The New Stack Podcast

Sarah Wells, a seasoned tech consultant with over 20 years of experience, shares her insights on microservices success. She details her time at the Financial Times, where they scaled from 12 to over 20,000 software releases by embracing automation and team autonomy. Wells emphasizes the need for effective communication and flexible architectural roles, advocating for 'engineering enablement' over rigid platform teams. Discover how organizational structures impact microservices adoption and the importance of fostering collaboration in tech teams.

In August 2023, the open source community rallied to create OpenTofu, an alternative to Terraform, after HashiCorp, now owned by IBM, adopted a restrictive Business Source License for Terraform. Ohad Maislish, co-founder and CEO of env0, explained on The New Stack Makers how this move sparked the initiative. A few hours after HashiCorp's license change, Maislish secured the domain opentf.org and began developing the new project, eventually named OpenTofu, which was donated to The Linux Foundation to ensure its license couldn't be altered.Maislish highlighted the importance of distinguishing between vendor-backed and foundation-backed open source projects to avoid sudden licensing changes. Before coding, the community created a manifesto, gathering significant support and pledges, but received no response from HashiCorp. Consequently, they proceeded with the fork and development of OpenTofu. Despite accusations of intellectual property theft from HashiCorp, OpenTofu gained traction and was adopted by organizations like Oracle. The community continues to prioritize user feedback through GitHub.Learn more from The New Stack about OpenTofu: OpenTofu vs. HashiCorp Takes Center Stage at Open Source Summit OpenTofu Amiable to a Terraform Reconciliation OpenTofu 1.6 General Availability: Open Source Infrastructure as Code Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Evan Prodromou, a pioneer in decentralized social networks and director at OpenEarth Foundation, discusses the transformative potential of the fediverse. He highlights how the shift from centralized platforms like Twitter and Facebook threatens user autonomy. Prodromou shares insights on ActivityPub, emphasizing its role in connecting diverse social networks. He explores community dynamics, the importance of personal connections, and the growing engagement from major players like Meta. Tune in to learn about the future of open-source social media!

In a recent episode of The New Stack Makers, recorded at the Open Source Summit North America, Matt Hartley, Linux support lead at Framework, discusses the importance of the "right to repair" movement. This initiative seeks to allow consumers to repair and upgrade their own electronic devices, countering the trend of disposable electronics that contribute to environmental damage. Framework, a company offering modular and customizable laptops, embodies this philosophy by enabling users to replace outdated components easily.Hartley, interviewed by Chris Pirillo, highlights how Framework’s approach helps reduce electronic waste, likening obsolete electronics to a form of "technical debt." He shares his personal struggle with old devices, like an ASUS Eee, illustrating the need for repairable technology. Hartley also describes his role in fostering a DIY community, collaborating closely with Fedora Linux maintainers and creating user-friendly support scripts. Framework’s community is actively contributing to the platform, developing new features and hardware integrations.The episode underscores the growing momentum of the right to repair movement, advocating for consumer empowerment and environmental sustainability. Learn more from The New Stack about repairing and upgrading devices: New Linux Laptops Come with Right-to-Repair and More Troubling Tech Trends: The Dark Side of CES 2024 Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Blockchain technology continues to drive innovation despite declining hype, with Distributed Ledgers (DLTs) offering secure, decentralized digital asset transactions. In an On the Road episode of The New Stack Makers recorded at Open Source Summit North America, Andrew Aitken of Hedera and Dr. Leemon Baird of Swirlds Labs discussed DLTs with Alex Williams. Baird highlighted the Hashgraph Consensus Algorithm, an efficient, secure distributed consensus mechanism he created, leveraging a hashgraph data structure and gossip protocol for rapid, robust transaction sharing among network nodes. This algorithm, which has been open source under the Apache 2.0 license for nine months, aims to maintain decentralization by involving 32 global organizations in its governance. Aitken emphasized building an ecosystem of DLT contributors, adhering to open source best practices, and developing cross-chain applications and more wallets to enhance exchange capabilities. This collaborative approach seeks to ensure transparency in both governance and software development. For more insights into DLT’s 2.0 era, listen to the full episode.Learn more from The New Stack about Distributed Ledgers (DLTs) IOTA Distributed Ledger: Beyond Blockchain for Supply Chains Why I Changed My Mind About Blockchain Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

The Linux xz utils backdoor exploit, discussed in an interview at the Open Source Summit 2024 on The New Stack Makers with John Kjell, director of open source at TestifySec, highlights critical vulnerabilities in the open-source ecosystem. This exploit involved a maintainer of the Linux xz utils project adding malicious code to a new release, discovered by a Microsoft engineer. This breach demonstrates the high trust placed in maintainers and how this trust can be exploited. Kjell explains that the backdoor allowed remote code execution or unauthorized server access through SSH connections.The exploit reveals a significant flaw: the human element in open source. Maintainers, often under pressure from company executives to quickly address vulnerabilities and updates, can become targets for social engineering. Attackers built trust within the community by contributing to projects over time, eventually gaining maintainer status and inserting malicious code. This scenario underscores the economic pressures on open source, where maintainers work unpaid and face demands from large organizations, exposing the fragility of the open-source supply chain. Despite these challenges, the community's resilience is also evident in their rapid response to such threats. Learn more from The New Stack about Linux xz utils Linux xz Backdoor Damage Could Be Greater Than Feared Unzipping the XZ Backdoor and Its Lessons for Open Source The Linux xz Backdoor Episode: An Open Source Myster Join our community of newsletter subscribers to stay on top of the news and at the top of your game.     

Suman Debnath, principal developer advocate for machine learning at Amazon Web Services, emphasized the advantages of using Python in machine learning during a New Stack Makers episode recorded at PyCon US. He noted Python's ease of use and its foundational role in the data science ecosystem as key reasons for its popularity. However, Debnath highlighted that building generative AI applications doesn't necessarily require deep data science expertise or Python. Amazon Bedrock, AWS’s generative AI framework introduced in September, exemplifies this flexibility by allowing developers to use any programming language via an API-based service. Bedrock supports various languages like Python, C, C++, and Java, enabling developers to leverage large language models without intricate knowledge of machine learning. It also integrates well with open-source libraries such as Langchain and llamaindex. Debnath recommends visiting the community AWS platform and GitHub for resources on getting started with Bedrock. The episode includes a demonstration of Bedrock's capabilities and its benefits for Python users. Learn More from The New Stack on Amazon Bedrock: Amazon Bedrock Expands Palette of Large Language Models Build a Q&A Application with Amazon Bedrock and Amazon Titan 10 Key Products for Building LLM-Based Apps on AWSJoin our community of newsletter subscribers to stay on top of the news and at the top of your game/ 

Nathan Peck, a senior developer advocate for generative AI at Amazon Web Services (AWS), shares his experiences working with Python in a recent episode of The New Stack Makers, recorded at PyCon US. Although not a Python expert, Peck frequently deals with Python scripts in his role, often assisting colleagues in running scripts as cron jobs. He highlights the challenge of being a T-shaped developer, possessing broad knowledge across multiple languages and frameworks but deep expertise in only a few.Peck introduces Amazon Q, a generative AI coding assistant launched by AWS in November, and demonstrates its capabilities. The assistant can be integrated into an integrated development environment (IDE) like VS Code. It assists in explaining, refactoring, fixing, and even developing new features for Python codebases. Peck emphasizes Amazon Q's ability to surface best practices from extensive AWS documentation, making it easier for developers to navigate and apply.Amazon Q Developer is available for free to users with an AWS Builder ID, without requiring an AWS cloud account. Peck's demo showcases how this tool can simplify and enhance the coding experience, especially for those handling complex or unfamiliar codebases.Learn more from The New Stack about Amazon Q and Amazon’s Generative AI strategy:Amazon Q, a GenAI to Understand AWS (and Your Business Docs)Decoding Amazon’s Generative AI StrategyResponsible AI at Amazon Web Services: Q&A with Diya WynnJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Mike Fiedler, a PyPI safety and security engineer at the Python Software Foundation, prefers the title “code gardener,” reflecting his role in maintaining and securing open source projects. Recorded at PyCon US, Fiedler explains his task of “pulling the weeds” in code—handling unglamorous but crucial aspects of open source contributions. Since August, funded by Amazon Web Services, Fiedler has focused on enhancing the security of the Python Package Index (PyPI). His efforts include ensuring that both packages and the pipeline are secure, emphasizing the importance of vetting third-party modules before deployment.One of Fiedler’s significant initiatives was enforcing mandatory two-factor authentication (2FA) for all PyPI user accounts by January 1, following a community awareness campaign. This transition was smooth, thanks to proactive outreach. Additionally, the foundation collaborates with security researchers and the public to report and address malicious packages.In late 2023, a security audit by Trail of Bits, funded by the Open Technology Fund, identified and quickly resolved medium-sized vulnerabilities, increasing PyPI's overall security. More details on Fiedler's work are available in the full interview video.Learn more from The New Stack about PyPl:PyPl Strives to Pull Itself Out of TroubleHow Python Is EvolvingPoisoned Lolip0p PyPI PackagesJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

The name "Falcon" for the UAE’s large language model (LLM) symbolizes the national bird's qualities of courage and perseverance, reflecting the vision of the Technology Innovation Institute (TII) in Abu Dhabi. TII, launched in 2020, addresses AI’s rapid advancements and unintended consequences by fostering an open-source approach to enhance community understanding and control of AI. In this New Stack Makers, Dr. Hakim Hacid, Executive Director and Acting Chief Researcher, Technology Innovation Institute emphasized the importance of perseverance and innovation in overcoming challenges. Falcon gained attention for being the first truly open model with capabilities matching many closed-source models, opening new possibilities for practitioners and industry. Last June, Falcon introduced a 40-billion parameter model, outperforming the LLaMA-65B, with smaller models enabling local inference without the cloud. The latest 180-billion parameter model, trained on 3.5 trillion tokens, illustrates Falcon’s commitment to quality and efficiency over sheer size. Falcon’s distinctiveness lies in its data quality, utilizing over 80% RefinedWeb data, based on CommonCrawl, which ensures cleaner and deduplicated data, resulting in high-quality outcomes. This data-centric approach, combined with powerful computational resources, sets Falcon apart in the AI landscape. Learn more from The New Stack about Open Source AI: Open Source Initiative Hits the Road to Define Open Source AI  Linus Torvalds on Security, AI, Open Source and TrustTransparency and Community: An Open Source Vision for AI Join our community of newsletter subscribers to stay on top of the news and at the top of your game.