Suggested Reads

How developers interpret and understand open source licenses, with a love letter to good research.

Friendly Reminder: ZIP Metadata is Not Encrypted, Author: Didier Stevens

- A set of lessons aimed at anyone learning LLM and generative AI concepts, with sections on operations and security, as well as development. Using code & langchain we'll explain how all these cool new applications work under the hood.Code : https://github.com/jedi4ever/learning-llms-and-genai-for-dev-sec-ops/Framework: https://langchain.com#devops #devsecops #genai #langchainBig thanks to Techstrong for the hackaton , London Devops for hosting this talk, Devops Weekly for the promotion and last but not least Langchain for sharing all the incredible learnings.00:00 Introduction, Shoutout and Link to code01:26 Building an app - the developer point of view33:11 Looking at it from rom the operational side44:33 A whole new world Security goodies54:10 Questions and closing thoughtsLessons overview:*Developer*- Calling a simple LLM using OpenAI- Looking at debugging in Langchain- Chatting with OpenAI as model- Using prompt templates- Use of Docloader to read your local files and prepare them for the LLM- Explain the calculation and use of embeddings- Understand how splitting and chunking is important- Loading embeddings and documents in a vector database- Use a chain for Questions and Answers to implement the RAG pattern (Retrieval Augmented Generation)- Show the use of OpenAI documentation to have the llm generate calls to find realtime informationImplement an Agent and provide it with tools to get more realtime information*Operations*- Find out how much tokens you are using and the cost- How to cache your calls to an LLM using exact matching or embeddings- How to cache the calculation of embeddings and run the calculation locally- Run your own local LLM (using Ollama)- Track your calls and log them to a file (using a callback handler)- Impose output structure (as JSON) and have the LLM retry if it's not correct*Security*- Explain the OWASP top 10 for LLMS- Show how simple prompt injection works and some mitigation strategies- How to detect prompt injection using a 3rd party model from Hugginface- Detect project injection by using a prompt- Check the answer llms provide and reflect if it ok- Use a huggingface model to detect if an LLM output was toxicShow a simple prompt for asking the llm's opinon on Kubernetes and Trivy vulnerabilities

NASA has a lot riding on these initiatives.

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10

Today we delve into the world of Kubernetes resources, Custom Resources (CRs), Custom Resource Definitions (CRDs), and Operators. Learn how these work togeth...

Author : Kaslin Fields The 2023 Steering Committee Election is now complete. The Kubernetes Steering Committee consists of 7 seats, 4 of which were up for election in 2023. Incoming committee members serve a term of 2 years, and all members are elected by the Kubernetes Community. This community body is significant since it oversees the governance of the entire Kubernetes project. With that great power comes great responsibility. You can learn more about the steering committee’s role in their charter . Thank you to everyone who voted in the election; your participation helps support the community’s continued health and success. Results Congratulations to the elected committee members whose two year terms begin immediately (listed in alphabetical order by GitHub handle): Stephen Augustus (@justaugustus ), Cisco Paco Xu 徐俊杰 (@pacoxu ), DaoCloud Patrick Ohly (@pohly ), Intel Maciej Szulik (@soltysh ), Red Hat They join continuing members: Benjamin Elder (@bentheelder ), Google Bob Killen (@mrbobbytables ), Google Nabarun Pal (@palnabarun , VMware Stephen Augustus is a returning Steering Committee Member. Big Thanks! Thank you and congratulations on a successful election to this round’s election officers: Bridget Kromhout (@bridgetkromhout ) Davanum Srinavas (@dims ) Kaslin Fields (@kaslin ) Thanks to the Emeritus Steering Committee Members. Your service is appreciated by the community: Christoph Blecker (@cblecker ) Carlos Tadeu Panato Jr. (@cpanato ) Tim Pepper (@tpepper ) And thank you to all the candidates who came forward to run for election. Get Involved with the Steering Committee This governing body, like all of Kubernetes, is open to all. You can follow along with Steering Committee backlog items and weigh in by filing an issue or creating a PR against their repo . They have an open meeting on the first Monday at 9:30am PT of every month . They can also be contacted at their public mailing list steering@kubernetes.io . You can see what the Steering Committee meetings are all about by watching past meetings on the YouTube Playlist . If you want to meet some of the newly elected Steering Committee members, join us for the Steering AMA at the Kubernetes Contributor Summit in Chicago . This post was written by the Contributor Comms Subproject . If you want to write stories about the Kubernetes community, learn more about us.

Ford’s pause of its $3.5 billion battery plant last week has been portrayed in many circles as a victory against Chinese technology. Many members of Congress, from Marco Rubio to Mike Gallagher, who have staked their political career on being permanently anti-China, were quick to claim credit for

You may already own a Chromebook Plus device, and new ones release October 8.

Toy highly-available Kubernetes cluster on NixOS. Contribute to justinas/nixos-ha-kubernetes development by creating an account on GitHub.

GlobalFoundries is manufacturing more of the world's critical chips, gaining significance with U.S.-China tension and big deals like one with General Motors

The European Telecommunications Standards Institute (ETSI) said it brought in French authorities to investigate. ETSI has more than 900 member organizations from over 60 countries.

Writing about the big beautiful mess that is making things for the world wide web.

Less than half of workers in the information sector shared a positive outlook of their employer as concerns persist.

The bug, first published Sept. 27, affects the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software.

BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your crypto address

Quick and easy guide for securing macOS systems, for both laymen and security enthusiasts. Last updated for Ventura (13.3).

Most basic kits lack supplies that can be critical when waiting for paramedics to arrive.

In the midst of industry discussions about productivity and automation, it’s all too easy to overlook the importance of properly reckoning with complexity.

The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6) describing a number of flaws in the Exim mail server, some of which are exploitable remotely. These problems, allegedly, were first reported to the project in June 2022, well over one year ago. There is some disagreement over the timing of events, with Exim developer Heiko Schlittermann claiming that no actual information was received until last May, and an anonymous ZDI representative disputing that story.

Best practices for open source ecosystems researchers.

Reddit users won't see more ads as a result, but they can expect to be served ads that are more relevant to them.

They're not dropping their lawsuits, but they say they have no choice but to negotiate.

A copy of the Matrix fan film “Fanimatrix" is the oldest torrent that is still being actively shared 20 years later.

Learn WebAssembly by writing small programs! Contribute to EmNudge/watlings development by creating an account on GitHub.

The Leonardo system, which serves more than 50 Russian air carriers, was down for more than an hour, affecting the flagship airline Aeroflot and others, reports said.

Apple could make its own search engine and end its reliance on Google, a report points out, with Apple already possessing most of the components it needs to go it alone.

The National Security Agency is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems.

Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.