Jonathan Lalou's Blog

Archive for the ‘General’ Category

Ori Pekelman, co-founder and Chief Strategy Officer at Platform.sh, a vanguard in cloud orchestration renowned for its B Corp ethos and gold-tier sustainability accolades from EcoVadis and Greenly, delivered a sanguine exploration at DotAI 2024. With a career steeped in open-source advocacy and privacy preservation, Pekelman dissected the deployment dialectic: optimizing large language models not merely for velocity but for vitality—ensuring computational cascades contribute to ecological equilibrium. His address, laced with levity—from kitten conjurations to carbon calculus—illuminated pathways where ingenuity intersects with introspection, urging practitioners to calibrate choices that cherish both efficacy and Earth.

Decoding the Deployment Dilemma: From Data Centers to Decarbonization

Pekelman pierced the veil of AI’s ecological ledger, positing that while large language model ecosystems emit a mere sliver—under 0.03% of planetary particulates—the trajectory toward terawatt tempests demands deliberate design. He heralded nascent nobility: entities embracing the Climate Pledge, carbon-neutral chronicles since antiquity, and B Corp beacons like Platform.sh, where audits affirm stewardship across spectra.

Yet, profundity prevails in pragmatism. Pekelman parsed provisioning pitfalls: hyperscalers’ hegemony, where NVIDIA’s nexus narrows options, yielding underutilization—GPUs idling at 20-30% amid middleware morasses. Liberation lurks in lattice diversification: AMD’s MI300X matrices mirroring Mistral’s mandates, Intel’s Gaudi grappling Grok’s girth—plurality propelling progress, decentralizing dependency while diluting draw.

Liquid cooling’s liberation emerged as linchpin: kilowatt cascades in cabinets, thermals tamed to turbocharge throughput sans thermal throttling. Virtualization’s vanguard—passthrough partitions, SR-IOV’s segmented surges—ensconces enclaves in isolation, ironclad against interference, sans silos’ silos.

Storage’s strata summoned scrutiny: NVMe’s nexus, disaggregated via Ethernet’s expanse—RDMA’s relays rivaling PCIe proximity. Pekelman pondered cold starts’ scourge: seconds squandered in summoning sentinels, autoscalers adrift. Remedies resonate in replication: memory mirroring, snapshots sequestering states for millisecond resurrections on CPUs, aspiring to accelerator alacrity through PCIe Gen5’s gales—500GB/s conduits coursing currents.

Hints from heights harmonize: applications augur accesses, prefetching payloads—caches clairvoyant, latencies lacerated. Pekelman’s prism: omnipresent optimizations, from opcode osmosis to orchestration oases—layers layered in synergy.

Navigating Novelties: Toward Tenfold Thrift and Thoughtful Trade-Offs

Pekelman’s prognosis pulsed with promise: tenfold thrift by tomorrow’s dawn, leviathans liberated for legions, where monetary metrics meld with moral mandates. Yet, yield yields to yield: synchronous summons to eight-H100 hordes herald hubris, unsustainable sans science’s salve—no sorcery signals salvation in silicon’s span.

Green gradients gleam in GPU eschewal: CPU cascades for cached queries, PG Vector’s prowess in proximity. Retrieval’s renaissance: vector vaults as versatile vaults—latent layers’ low-dimensional distillates, semantic sentinels for distance-driven discoveries, eclipsing exhaustive embeddings.

Pekelman pivoted to pipelines: RAG’s retrievals, not rote recitations—embeddings as echoes, obviating oracles. His heuristic: hoard hints—fine-tunes as fulcrums, inferences as investments—where uncached calls cull kittens, cached cascades conserve.

In epilogue, Pekelman exhorted equilibrium: trade-offs as talismans—code’s cadence over convenience’s caress, safety’s sanctuary over splendor’s siren. Platform.sh’s paragon: audits affirming affinity, where infrastructure inspires introspection. As he quipped, “Save kittens”—a summons to stewardship, where deployments dance delicately, dignifying digits and domain alike.

Links:

• Platform.sh Website
• Ori Pekelman on LinkedIn

In the exhilarating epicenter of emergent engineering, where generative grammars graft onto granular goals, Marc Cohen and Mete Atamel, a dynamic duo of developer advocates, dissect the delights and dilemmas of deploying a GenAI quiz quest. Marc, a Google Cloud sage, and Mete, a London-based luminary, limn their labyrinthine launch: an interactive trivia titan, turbocharged by text-to-quiz transformers, traversing from ideation to iteration. Their tale, tempered by trials and triumphs, tempers enthusiasm with empiricism, extracting edicts for ensembles eyeing AI augmentation.

Marc and Mete meander from mundane meetings—Gemini-fueled frivolities birthing brain-teasers—to blueprinting a bespoke bot: prompts pioneering puzzles, Vertex AI vending variety. Their venture: a web wizard weaving whimsy, where users umpire uniqueness, quizzes quizzing quaestions quarterly.

Ideation to Implementation: Igniting the Interactive

Genesis gleamed in a Google gabfest: Gemini’s garrulous games germinated a gadget for GDD—Google Developer Days—gamifying gaps in grasp. Marc’s maiden foray: manual mocks, mired in monotony, morphed via Vertex AI’s verve—prompts pulsing personalities, quizzes questing quandaries.

Mete’s mastery: modularize might—microservices marshalling models, Cloud Run cradling containers. Their synergy: separation of synthesis and scrutiny, safeguards staving spurious spiels via safety settings.

Pitfalls and Panaceas: Prompting Precision

Prompts proved pivotal: personas personifying pizzazz—”pirate patter”—yet perils prowled: profanities percolating, inaccuracies amassing. Marc’s mitigation: modular mandates—system strictures scripting safeguards, few-shot finesses finagling fidelity.

Costs crept: characters cashed credits, caching curbed cascades. Their calculus: quotas quelled quiescence, quotas quashing queues.

Live Labyrinths: Latency and Learner Loops

Latency loomed large: live quizzes languished, learners lagging. Marc’s maneuver: asynchronous artistry—prefab puzzles poised, personalization post-facto. Feedback’s finesse: thumbs-up tallies tailoring topics, Vertex’s vectors vectoring variety.

Their tableau: a Twitch-streamed spectacle, spectators selecting spheres, quizzes quizzing quaestions—engagement eclipsing expectations.

Edicts Extracted: Engineering Enlightenment

Lessons luminated: prompts as poetry—precise, persistent; modularity’s merit—micro over monolith; costs as calculus—cache, cull. Marc and Mete’s missive: GenAI gamifies growth, yet guardrails guide greatness.

Links:

• Google Cloud company website
• Marc Cohen on LinkedIn
• Mete Atamel on LinkedIn

Lecturer

The session features AWS security specialists who architect the AI security substrate, combining expertise in machine learning operations, formal methods, and cloud-native controls. Their work spans Bedrock Guardrails, SageMaker security boundaries, and agentic workflow protection.

Abstract

The presentation constructs a comprehensive AI security framework that accelerates development while maintaining enterprise-grade controls. Through layered defenses—data provenance, model isolation, runtime guardrails, and agentic supervision—it demonstrates how AWS transforms AI security from a deployment blocker into an innovation catalyst, with real-world deployments illustrating production readiness.

AI Security Risk Taxonomy and Defense Layering

AI systems introduce novel threat vectors: training data poisoning, prompt injection, model inversion, and agentic escape. AWS categorizes these across the ML lifecycle:

1. Data Layer: Provenance tracking, differential privacy, synthetic data generation
2. Model Layer: Isolation via confidential computing, integrity verification
3. Inference Layer: Input/output filtering, rate limiting, behavioral monitoring
4. Agentic Layer: Tool access control, execution sandboxing, human-in-loop gates

Defense in depth applies at each stratum, with controls compounding rather than duplicating effort.

Data Security and Provenance Foundation

Data forms the bedrock of AI trustworthiness. Amazon Macie now classifies training datasets, identifying PII leakage before model ingestion. SageMaker Feature Store implements cryptographic commitment—hashing datasets to immutable ledger entries—enabling audit trails for regulatory compliance.

\# SageMaker data provenance
feature_group = FeatureGroup(name="credit-risk")
feature_group.create(...)
commit_hash = feature_group.commit(data_frame)
audit_log.put(commit_hash, metadata)

This provenance chain supports model cards that document training data composition, bias metrics, and fairness constraints, satisfying EU AI Act requirements.

Model Isolation and Confidential Computing

Model intellectual property requires protection equivalent to source code. AWS Nitro Enclaves provide hardware-isolated execution environments:

\# Enclave attestation document
curl --cert enclave.crt --key enclave.key \
  https://enclave.local/attestation

The enclave receives encrypted model weights, decrypts internally, and serves inferences without exposing parameters. Memory encryption and remote attestation prevent exfiltration even from privileged host processes. Bedrock custom models execute within enclaves by default, eliminating trust in underlying infrastructure.

Runtime Guardrails and Content Moderation

Amazon Bedrock Guardrails implement multi-faceted content filtering:

{
  "blockedInputMessaging": "Policy violation",
  "blockedOutputsMessaging": "Response blocked",
  "contentPolicyConfig": {
    "filtersConfig": [
      {"type": "HATE", "inputStrength": "HIGH"},
      {"type": "PROMPT_INJECTION", "inputStrength": "MEDIUM"}
    ]
  }
}

Filters operate at token level, with configurable strength thresholds. PII redaction, topic blocking, and word denylists combine with contextual analysis to prevent jailbreak attempts. Guardrails integrate with CodeWhisperer to scan generated code for vulnerabilities before execution.

Agentic AI Supervision and Execution Control

Agentic workflows—LLMs that invoke tools, APIs, or other models—amplify risk surface. AWS implements execution sandboxing:

@bedrock_agent
def trading_agent(prompt):
    tools = [
        {"name": "execute_trade", "permissions": "trading:execute"},
        {"name": "read_portfolio", "permissions": "trading:read"}
    ]
    return agent.invoke(prompt, tools)

IAM-bound tool invocation ensures least privilege. Step Functions orchestrate multi-agent workflows with approval gates for high-risk actions. Anthropic’s enterprise deployment uses this pattern to route sensitive queries through human review while automating routine analysis.

Production Deployments and Operational Resilience

Robinhood’s AI-powered fraud detection processes 10 million transactions daily using SageMaker endpoints behind WAF rules that detect prompt injection patterns. BMW’s infrastructure optimization agent operates across 1,300 accounts with VPC-private networking and KMS-encrypted prompts.

These deployments share common patterns:
– Immutable infrastructure via ECS Fargate
– Blue/green model updates with Shadow Mode testing
– Continuous evaluation using held-out datasets
– Automated rollback triggered by drift detection

Future Threat Modeling and Adaptive Controls

Emerging risks—model stealing via API querying, adversarial example crafting—require proactive modeling. AWS invests in automated reasoning to prove guardrail efficacy against known attack classes. Formal methods verify that prompt filters cannot be bypassed through encoding obfuscation.

Agentic systems introduce non-deterministic execution paths. Step Functions now support probabilistic branching with confidence thresholds, routing uncertain decisions to human oversight. This hybrid approach balances automation velocity with risk management.

Conclusion: Security as AI Innovation Substrate

The AWS AI security framework demonstrates that rigorous controls need not impede velocity. By providing data provenance, model isolation, runtime guardrails, and agentic supervision as managed services, AWS enables organizations to progress from proof-of-concept to production without security debt. The flexible control plane—configurable via console, API, or IaC—adapts to evolving regulations and threat landscapes. Security becomes the substrate that accelerates AI adoption, transforming defensive posture into competitive advantage.

Links:

• Lecture Video

Managing a large, multi-team codebase is a monumental task, especially when it has evolved over many years. Introducing architectural changes and maintaining consistency across autonomous teams adds another layer of complexity. In a comprehensive discussion, Tristan Hamilton, a distinguished member of the HubSpot team, presented a strategic approach to future-proofing Android codebases by leveraging static analysis tools like KtLint and Detekt.

Tristan began by framing the challenges inherent in a codebase that has grown and changed for over eight years. He emphasized that without robust systems, technical debt can accumulate, and architectural principles can erode as different teams introduce their own patterns. The solution, he proposed, lies in integrating automated guardrails directly into the continuous integration (CI) pipeline. This proactive approach ensures a consistent level of code quality and helps prevent the introduction of new technical debt.

He then delved into the specifics of two powerful static analysis tools: KtLint and Detekt. KtLint, as a code linter, focuses on enforcing consistent formatting and style, ensuring that the codebase adheres to a single, readable standard. Detekt, on the other hand, is a more powerful static analysis tool that goes beyond simple style checks. Tristan highlighted its ability to perform advanced analysis, including type resolution, which allows it to enforce architectural patterns and detect complex code smells that a simple linter might miss. He shared practical examples of how Detekt can be used to identify and refactor anti-patterns, such as excessive class size or complex methods, thereby improving the overall health of the codebase.

A significant part of the talk was dedicated to a specific, and crucial, application of these tools: safely enabling R8, the code shrinker and optimizer, in a multi-module Android application. The process is notoriously difficult and can often lead to runtime crashes if not handled correctly. Tristan showcased how custom Detekt rules could be created to enforce specific architectural principles at build time. For instance, a custom rule could ensure that certain classes are not obfuscated or that specific dependencies are correctly handled, effectively creating automated safety nets. This approach allowed the HubSpot team to gain confidence in their R8 configuration and ship with greater speed and reliability.

Tristan concluded by offering a set of key takeaways for developers and teams. He underscored the importance of moving beyond traditional static analysis and embracing tools that can codify architectural patterns. By automating the enforcement of these patterns, teams can ensure the integrity of their codebase, even as it grows and evolves. This strategy not only reduces technical debt but also prepares the codebase for future changes, including the integration of new technologies and methodologies, such as Large Language Model (LLM) generated code. It is a powerful method for building robust, maintainable, and future-ready software.

Links:

• HubSpot website
• Code Quality at Scale: Future Proof Your Android Codebase with KtLint and Detekt | Tristan Hamilton

Google Cloud and Workspace offer a comprehensive suite of tools designed to simplify software development and enhance productivity. Richard Seroter’s overview showcased recent advancements, emphasizing infrastructure, AI capabilities, and integrations that empower creators to build efficiently and scalably.

AI Infrastructure and Model Advancements

Richard began with Google Cloud’s vertically integrated AI stack, from foundational infrastructure like TPUs and GPUs to accessible services for model building and deployment. The Model Garden stands out as a hub for discovering over 130 first-party and third-party models, facilitating experimentation.

Gemini models, including 1.5 Pro and Flash, provide multimodal reasoning with expanded context windows—up to two million tokens—enabling complex tasks like video analysis. Vertex AI streamlines customization through techniques like RAG and fine-tuning, supported by tools such as Gemini Code Assist for code generation and debugging.

Agent Builder introduces no-code interfaces for creating conversational agents, integrating with databases and APIs. Security features, including watermarking and red teaming, ensure responsible deployment. Recent updates, as of May 2024, include Gemini 1.5 Flash for low-latency applications.

Data Management and Analytics Enhancements

BigQuery’s evolution incorporates AI for natural language querying, simplifying data exploration. Gemini in BigQuery generates insights and visualizations, while BigQuery Studio unifies workflows for data engineering and ML.

AlloyDB AI embeds vector search for semantic querying, enhancing RAG applications. Data governance tools like Dataplex ensure secure, compliant data handling across hybrid environments.

Spanner’s dual-region configurations and interleaved tables optimize global, low-latency operations. These features, updated in 2024, support scalable, AI-ready data infrastructures.

Application Development and Security Tools

Firebase’s Genkit framework aids in building AI-powered apps, with integrations for observability and deployment. Artifact Registry’s vulnerability scanning bolsters security.

Cloud Run’s CPU allocation during requests improves efficiency for bursty workloads. GKE’s Autopilot mode automates cluster management, reducing operational overhead.

Security enhancements include Confidential Space for sensitive data processing and AI-driven threat detection in Security Command Center. These 2024 updates prioritize secure, performant app development.

Workspace Integrations and Productivity Boosts

Workspace APIs enable embedding features like smart chips and add-ons into custom applications. New REST APIs for Chat and Meet facilitate notifications and event management.

Conversational agents via Dialogflow enhance user interactions. These tools, expanded in 2024, foster seamless productivity ecosystems.

Links:

• Richard Seroter on LinkedIn

TL;DR:
To back up all your Docker images safely, use docker save to export them and gzip to compress them.
Then, when you need to restore, use docker load to re-import everything.
Below you’ll find production-ready Bash scripts for automated backup and restore — complete with compression and error handling.

📦 Why You Need This

Whether you’re upgrading your system, cleaning your Docker environment, or migrating to another host, exporting your local images is crucial. Docker’s built-in commands make this possible, but using them manually for dozens of images can be tedious and space-inefficient.
This article provides automated scripts that will:

• Backup every Docker image individually,
• Compress each file with gzip for storage efficiency,
• Restore all images automatically with a single command.

🧱 Backup Script (backup_docker_images.sh)

The script below exports all Docker images, one by one, into compressed .tar.gz files.
Each image gets its own archive, named after its repository and tag.

#!/bin/bash
# --------------------------------------------
# Backup all Docker images into compressed .tar.gz files
# --------------------------------------------

BACKUP_DIR=~/docker-backup
mkdir -p "$BACKUP_DIR"
cd "$BACKUP_DIR" || exit 1

echo "📦 Starting Docker image backup..."
echo "Backup directory: $BACKUP_DIR"
echo

for image in $(docker image ls --format "{{.Repository}}:{{.Tag}}"); do
  # sanitize file name
  safe_name=$(echo "$image" | tr '/:' '__')
  outfile="${safe_name}.tar"
  gzfile="${outfile}.gz"

  echo "🟢 Saving $image → $gzfile"

  # Save and compress directly (no uncompressed tar left behind)
  docker save "$image" | gzip -c > "$gzfile"

  if [ $? -eq 0 ]; then
    echo "✅ Successfully saved $image"
  else
    echo "❌ Error saving $image"
  fi
  echo
done

echo "🎉 Backup complete!"
ls -lh "$BACKUP_DIR"/*.gz

💡 What This Script Does

• Creates a ~/docker-backup directory automatically.
• Iterates over every local Docker image.
• Uses docker save piped to gzip for direct compression.
• Prints friendly success and error messages.

Result: You’ll get a set of compressed files like:

jonathan-tomcat__latest.tar.gz
jonathan-mysql__latest.tar.gz
jonathan-grafana__latest.tar.gz
...

🔁 Restore Script (restore_docker_images.sh)

This companion script automatically restores every compressed image. It detects both .tar.gz and .tar files in the backup directory, decompresses them, and loads them back into Docker.

#!/bin/bash
# --------------------------------------------
# Restore all Docker images from .tar.gz or .tar files
# --------------------------------------------

BACKUP_DIR=~/docker-backup
cd "$BACKUP_DIR" || { echo "❌ Backup directory not found: $BACKUP_DIR"; exit 1; }

echo "🚀 Starting Docker image restore from $BACKUP_DIR"
echo

for file in *.tar.gz *.tar; do
  [ -e "$file" ] || { echo "No backup files found."; exit 0; }

  echo "🟡 Loading $file..."
  if [[ "$file" == *.gz ]]; then
    gunzip -c "$file" | docker load
  else
    docker load -i "$file"
  fi

  if [ $? -eq 0 ]; then
    echo "✅ Successfully loaded $file"
  else
    echo "❌ Error loading $file"
  fi
  echo
done

echo "🎉 Restore complete!"
docker image ls

💡 How It Works

• Automatically detects .tar.gz or .tar backups.
• Decompresses each one and loads it into Docker.
• Prints progress updates as it restores each image.

After running it, your local Docker environment will look exactly like before — same repositories, tags, and image IDs.

⚙️ How to Use

1️⃣ Backup All Docker Images

chmod +x backup_docker_images.sh
./backup_docker_images.sh

You’ll see a live summary of each image as it’s saved and compressed.

2️⃣ Restore Later (After a Prune or Reinstall)

chmod +x restore_docker_images.sh
./restore_docker_images.sh

Docker will reload each image automatically, maintaining all original metadata.

💾 Bonus: Cleaning and Rebuilding Your Docker Environment

If you want to clear all Docker data before restoring your images, run:

docker system prune -a --volumes

⚠️ Warning: This deletes all containers, images, networks, and volumes.
Afterward, simply run the restore script to bring your images back.

🧠 Why Use Gzip?

Docker image archives are often large — several gigabytes each. Compressing them with gzip:

• Saves 30–70% of disk space,
• Speeds up transfers (especially over SSH),
• Keeps the backups cleaner and easier to manage.

You can still restore them directly with gunzip -c file.tar.gz | docker load — no decompression step required.

✅ Summary Table

🚀 Conclusion

Backing up your Docker images is a crucial part of any development or CI/CD workflow. With these two scripts, you can protect your local Docker environment from accidental loss, disk cleanup, or reinstallation.
By combining docker save and gzip, you ensure both efficiency and recoverability — making your Docker workstation fully portable and disaster-proof.

Keep calm and backup your containers 🐳💾

Phil Nash, a developer relations engineer at DataStax, delivers a comprehensive guide to leveraging generative AI in JavaScript at NDC Melbourne 2025. His talk demystifies the process of building AI-powered applications, emphasizing that JavaScript developers can harness existing skills to create sophisticated solutions without needing deep machine learning expertise. Through practical examples and insights into tools like Gemini and retrieval-augmented generation (RAG), Phil empowers developers to explore this rapidly evolving field.

Understanding Generative AI Fundamentals

Phil begins by addressing the excitement surrounding generative AI, noting its accessibility since the release of the GPT-3.5 API two years ago. He emphasizes that JavaScript developers are well-positioned to engage with AI due to robust tooling and APIs, despite the field’s Python-centric origins. Using Google’s Gemini model as an example, Phil demonstrates how to generate content with minimal code, highlighting the importance of understanding core concepts like token generation and model behavior.

He explains tokenization, using OpenAI’s byte pair encoding as an example, where text is broken into probabilistic tokens. Parameters like top-k, top-p, and temperature allow developers to control output randomness, with Phil cautioning against overly high settings that produce nonsensical results, humorously illustrated by a chaotic AI-generated story about a gnome.

Enhancing AI with Prompt Engineering

Prompt engineering emerges as a critical skill for refining AI outputs. Phil contrasts zero-shot prompting, which offers minimal context, with techniques like providing examples or system prompts to guide model behavior. For instance, a system prompt defining a “capital city assistant” ensures concise, accurate responses. He also explores chain-of-thought prompting, where instructing the model to think step-by-step improves its ability to solve complex problems, such as a modified river-crossing riddle.

Phil underscores the need for evaluation to ensure prompt reliability, as slight changes can significantly alter outcomes. This structured approach transforms prompt engineering from guesswork into a disciplined practice, enabling developers to tailor AI responses effectively.

Retrieval-Augmented Generation for Contextual Awareness

To address AI models’ limitations, such as outdated or private data, Phil introduces retrieval-augmented generation (RAG). RAG enhances models by integrating external data, like conference talk descriptions, into prompts. He explains how vector embeddings—multidimensional representations of text—enable semantic searches, using cosine similarity to find relevant content. With DataStax’s Astra DB, developers can store and query vectorized data efficiently, as demonstrated in a demo where Phil’s bot retrieves details about NDC Melbourne talks.

This approach allows AI to provide contextually relevant answers, such as identifying AI-related talks or conference events, making it a powerful tool for building intelligent applications.

Streaming Responses and Building Agents

Phil highlights the importance of user experience, noting that AI responses can be slow. Streaming, supported by APIs like Gemini’s generateContentStream, delivers tokens incrementally, improving perceived performance. He demonstrates streaming results to a webpage using JavaScript’s fetch and text decoder streams, showcasing how to create responsive front-end experiences.

The talk culminates with AI agents, which Phil describes as systems that perceive, reason, plan, and act using tools. By defining functions in JSON schema, developers can enable models to perform tasks like arithmetic or fetching web content. A demo bot uses tools to troubleshoot a keyboard issue and query GitHub, illustrating agents’ potential to solve complex problems dynamically.

Conclusion: Empowering JavaScript Developers

Phil concludes by encouraging developers to experiment with generative AI, leveraging tools like Langflow for visual prototyping and exploring browser-based models like Gemini Nano. His talk is a call to action, urging JavaScript developers to build innovative applications by combining AI capabilities with their existing expertise. By mastering prompt engineering, RAG, streaming, and agents, developers can create powerful, user-centric solutions.

Links:

• DataStax company website
• Phil Nash on Twitter/X

TL;DR:

If you installed Ubuntu 22.04 on Windows 11 using WSL2 and the system never prompted you to create a user, it means the initial setup script did not run correctly. You are now logging in as root directly. To fix this, manually create your user, grant it sudo rights, and set it as the default login account:

sudo adduser jlalou
sudo usermod -aG sudo jlalou
ubuntu2204.exe config --default-user jlalou

After restarting WSL, you’ll log in as a normal user with administrator privileges.

🧩 Understanding the Issue

When you install Ubuntu from the Microsoft Store or via the wsl --install command, WSL normally runs a first-launch configuration script. That script asks for a username, sets a password, adds the user to the sudo group, and makes it the default account for future sessions.

If that welcome prompt never appeared, Ubuntu is skipping its initialization phase. This often happens when:

• The first start was interrupted or closed prematurely.
• The distribution was imported manually with wsl --import.
• You started WSL as root before the setup script ran.

In this case, WSL falls back to the default root account, leaving no regular user configured.

✅ Step-by-Step Solution

1️⃣ Create Your User Manually

Launch your Ubuntu terminal (it will open as root), then create your desired user account:

adduser jlalou

Enter a password when prompted, and confirm the optional user details. Next, give this new account administrative privileges:

usermod -aG sudo jlalou

You can confirm the membership with:

grep jlalou /etc/group

If you see sudo listed among the groups, the user has been successfully added.

2️⃣ Make This User the Default Login Account

List your installed distributions:

wsl -l -v

You’ll see something like:

NAME            STATE           VERSION
* Ubuntu-22.04   Running         2

In PowerShell (or Command Prompt), set your new user as the default:

ubuntu2204.exe config --default-user jlalou

(The command name may vary slightly—use Get-Command *ubuntu* in PowerShell if you’re unsure.)

Close all Ubuntu windows and reopen WSL. You should now log in automatically as jlalou.

3️⃣ Verify Everything Works

Once inside the shell, check your identity and privileges:

whoami
# Expected output: jlalou

sudo ls /root
# Should prompt for your password and succeed

If both commands work, your configuration is complete.

🔁 Optional: Trigger the Initial Setup from Scratch

If you prefer to start over and allow Ubuntu’s built-in setup wizard to handle everything automatically, simply unregister and reinstall the distribution:

wsl --unregister Ubuntu-22.04
wsl --install -d Ubuntu-22.04

Upon first launch, Ubuntu will display:

Installing, this may take a few minutes...
Please create a default UNIX user account.

From there you can define your username and password normally.

🧠 Why This Happens

WSL integrates tightly with Windows, but when the initialization script fails, it bypasses Ubuntu’s user-creation process. This can occur when the image is imported, cloned, or restored without the metadata WSL expects. As a result, Ubuntu runs entirely as root, skipping all onboarding logic.

While this is convenient for testing, it’s not secure or practical for daily use. Running as a dedicated user with sudo access ensures safer file permissions, a more predictable environment, and compatibility with Ubuntu’s standard management tools.

🧾 Summary Table

🚀 Conclusion

Missing the initial user setup prompt in Ubuntu 22 under WSL2 can be confusing, but it’s easily corrected. Creating a dedicated user and assigning sudo privileges restores the intended WSL experience—secure, organized, and fully functional. Once configured, you can enjoy seamless integration between Windows 11 and Ubuntu, with the flexibility and power of both operating systems at your fingertips.

Thanassis Bantios, VP of Engineering at T-Food, delivered a 17-minute talk at Devoxx Greece 2025 on managing component ownership in feature teams.

The Feature Team Dilemma

Bantios narrated a story of Helen, an entrepreneur scaling an online delivery startup. Initially, a small team communicated easily, but growth led to functional teams and a backend monolith, complicating contributions. Adopting microservices split critical components like orders and menu services, but communication broke down as features required multiple teams. Agile cross-functional teams solved this, enabling autonomy, but neglected component ownership, risking a “Frankenstein” codebase.

Defining Component Ownership

A component, deployable independently (e.g., backend service or client app), needs ownership to maintain health, architecture, documentation, and code reviews. Bantios stressed teams, not individuals, should own components to avoid risks like staff turnover. Using the Spotify matrix model, client components (e.g., Android) and critical backend services (e.g., menu service) are owned by chapters (craft-based groups like Android developers), ensuring knowledge sharing and manageable on-call rotations. Non-critical services, like ratings, can be team-owned.

Inner Sourcing for Speed

Inner sourcing allows any team to contribute to any component, reducing dependencies. Bantios emphasized standardization (language, CI/CD, architecture) to simplify contributions, focusing only on business logic. He suggested rating components on an inner-sourcing score (test coverage, documentation) and dedicating 20% of time to component backlogs. This prevents technical debt in feature-driven environments, ensuring fast, scalable development.

Links

• T-Food
• Devoxx Greece