I wasn’t really sure what hardned images were, let alone “distroless,” so Tony and I were lucky to get William on this week’s Tanzu Catsup to sort it out. We also discuss how it fits into platform engineering.
Posts in "tech"
This week’s Software Defined Interviews episode is with Lian Li:
In this episode, Whitney and Coté talk with Lian, a “cloud-native human” with a 15-year career in tech. Lian discusses her transition from tech to performance art, her experiences in amateur musical theater, stand-up comedy, and improv theater. She talks about platform engineering, the importance of community building in tech, and balancing professional life with personal projects. They also cover her unique improv workshops for engineers at conferences and the popular KubeCon karaoke parties she organizes.
Listen and subscribe, or watch the video (above) if you’re into that kind of thing.
The Alpha and The Omega, Software Defined Talk #554: This week, Brandon and I discuss AI’s impact on Stack Overflow, Docker’s Hardened Images, and Nvidia buying Groq. Plus, thoughts on playing your own game and having fun. If you don’t like the traditional podcast format, check out the unedited recording.
Is Your AI Assistant Creating a Recursive Security Loop? from Camille Crowell-Lee
AI-assisted coding is starting to eat its own tail: the same LLMs that write code are increasingly asked to review it, explain security decisions, and even override their own warnings. That creates recursive trust loops where “explain your reasoning” becomes an attack surface, and models can literally talk themselves out of being secure. The fix isn’t better prompts, it’s old-school architecture - separation of concerns, non-AI enforcement, and treating LLMs as assistants, not authorities.
Check out more in her article.
Virtual machines still run the world
The above is from a recent IDC white paper.
Container use is growing. Even then, VMs still run everything. Most of those containers run in VMs:
IDC forecasts that 85% of containers will run in VMs in 2028. Meanwhile, there is a huge installed base of traditional applications in VMs that will be around for a very long time.
And:
nearly all public clouds continue to run their containers in VMs for reasons of multitenant isolation, scalability, and utilization maximization.
Adding security and governance to Model Context Protocol - How Broadcom uses MCP
Here’s the benefits Broadcom is getting from using MCP (running on Tanzu Platform):
This capability allows for seamless task completion, such as linking internal ticketing systems directly through to code commitment, significantly reducing the time required for ticket resolution. Specifically, developers can utilize natural language processing to direct an AI agent to find their next task, have the AI coding assistant implement the requested changes, and automatically submit a pull request.
A great platform as a product paper, and a fun platform philosophy thereof
I like this platform as a product paper a lot. You should check it out if you’re into DevOps, SRE, platform engineering, whatever. It’s also available in O’Reilly if you have that subscription and don’t want to lead-in yourself.
Here’s some fun parts:
Adopting a product mindset starts with continually evaluating the business context to manage “build versus buy” decisions. Contextual factors such as scale, compliance requirements, or the diversity of the workforce skill base and technology stacks often require organizations to opt out of an off-the-shelf solution and instead invest in a set of integrated capabilities designed for its specific needs.
Spending less money on IT is always the priority, and how to get around it
The survey of more than 200 CFOs, taken during August 2025, showed that 56% of CFOs rank achieving enterprise-wide cost optimization targets in their top five. Gartner CFO survey.
The easiest way to show the value of IT is to show how it means spending less money. There’s occasional moments where “ROI” is achieved by existential dread - the tech industry is going to Blockbuster you, etc. But those are largely made up, at the least, way overblown.
Highlights from that OpenAI "The state of enterprise AI report"
On average, ChatGPT Enterprise users attribute 40–60 minutes of time saved per active day to their use of AI, with data science, engineering, and communications workers saving more than average (60–80 minutes per day).
That’s the headline grabbing piece from the recent ChatGPT for work study. The theory take-away from that is that the more you use ChatGPT, the more productive you are.
Also, the current use revolves around chat and coding.
People don’t read vendor1 PDFs anymore. This is oft said. Is it true for you?
Should anyone be writing white papers anymore? Or should we (1) do short form pieces from social media micro-content, blog posts, advertorial, (2) do a lot more videos and podcasts (by that, I mean interview videos that happen to have an RSS feed), (3) make sure we have content to feed the AIs because people are getting their research from AIs? (4) Something else?
Put another way: what are the last three vendor PDFs you read that were useful?
-
“vendor” - you know, cloud companies, software companies…but also consultants and even industry analysts. Maybe “white papers” from any source, really, that are not the actual “enterprises” doing the work. ↩︎