reporter

The difference is of particular relevance to the Church of England as it continues to move in the wrong direction on same-sex marriage.View the full article

King Charles III and Queen Camilla will meet Pope Leo XIV when they visit the Vatican in October. View the full article

Christian prisoners were often treated as “untouchables” by both prison staff and other prisoners.View the full article

Fresh warnings have emerged in the UK and US about the dangers of abortion pills, with new data highlighting the scale of complications faced by women.View the full article

A nationwide survey by UK charity National Churches Trust has raised concerns that as many as 2,000 churches across the UK could close within the next five years.View the full article

Christians (and hopefully others) have a responsibility to look beyond the superficial, and the memes, and dig a bit deeper.View the full article

A new report raised concerns about overstretched bishops and an unsustainable workload.View the full article

Here’s a shock for many of the world’s top golfers, and golfing fans gathering in Farmingdale, New York for the 45th Ryder Cup. View the full article

The announcement of his passing was made by his family. He was 56.View the full article

Theologian and bestselling author Christopher Yuan is “recovering in good spirits” following an emergency surgery meant to treat paralysis caused by a fall at his home.View the full article

It’s not about winning arguments. It’s about clearing obstacles so people can encounter Jesus in the pages of Scripture.View the full article

A former career criminal who once plotted multi-million pound drug deals has told how his life was transformed after what he describes as a dramatic “God encounter” on a ferry.View the full article

The 22 coins, dating back more than 1,600 years, were found within a narrow crack deliberately carved at the end of a winding tunnel.View the full article

The Baptist Union of Great Britain (BUGB) has detailed a wide-ranging support package to keep students from the now-closed Spurgeon’s College on track for the new academic year.View the full article

Almost half of all Church of England parishes are set to gain from a new £11 million wave of investment aimed at strengthening mission, outreach and discipleship, according to the latest figures.View the full article

The mosque will be the first in Monmouthshire, if approved.View the full article

Decades in incident response reveal battle-tested cybersecurity controls that minimize attack surface, improve detection and response, reduce incident impact and losses, and build cyber resilience (with compliance mappings for easy implementation). View the full article

Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious type of bugs known as memory-safety vulnerabilities. A computer’s memory is a shared resource among all programs, and memory safety issues crop up when software can pull data that should be off limits from a computer’s memory or manipulate data in memory that shouldn’t be accessible to the program. When developers—­even experienced and security-conscious developers—­write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities. That’s why proactive tools like special programming languages have been proliferating with the goal of making it structurally impossible for software to contain these vulnerabilities, rather than attempting to avoid introducing them or catch all of them. […] With memory-unsafe programming languages underlying so much of the world’s collective code base, Apple’s Security Engineering and Architecture team felt that putting memory safety mechanisms at the heart of Apple’s chips could be a deus ex machina for a seemingly intractable problem. The group built on a specification known as Memory Tagging Extension (MTE) released in 2019 by the chipmaker Arm. The idea was to essentially password protect every memory allocation in hardware so that future requests to access that region of memory are only granted by the system if the request includes the right secret. Arm developed MTE as a tool to help developers find and fix memory corruption bugs. If the system receives a memory access request without passing the secret check, the app will crash and the system will log the sequence of events for developers to review. Apple’s engineers wondered whether MTE could run all the time rather than just being used as a debugging tool, and the group worked with Arm to release a version of the specification for this purpose in 2022 called Enhanced Memory Tagging Extension. To make all of this a constant, real-time defense against exploitation of memory safety vulnerabilities, Apple spent years architecting the protection deeply within its chips so the feature could be on all the time for users without sacrificing overall processor and memory performance. In other words, you can see how generating and attaching secrets to every memory allocation and then demanding that programs manage and produce these secrets for every memory request could dent performance. But Apple says that it has been able to thread the needle. View the full article

Cybereason Security Services recently analyzed an investigation into a broader malicious Chrome extension campaign, part of which had been previously documented by DomainTools. While earlier iterations of this campaign involved the impersonation a variety of services, the latest version shifts focus to Meta (Facebook/Instagram) advertisers through a newly crafted lure: “Madgicx Plus,” a fake AI-driven ad optimization platform. Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts. Notably, several domains associated with earlier parts of the campaign have been repurposed to promote this new theme, highlighting the operators’ tendency to recycle infrastructure while adapting their social engineering strategy to new targets. View the full article

Image made by AI! Oh, the irony! Boy, that AI, it’s to blame for so many things isn’t it! AI causes layoffs! AI causes bad journalism! AI causes headaches for recruiters! AI causes ethics violations! But here’s the truth, AI doesn’t cause any of this – people do. All these things are human decisions. “AI” didn’t cause that layoff or any of these other things. It’s a handy technology, and just like the PC or mobile, it allows us to disrupt and change things, but it’s not “causing” anything. And to be honest, most “AI-caused layoffs” are a barefaced lie. Just like most RTO mandates are clandestine layoffs, CEOs have realized that you can now have a layoff or hiring freeze and say “because of our use of AI” and your stock goes up instead of down. So that’s what they say. Speaking as a technology consultant whose team is involved in a lot of large AI implementations, except for large call center or “digital piecework” shops, no one is really using AI enough already that it’s truly laid off large numbers of staff, and certainly all developer layoffs attributed to AI so far are layoffs they just wanted to do regardless. Every decade has its new technology silver bullet. In the after-times, we remind ourselves that there is no such thing as a silver bullet and it’s always more complicated than that. Then we forget and fall in love with the newest silver bullet, and the shinest teflon-coated hollow-point silver bullet is AI. But that’s just tech business as usual. The core problem here is that personification of AI is very deliberately being used to shift blame and pass the buck. Remember when Mark Zuckerberg went before Congress and kept trying to blame “the algorithm” for fanning political extremism, as if it wasn’t just software his company had built? This is the same playbook, scaled out, substituting in “AI” as the boogeyman. Whenever any AI exec talks about AGI or “we the tech oligarchs are also scared of AI, it may be alive and coming to get us!” they are very deliberately trying to play a shell game of brandishing something that you all can identify as a blame-bearing entity in front of them so that they, their company, and their practices can have plausible deniability. No no, it’s “the AI” that stole all of your IP, or told you to drive your car off a cliff, not us. But the only reason you think it’s different than “a person at that company told you to do that” is the use of disinformation, wealth, and power to snooker you. In many use cases, AI isn’t better, it’s just cheaper, and it’s only cheaper right now when trillions of dollars are being poured into defraying its cost. No one wants an AI drive-through – it’s slower and harder to fix mistakes. Companies only pitch it as the ‘better option’ when the alternative is an underpaid, burned-out worker. That’s a false choice. This false choice is set up for you by companies that don’t care about your experience but want to save money. They’re the ones who only want to pay minimum wage, or have your support phone calls go to another country, or whatnot, and have already done that at the expense of you as a customer. The real option, doing it well in the first place, is always on the table. Don’t let them play you like a toddler and ask you “which of these two shirts you want to wear today.” Over the millennia, people have always found a scapegoat for exploitation. First it was “the gods,” then “the laws,” then “the algorithm,” and now it’s “the AI.” Always keep in mind that all of these are only masks for one person – The Man. It’s not the mask taking the actions, it’s the people hiding behind them. Don’t get suckered into the shell game. Hold the real decision-makers accountable. Demand better. Don’t be decieved into framing decisions and outcomes as being “caused by” AI. Journalists are the *worst*, they gave up on real reporting already in favor of “what someone said on Twitter,” and they are now happily replacing that with “ChatGPT says”, as if that’s thoughtful analysis. View the full article

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a reading group on AI security in the fall. I will be teaching my cybersecurity policy class in the Spring. I will be working with Citizen Lab, the Law School, and the Schwartz Reisman Institute. And I will be enjoying all the multicultural offerings of Toronto. It’s all pretty exciting. View the full article

Budds Creek Entry Lists and InformationView the full article

Atlassian’s Bitbucket Cloud has tightly integrated CI/CD capabilities via its Bitbucket Pipelines feature set. However, some of our Bitbucket Cloud and Bitbucket Data Center customers still use Jenkins for CI/CD. In this blog, I present a practical walkthrough of the benefits of Bitbucket Pipelines over a tool like Jenkins in the context of two key stats from our recent State of DevEx 2025 report. These stats serve serve as motivation for why teams should move to a tightly integrated, cloud native SAAS offerings like Bitbucket Cloud with Bitbucket Pipelines, rather than self-hosted on-prem CI/CD tools like Jenkins. What is DevEx First, let’s quickly review what DevEx is and briefly touch on why it’s important. There’s even a Knuth quote about DevEx: Knuth says: “The enjoyment of one’s tools is an essential ingredient of successful work.” DevEx is important because developers working in an environment with a good developer experience spend more time building software and solving problems for their customers, and less time doing other less valuable work. State of DevEx Report 2025 Atlassian produces a State of DevEx report every year. We interview thousands of developers and development leaders and ask questions about their teams’ development experiences. I want to focus on two stats from the 2025 report. First: “50% of developers now report losing more than 10 hours of their working week due to inefficiencies.“ This stat is wild to me. If a developer works a 40-hour week, that means 25% of their time is lost to friction in the development process. Developers tend to work long hours to hit project deadlines. If these 10 hours a week could be recouped, we’d be happier and get more done. Second: “Developers are only spending 16% of their time every week writing code.“ This means that developers spend 84% of their time searching for information, context switching between tools, in meetings, and fighting with tech debt. If we could shift even a fraction of that time to building software and solving problems, we’d all be happier and better able to ship features to our customers. Please keep these two stats in mind as you continue. What it takes to get a new Jenkins box up and running I decided to setup a new Jenkins box on AWS, integrate it with Bitbucket, and get it building, testing, and deploying my code using a Jenkinsfile. The following sections provide some insight into the setup process and future work I’d be taking on to continue using Jenkins. Create an EC2 box and install Jenkins and its dependencies The first thing I did was create an AWS EC2 box in ca-central-1. Then, I installed Jenkins and its dependencies following the Jenkins documentation. The image above shows some of the AWS infrastructure I created and some of the commands necessary to install and configure Jenkins and its dependencies. This was fairly straightforward, as the documentation was good. When I finished this process, I had a single Jenkins box running on a single AWS EC2 server. However, there are problems with what I had setup. A single node isn’t highly available, resilient, or durable. I’d need additional infrastructure to make this a service I could roll out to my team and other teams. Also, I’m not an expert in AWS EC2 networking or Linux security, and I’m unsure if I implemented security best practices. I will likely have security vulnerabilities to address in the future, and I will definitely have to patch the box and the software as new vulnerabilities arise. I’ve created tech debt for myself. Install some plugins https://dam-cdn.atl.orangelogic.com/AssetLink/sa3hc0ll272qbw4huwq01mc3dmw84x20.mp4 After I got the Jenkins box up and running, I needed to install some plugins to make it work the way I wanted it to. I didn’t know I needed to install these plugins so I spent some time fumbling around Stack Overflow and the Jenkins documentation until I figured it out. I eventually installed plugins for Git, Docker, and Bitbucket. The plugin install process is simple and none of the plugins I installed required plugin specific setup. Going through the UI to install the plugins I noticed that there are literally hundreds of plugins available. While having all these plugins available for Jenkins is great, it seems like a lot of them simply provide functionality that Bitbucket Cloud and Pipelines offers out of the box. For example: Git is available in every build by default and the Bitbucket Pipelines runtime automatically clones relevant repos. Bitbucket Pipelines is entirely docker-native with full support for “Docker-in-Docker” setups and docker buildx. Bitbucket Pipelines comes fully integrated with Bitbucket Cloud and all the other Atlassian tools by default. The key takeaway for me is that, although Jenkins’ library of plugins is vast, many of them exist to provide the bare essentials. The idea of managing a system with potentially hundreds of plugins enabled, that all needed to be updated from time to time, gave me anxiety. Integrate Jenkins with Bitbucket https://dam-cdn.atl.orangelogic.com/AssetLink/pq13lfi747pqw44kisj8y7e2u8p587bv.mp4 After I got the plugins installed I setup the integration between Bitbucket and Jenkins. I wanted Jenkins to run the pipeline defined in my Jenkinsfile whenever I pushed to a branch, created a pull request, or merged a branch to my production branch. This was easy to setup and get working. At this point I had two separate systems up and running, Bitbucket Cloud and Jenkins, and an integration between them. Now, I could move on to actually setting up a Jenkins pipeline to build, test, and deploy my software. Configure a Jenkins pipeline From the Jenkins main page I had the option to create a New Item. From here I had to choose from one of the six options. I wasn’t sure sure what I wanted so I was off to the Jenkins documentation to learn. I guessed that I wanted a Pipeline so I started reading about that, and luckily I was correct. The pipeline screen provided a bunch of configuration checkboxes and options to setup what I wanted. After some reading, I got what I needed setup. https://dam-cdn.atl.orangelogic.com/AssetLink/3475vk611sp26m5r40jiwul5g5qfw463.mp4 This part of the process is pretty similar to every other CI/CD product on the market. Setup some data in the product and write a config file that lives in the repository that details the various analysis, build, test, and deploy steps you want. All that was left was to write a proper Jenkinsfile. Write a Jenkinsfile; Time to learn Groovy https://dam-cdn.atl.orangelogic.com/AssetLink/a3q4x5q6i80xffuftj6kmn15vh2ih813.mp4 While Bitbucket and other vendors use YAML for their CI/CD configuration, Jenkins uses Groovy. This means I have to learn a completely separate language just to use Jenkins, in addition to learning the Jenkinsfile syntax. I don’t know Groovy, and I don’t want to pick up yet another language just to use one specific tool. Luckily, I had Rovo Dev CLI to help me write the Jenkinsfile. Rovo is Atlassian’s platform-wide AI solution. Rovo Dev CLI is a terminal-based way of interacting with the Atlassian platform. It provides all of the expected coding support that other AI tools provide, AND it lets me interact with my Atlassian products. After I got it to build a Jenkinsfile for me, I told it to update the Jira issue I was using to track my work. This is pretty handy as it saves me from having to jump into Jira, search for the Jira issue, and manually type the updates. This improves my DevEx because I spend less time clicking around a UI in my browser and more time in my dev tools. Now, I want to talk about a couple other bits of work that came up as part of the process of standing up a Jenkins box. Emergent work At this point I had Jenkins up and running and building, testing, and deploying my code. I suspected that my networking and EC2 setup were probably not up to standards and would require some attention. Tickets from Cloud Engineering Turns out I was right. My new EC2 box wasn’t standards-compliant. Atlassian Cloud Engineering maintains standards for infrastructure running in AWS. I got three tickets from cloud engineering for things I needed to patch, update, and install on my EC2 box to make it compliant with Atlassian standards. The wiki pages describing the required steps for each of the tickets were substantial. The work wasn’t hard to complete, but it pulled me away from building software and solving problems for my customers. I was spending time administering Jenkins. This is a prime example of that 16% / 84% statistic from the State of DevEx report I reference earlier. Every company I’ve worked for has had their own standards for how to setup and configure infrastructure, so this isn’t an Atlassian specific problem. User access control? Availability? Reliability? Durability? My current setup has only a single Jenkins node. That isn’t production ready. I need more nodes for redundancy and I need to setup some kind of a backup process to recover from failures. Another problem is scaling. I don’t want to pay for multiple EC2 boxes when no one is running builds. I also don’t want to be compute constrained when my team is trying to run hundreds of concurrent builds, or running extensive test suites in QA. Setting up more nodes, backup and recovery, and auto-scaling is going to be a ton of work that I just don’t have to do with modern SAAS systems like Bitbucket Cloud. Bitbucket Pipelines features that improve the DevEx Now, let’s switch gears for a second and look at some features of Bitbucket Pipelines that improve the developer experience. We’ll start off with an extremely powerful tool called Dynamic Pipelines. Dynamic Pipelines https://dam-cdn.atl.orangelogic.com/AssetLink/0a0s5t6460u1e2le5yu7upuwb1y57w6o.mp4 Dynamic Pipelines are a way for engineering or platform teams to create standards-compliant pipelines and then push them out across one or more Bitbucket workspaces. Dynamic Pipelines are defined in code using Atlassian’s Forge platform. They can be as simple as injecting a single step into the pipelines of repositories in a workspace or as complex as dynamically generating standards compliant, always up to date, best practice workflows from nothing but a few labels in a YAML file. As you might guess, there are numerous benefits to this capability. For example, using Dynamic Pipelines, a central security or compliance team can guarantee that a set of static analysis and security scanning steps are executed in every pipeline that runs in a workspace. What’s even better is that those static analysis and security scanning steps don’t need to be defined in the bitbucket-pipelines.yml file in each repository; The steps are injected by dynamic pipelines at runtime, using configuration defined by the central team. Furthermore, when the organization decides to change the set of static analysis and security scanning steps they want to run, they can update the dynamic pipeline once and all pipelines in the workspace will automatically start running the new steps without engineers having to manually update individual bitbucket-pipelines.yml files. This reduces maintenance work and helps organizations quickly adapt to changing requirements and technologies. In addition, engineers are no longer required to know the exact process to use each of the static analysis and security scanning tools since the correctly configured steps are injected automatically at runtime. Critical to note though, is that Dynamic Pipelines do not prevent teams from still writing their own YAML workflows if they want to. Dynamic Pipelines are smart enough to enable centralized standards compliance whilst still retaining individual team autonomy. Dynamic Pipelines improve the developer experience by reducing the number of lines of YAML they have to maintain, and frees up engineers’ cognitive capacity to focus on building software and solving problems for customers by reducing the amount of brain power they spend maintaining CI/CD. You can learn more about Dynamic Pipelines here, here, and here. AI assisted pipelines https://dam-cdn.atl.orangelogic.com/AssetLink/8c6p6013m67w5s7hq6802ss8342cp0c2.mp4 AI-assisted pipelines are like having a build engineering sitting beside you to help you fix problems in your pipeline. When a pipeline step fails, Rovo will look at things like the code being deployed, the pipeline’s configuration, and pipeline logs to determine what happened and how to fix it. Without AI, we all have to do this manually, and it can be awful. I don’t like looking through 230570238509 lines of logs to figure out what broke and neither does any other engineer I know. I’d rather have someone else solve this kind of problem for me so I can focus on building stuff. AI-assisted pipelines directly addresses the 16% / 84% stat mention earlier by reducing the amount of time I spend digging through logs and searching for information. Self-Hosted Runners By default, Bitbucket Pipelines executes all steps on Atlassian cloud hardware. This works well for many customers, but some customers have compliance regimes meaning they need to run some of their steps on their own hardware, behind their firewall. Bitbucket Cloud’s self-hosted runners makes this simple, allowing teams to run a single step, all the way up to an entire pipeline, on their infrastructure – still orchestrated from Bitbucket Cloud. To use self-hosted runners, teams create a runner and register it with Bitbucket. This process is a couple of clicks in the UI. Once the runner is registered in Bitbucket, teams can add the runs-on tag to their bitbucket-pipelines.yml file to tell Bitbucket Pipelines to execute that particular step on the runner. Teams can also give specific runners unique tags and then add those tags to the same runs-on section to distribute specific pipelines or steps to specific individual runners. In this way teams can setup as many runners as they need, with specific resources and access for the task they’re going to perform, and Bitbucket will ship work to them as required. With this approach teams can run most of theirs steps on Atlassian hardware whilst distributing specialized workloads onto their own hardware. This hybrid approach gives them the best of both worlds. Size parameter Different steps in a CI/CD pipeline can require different amounts of memory and take different amounts of time to execute. With the size parameter, teams can control the amount of CPU and memory resources available to each individual step. This lets them fine tune their resource usage. By default, if the size parameter is not specified, Bitbucket runs the step with a 1x size parameter, which is a runner with 2 CPUs and 4 GB of memory and is the least expensive runner to use. This helps keep costs to a minimum by default. When a team has a step that is taking too long to execute or requires more memory, they can add the size parameter to the step and get access to up to 32 CPUs and 64 GB of memory. In this way, teams can tailor their resource usage to have sufficient performance while being as inexpensive as possible. DORA metrics in Jira and Compass Bitbucket is tightly integrated with the rest of the Atlassian platform. For developers, that means it automatically ships CI/CD metric information to other Atlassian products. In particular, it is easy to get access to DORA metrics in both Jira, and Compass. The data is available in Jira, and Compass automatically, with no additional configuration. This means you can add DORA metrics to your Compass components. And you can view DORA metrics in Jira reports. With the tight integration of Bitbucket with the Atlassian platform, teams don’t have to setup yet another tool to track and calculate their DORA metrics. They get them for free, out of the box. How to migrate to Bitbucket Pipelines from Jenkins I strongly encourage everyone who is using both Bitbucket and Jenkins to consider migrating to Bitbucket Pipelines. Doing this will improve your developer experience, allow you to spend more time building software and solving problems for your customers, and spend less time on server setup, configuration, and maintenance. To that end, Atlassian provides a tool to help migrate declarative Jenkins pipelines to Bitbucket Pipelines by converting Jenkinsfiles to bitbucket-pipelines.yml files. You can find information about this process by following the QR code or the link above. You can also try converting Jenkinsfiles to bitbucket-pipelines.yml files yourself using the Rovo Dev CLI, which is currently in Beta. Useful Links Rovo Dev CLI Bitbucket Cloud Bitbucket Pipelines Dynamic Pipelines How to migrate Jenkins to Bitbucket Pipelines Why Bitbucket Pipelines over Jenkins The post To Bitbucket from Jenkins: Enhancing Developer Experience appeared first on Work Life by Atlassian. View the full article

Unadilla Entry Lists and InformationView the full article

There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really great stuff here. View the full article