Claudia Winkleman!
When technical systems fail at companies like Netflix or Etsy, every minute of downtime can cost millions. That's why incident.io is building AI systems that can automatically investigate and diagnose technical problems faster than human engineers. In this episode of The AI Adoption Playbook, Lawrence Jones, Product Engineer at incident.io, tells Ravin how they're creating an automated incident investigator that can analyze logs, traces, and metrics to determine what went wrong during an outage. He shares their methodical approach to AI development, focusing on measurable progress through evaluation metrics and scorecards rather than intuitive "vibe-based" changes. Lawrence also discusses the evolution of their AI teams and roles, including their newly launched AI Engineer position designed specifically for the unique challenges of AI development, and how they use LLMs themselves to evaluate AI system performance. Topics discussed: Building an AI incident investigator that can automatically analyze logs, traces, and metrics to determine the root cause of technical outages. Creating comprehensive evaluation frameworks with scorecards and metrics to measure AI performance against historical incident data. Using LLMs as evaluators to determine if AI responses were helpful by analyzing post-incident conversations and user feedback. Developing internal tooling that enables teams to rapidly test and improve AI systems while maintaining quality standards. Evolving from individual "vibe-based" AI development to team-based systematic improvement with clear metrics for success. Structuring AI engineering roles and teams to balance product engineering skills with specialized AI development knowledge. Implementing product-focused AI features like chatbots that can help automate routine tasks during incident response. Leveraging parallel human and AI processes to collect validation data and improve AI system performance over time. Building versus buying AI evaluation tools and the advantages of custom solutions integrated with existing product data. Exploring the future of AI in technical operations and whether AI will enhance or replace human roles in incident management. Listen to more episodes: Apple Spotify YouTube
Preston Thorpe joins us from inside prison, where he awaits a hopeful release within the next 12 months. His journey has been anything but easy—marked by hardship and uncertainty. But over the past few years, Preston has undergone a profound transformation. He’s refactored not just his skills, but his identity. Today, ...
This episode was sponsored by Elastic! Elastic is the company behind Elasticsearch, they help teams find, analyze, and act on their data in real-time through their Search, Observability, and Security solutions. Thanks Elastic! This episode was recorded at Elastic's offices in San Francisco during...
We sit down with Scott Hanselman at Microsoft Build 2025 to discuss open sourcing all the things, cool stuff Windows can do, where we want (and don't want) AI to fit into our lives, building arcade cabinets, and so much more.
When it comes to building distributed systems, RPC and REST style interfaces aren't the only options. Events provide an alternative way to build a distributed system that can result in more robust ...
Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishing some pretty sane AI usage guidelines. We chat about how this low-effort, high-impact abuse pattern is a denial-of-service attack on the curl project (and other open source projects too). The show notes and blog post for this episode can be found at
It's easy to talk about everything when you've been writing software for half a century. Bhaskar has some amazing insights from his impressive career building software using everything from punch cards to AI. If you like learning about the past to understand the future, this is an episode you...
Podcast Episode · Taskmaster The Podcast · 15/05/2025 · 49m
Lessons from 100+ DevTool founders - DevTools successes, failures and stories in a free weekly email and podcast.
Go gets auditedBlog: Go Cryptography Security Audit by Roland Shoemaker and Filippo ValsordaDeeper dive into FIPS in Episode 89 with Alex Scheel✋ Proposal declined: x/exp/xiter: new package with iterator adapters⛺ Gophercamp video: Your code deserves better: give it a linter by Gabriel Augendre🏓...