Skip to main content Search

May News Roundup

In this episode of the DevOps Sauna, Darren and Pinja discuss the latest stories and developments in the DevOps space in May 2025, including Klarna, Microsoft, OpenAI buying Windsurf, and new legal legislations such as the Take It Down Act and European Vulnerability Database.

[Pinja] (0:03 - 0:12)

And this is one of the first actions that the new US Federal Government is taking against potential harms from AI-generated content.

[Darren] (0:14 - 0:22)

Welcome to the DevOps Sauna, the podcast where we deep dive into the world of DevOps, platform engineering, security, and more as we explore the future of development.

[Pinja] (0:22 - 0:32)

Join us as we dive into the heart of DevOps, one story at a time. Whether you're a seasoned practitioner or only starting your DevOps journey, we're happy to welcome you into the DevOps Sauna.

[Darren] (0:37 - 0:44)

Welcome back to the DevOps Sauna. We are probably going to have to talk about the news today. It's about that time again.

[Pinja] (0:45 - 1:03)

It is. It is the end of May right now. And, you know, Darren, it would be so nice to talk about something else than AI for a while.

But I guess the reality is that we haven't had any nice security breaches in a while that we're covering as the breaking news or the headlines. So I think we do have to cover AI stories today as well.

[Darren] (1:03 - 1:22)

Yeah, nothing interesting has been broken or broken into. So I guess we probably shouldn't encourage that. But it's nice to have things to talk about that aren't AI.

But as we don't, let's just jump right in with maybe a little bit of glee at the failings of the system here with Klarna.

[Pinja] (1:22 - 2:01)

Let's talk about Klarna. And for the ones who might not know, we're talking about the Swedish fintech company, and they provide online financial services. And why they're on the news at the moment is that they caught some 700 employees, and they replaced it with AI.

And they used this to save some money, of course, and ride the AI wave. But now we see that the valuation of the company has dropped to $6.7 billion. And in 2021, so four years ago, it was $45.6 billion. So we're talking about almost a $40 billion drop in the valuation of the company.

[Darren] (2:01 - 2:24)

Yep. The whole idea of this was that most of their customer service staff, I believe, were replaced by chatbots. And it turns out the chatbots weren't as effective as having a human touch.

So it may have led to some low quality. So I guess it's a bit of a problem now. They're trying to get the human element back into the company.

I'm not sure how well that's going for them.

[Pinja] (2:24 - 2:46)

No, I think they're trying out this new hiring pilot at the moment, where they say that they would try to have the customer service workers be in an Uber-type of setup. I'm very interested to hear, is that something as temporary workers or contractors, how they're going to do it? But they did realize, indeed, that they're going to need some humans to work for them as well.

[Darren] (2:46 - 2:59)

Yep. Well, we'll see how that goes. The Uber setting doesn't sound ideal.

It sounds like, you know, even the Uber model isn't great for Uber, I believe. Or it's great for Uber, it's not great for the people who work there.

[Pinja] (3:00 - 3:00)

Exactly.

[Darren] (3:00 - 3:12)

But moving on, we have some more large AI purchases. OpenAI bought Windsurf for the price of $3 billion, or about half of what Klarna is currently worth.

[Pinja] (3:12 - 3:27)

That's true. And we're now talking about an acquisition quite big. And we know we do talk about OpenAI quite a lot.

But at the same time, Windsurf, as a startup being bought for $3 billion, as you say, is quite big news. Yeah.

[Darren] (3:27 - 3:48)

Windsurf is like, if I'm not mistaken, it's basically an AI-first developer environment. So it's very much trying to connect to the coding ability we've seen from GPT's latest models with the developers. So basically getting them access more quickly.

Sounds like it could be interesting for development.

[Pinja] (3:48 - 4:11)

It could be. And some people might know the Windsurf tool formally as Codium. So that rings some bells for some people.

But this is going to be very interesting. Now, the pro version of ChatGPT, which is the OpenAI signature AI chatbot, is now including features specifically for developers. So let's see how that's going to be developed further now with this acquisition underway.

[Darren] (4:12 - 4:31)

But it's curious whether people are actually going to be developing at all in the future. We just saw, at Microsoft Build 25, GitHub Copilot coding agents. So it's another step closer to this full conversational experience of telling an agent what you need and allowing them to code it.

[Pinja] (4:32 - 4:56)

Yeah. So this is a new feature. We know that GitHub Copilot has been able to provide us coding assistance for quite some time with the power of AI.

But now you can actually do it and describe a feature within GitHub itself. And after that, you're going to get a pull request just for you to check. So that is even taking that step further from you and taking the code into your code base, but only having to check it.

[Darren] (4:56 - 5:31)

Yep. I don't know. I think we're getting closer to this vibe coding idea.

Yes. I know we've started seeing it. We've had some discussions about it.

We've seen some successes, some failures about it. But as the idea of conversational chatbots comes closer to DevOps, that is how we get actual vibe coding. If we get a conversational chatbot output being put through DevOps systems for things like testing, things like acceptance, and then have a verification on the other end, that's how we get to the point where it's more of the idea of what you want to build than the actual builder.

[Pinja] (5:31 - 6:20)

It does bring, of course, that as you say, vibe coding had not perhaps the best vibe to it. This was no pun intended here, by the way. But the idea, for example, that the quality of code has gone increasingly down in many studies, which has shown this.

So again, a nice tool. I think it will benefit mostly the more experienced coders and developers, but we need to be extremely careful in how we check the code, how we check the quality of things. Was this the feature that I really wanted to do?

Because again, we go back to the non-technical people and the ones who might not be as experienced as coders. I can take myself as an example. If I were to use this feature, I would have no idea how to check the quality of this code without actually going to somebody who knows what a good quality code should look like.

[Darren] (6:20 - 6:54)

And it's actually something we should probably talk about. There's a glimpse behind the curtain, not in our notes here. But one thing that's happened is over the last few weeks, we've seen information about stack overflows decline, that fewer and fewer people are going to stack overflow, that their traffic has dropped basically to the levels it was in 2009 when it started.

So big drop in traffic, mostly because of things like GPT. And now the agentic approach is probably going to end up being the death blow for stack overflow there.

[Pinja] (6:55 - 7:18)

I was looking at some graphs and the decline of stack overflow basically started three years ago. I think it was like early stages of 2022 when the number of edits and posts in stack overflow started to go down significantly. Of course, there's been some variations, just seasonal things happening.

But no, this was a really significant decline.

[Darren] (7:18 - 7:22)

Yeah. Significant drop right at the launch of ChatGPT.

[Pinja] (7:22 - 7:33)

Hey, we were talking about Microsoft. So let's continue with the company. And this is something a little different.

So Microsoft is laying off 3% of its people. So we're talking about 6,000 employees.

[Darren] (7:34 - 8:04)

Yeah. It's hard to know the reasons behind something like this without the information. And it should probably be stated that corporate restructuring happens.

I think if we look at the tech industry in general, the large companies have been laying off like 50,000 people since the start of the year. It's a number that sounds big, but while it may be driven by AI, it could, you know, corporate restructuring happen. So it's unfortunate that these situations come up, but they are not unusual.

No.

[Pinja] (8:04 - 8:36)

And in this case as well, the spokesperson for Microsoft has given a statement that they do continue to implement organizational changes. And everybody understands that these are necessary to accommodate the changes that we see in the market because it's faster than ever. It is true that they also reported better than expected results previously.

So late April, their forecast said, was $25 billion quarterly net income as well, which was better than expected. So it will be interesting to hear if we get more news about the reasons behind the layoffs.

[Darren] (8:36 - 9:27)

That's true. Up next, we have a maybe controversial topic from the US government. There's a new Take It Down Act, which is legislation to support the victims of deepfakes.

And on the surface, it seems like an extremely good thing, providing a path to legal prosecution, legal consequence for anyone who is a victim of a Deepfake attack, who's had their head superimposed on explicit images. And it's one of those things that sounds like it will be good. And if applied correctly, it will be good.

The potential for misuse, especially in an untrusted government like the current one is, I should say the current US one. I don't have anything against the Finnish government today. So yeah, in the untrusted US government, its potential for abuse is extremely high.

[Pinja] (9:27 - 9:50)

This is one of the first actions that the new US federal government is taking against potential harms from AI generated content. And previously, when we've been talking about the regulation around AI, the conversation has been more around Europe and especially the EU. So this is, in that sense, also a very interesting take.

[Darren] (9:50 - 10:28)

It is nice to see all the legislation appearing. However, now you mentioned the EU, let's talk about a rare win for Europe. On the 13th of May, NSA published the European Vulnerability Database.

So I think the funding for the old CVE database that was primarily funded by the US government got a bit spotty. And in response, the new European Vulnerability Database is now live. I think it's in beta.

And the aim of this is to serve as a centralized database, just as CVE did, and probably still does. But I'm hoping that the European version can be a more stable foundation for this going forward.

[Pinja] (10:29 - 10:44)

So the idea here is that we're going to have an assigned unique identifier for each of the vulnerabilities, right? So this is also including alternative IDs, which may be a CVE identifier or a vendor specific reference, right?

[Darren] (10:45 - 11:15)

Yep. And that's how it was with CVE. I think we're not seeing anything new here.

It's just, it's relatively nice to see the EU stepping up for something like this. Because as we've seen, something like this requires consistent funding. And it was a bit of a shock to the security community that the future of the CVE program might have been in question.

I've not heard much about that. And I imagine it would be funded regardless. But I'm pleased that the EU has stepped up.

I hope it becomes the new standard.

[Pinja] (11:15 - 11:34)

At least I'll be pushing it forward in that way. In that sense, we also like to see always when we consolidate information, and especially in this case, because this now allows the vulnerability data from different kinds of sources to be gathered into one place. So again, strengthening that security base from this angle.

[Darren] (11:34 - 11:52)

Yep. So if you want a one-stop shop to pick up your security information, go to the European Vulnerability Database. It's evd.enisa.europa.eu. All of those starting with E rather entertainingly. Okay, let's talk about our best friend. Let's talk about Jenkins.

[Pinja] (11:52 - 12:05)

Yes, this is good. Something else than AI. This is refreshing.

So we promised in the beginning, we do need to talk about AI, but we already covered the centralized database. But here, we're getting new Jenkins pipeline visualizations.

[Darren] (12:06 - 12:40)

Yep, there's this new pipeline graph view. It's a new redesign. It's modern.

It's the only thing about Jenkins that is but like, I love to abuse Jenkins. But this pipeline visualization actually looks very cool, especially from a point of view of non technical people to actually get them to understand what's happening in pipelines. So, you know, unified views, lots of customization, lots of improvements, and it's available now.

So you can go see an action on the core builds or just put it into use today.

[Pinja] (12:40 - 12:50)

So, but we thank Jenkins, you provided us a story that's not AI on AI on AI, provided by AI with AI. So this is a refreshing.

[Darren] (12:51 - 13:20)

It makes a nice change. On the topic of other subjects, we should also mention International Accessibility Awareness Day. On the 15th of May, we recorded a podcast where we talked a little bit about some various aspects of accessibility, including taking some potshots of our own website that I'm waiting for the angry messages from marketing about, but go give that a listen.

It was good to talk to some people from our UX and accessibility team.

[Pinja] (13:20 - 13:37)

It was indeed. We had our UX and accessibility experts, Marcos Tihumäki and Toni Laakso, join us in the episode. We agreed also in the episode that we don't talk enough about accessibility, because it's not just for people who might have some disability, but is basically serving everybody.

[Darren] (13:37 - 13:47)

Yep, it is. And I think the last thing we need to talk about today is how we, as a podcast, are the source for premier news.

[Pinja] (13:48 - 14:00)

So we're definitely going to turn this article into something we did and we contributed to. So we're talking about the BBC being obsessed now with saunas, and they've obviously listened to our sauna episode.

[Darren] (14:00 - 14:35)

Yep. A few weeks ago, we put out an episode about saunas because we didn't feel like talking about DevOps. We talked about various health aspects of it.

Someone at the BBC obviously listened because, quite recently, an article came out. Are saunas and cold plungers good for your health? And basically, if you look at this article, they really just copied what we talked about in the podcast.

So yeah, whoever out there in the UK is listening and stealing our discussion ideas, we are available as consultants. We know the BBC might need some help. So we're happy to dive in and get you started.

[Pinja] (14:35 - 14:46)

Indeed, we really know our saunas as people who listened to the sauna episode might know. So we're clearly more advanced in this section than the BBC. So I guess BBC, it's your move now.

[Darren] (14:46 - 15:00)

Yep, I think that's all we have. The episode's a bit shorter today, but at least we didn't just come on and say, okay, that's AI and we're done. No.

So we have a few more things that we were able to talk about. Thank you for joining us for this news episode. Thank you, Pinja, for presenting with me.

[Pinja] (15:00 - 15:02)

Thank you, Darren, as fun as always.

[Darren] (15:02 - 15:10)

And we hope you'll join us next time. We'll now tell you a little bit about who we are.

[Pinja] (15:10 - 15:14)

I'm Pinja Kujala. I specialize in Agile and portfolio management topics at Eficode.

[Darren] (15:15 - 15:17)

I'm Darren Richardson, Security Consultant at Eficode.

[Pinja] (15:18 - 15:20)

Thanks for tuning in. We'll catch you next time.

[Darren] (15:20 - 15:26)

And remember, if you like what you hear, please like, rate, and subscribe on your favorite podcast platform. It means the world to us.

Published:

DevOpsSauna Sessions