Software Engineering Radio - the podcast for profe 4p1u49

Paul Frazee, CTO of Bluesky, speaks with SE Radio's Jeremy Jung about the Authenticated Transfer Protocol (ATProto) used by the Bluesky decentralized social network. They discuss why ATProto was created, as well as how it differs from the ActivityPub open standard, the scaling limitations of peer-to-peer solutions, cryptographic decentralized identifiers, and creating a protocol based on experience with distributed systems. They also examine the role of personal data servers, relays, and app views, the benefits of using domain names, allowing s to create algorithmic feeds and moderation tools, and the challenges of content moderation. Brought to you by IEEE Computer Society and IEEE Software magazine.

Robert Seacord, the Standardization Lead at Woven by Toyota, the convenor of the C standards committee, and author of The CERT® C Coding Standard, Effective C, and Secure Coding in C and C++, speaks with SE Radio host Gavin Henry about What's New in the C Programming Language. They start with a review of the history of C and why it has a standard, and then they discuss what C23 brings and how programmers can take advantage of it. They consider the sectors in which C is most used and whether you should use C to start a brand new project in 2025. Seacord discusses 8 new things that C23 brings, use case examples, must haves, floating point numbers, how automotive systems use C, why C is used there, Rust vs C, compile time checks vs static analysis, all the various safety standards they can use, why you should use the right tool for the job and never trust input no matter the language.  Brought to you by IEEE Computer Society and IEEE Software magazine.

Lukas Gentele, CEO of Loft Labs, s host Robert Blumen for a discussion of kubernetes vclusters (virtual clusters). A vcluster is a kubernetes cluster that runs kubernetes application on a host kubernetes cluster. The conversation covers: vcluster basics; sharing models; what is owned by the vcluster and what is shared with the host; attached nodes versus shared nodes; the primary use case: multi-tenancy vcluster per tenant; alternatives - namespace per tenant, full cluster per tenant; trade-offs - isolation; less resource use; spin up time; scalability; how many clusters and how many vclusters should an org have? Deployment models for vclusters - helm chart with standard resources; vcluster operator; persistent storage models for vclusters; vcluster snapshotting, recovery, and migration. how many vclusters can run on a cluster? ingress, TLS and DNS. Brought to you by IEEE Computer Society and IEEE Software magazine.

Matthew Adams, Head of Security Enablement at Citi, s SE Radio host Priyanka Raghavan to explore the use of large language models in threat modeling, with a special focus on Matthew's work, Stride GPT. The episode kicks off with an overview of threat modeling, its applications, and the stages of the development life cycle where it fits in. They then discuss the STRIDE methodology and strideGPT, highlighting practical examples, the technology stack behind the application, and the tool's inputs and outputs. The show concludes with tips and tricks for optimizing tool outputs and advice on other open source projects that utilize generative AI to bolster cybersecurity defenses. Brought to you by IEEE Computer Society and IEEE Software magazine.

Praveen Gujar, Director of Product at LinkedIn, s SE Radio host Kanchan Shringi for a discussion on how generative AI (GenAI) is transforming digital advertising technology platforms. The conversation starts with a look at how GenAI facilitates scalable ad content creation, using self-attention mechanisms for customized ad generation. They explore AI's role in simplifying campaign management, automating tasks such as audience targeting and performance measurement. Praveen emphasizes that ad tech platforms use AI models tailored to different needs leveraging both first-party and third-party data sources, with privacy maintained through methods such as CAPI (conversion API). They also consider the differences between retrieval-augmented generation (RAG) and fine-tuning in AI models: Whereas RAG uses brand-specific data at runtime for precise ad content, fine-tuning focuses on broader model optimization. The segment highlights the importance of vector embeddings and vector search in storing and retrieving contextual content. Lastly, Praveen discusses the integration of AI teams within product development to improve collaboration and AI proficiency across organizations. Brought to you by IEEE Computer Society and IEEE Software magazine.

Matthew Skelton s host Giovanni Asproni to talk about team topologies—an approach to organizing teams for fast flow of value. The episode starts with a description of the underlying principles before exploring the approach in more detail. From there, they discuss when to consider implementing the approach; keys to a successful implementation; and some common mistakes to avoid. Brought to you by IEEE Computer Society and IEEE Software magazine.

Vinay Tripathi, a senior network engineer in Google Backbone Engineering and an 18-year network engineering veteran, discusses BGP optimization, a technique that's critical in achieving top goals in distributed applications. Host Philip Winston speaks with Tripathi about BGP, autonomous systems, peer grouping, router hardware and software, software-defined networks, and shared network optimization and debugging stories. Brought to you by IEEE Computer Society and IEEE Software magazine.

Tim McNamara, a well-known Rust educator, author of Rust in Action (Manning), and a recipient of a Rust Foundation Fellowship in 2023, speaks with SE Radio host Gavin Henry about error handling in Rust. They discuss the errors that Rust prevents, what an error is in Rust, what Tim classes as the "four levels of error handling," and the lifecycle of your journey reaching for them. McNamara explains why Rust handles errors as it does, how it differs from other languages, and what the developer experience is like in dealing with Rust errors. He advocates best practices for error handling, what Result is, the power of Rust Enums, what the question mark operator is, when to unwrap, what Box really means, how to deal with errors across the FFI boundary, and the various Rust error-handling crates that you can use to give you more control. Brought to you by IEEE Computer Society and IEEE Software magazine.

Ganesh Datta, co-founder of Cortex.io, s host Robert Blumen for a conversation about production readiness. The conversation covers the history of production readiness; its relationship to microservice architecture; the Google SRE model's impact on production readiness; production readiness checklists; the process; and production readiness transparency.

Simon Wijckmans, founder of c/side -- a company that focuses on monitoring, securing, and optimizing third-party JavaScript -- s SE Radio host Kanchan Shringi for a conversation about the security risks posed by third-party browser scripts. Through real-world examples and insights drawn from his work in web security, Simon highlights the dangers, including malicious attacks such as the recent Polyfill.io incident. He emphasizes the need for vigilant monitoring, as these third-party scripts remain essential for website functionalities like analytics, chatbots, and ads, despite their potential vulnerabilities. Simon explores the use of self-hosting solutions and content security policies (CSPs) to minimize risks, but he stresses that these measures alone are insufficient to fully safeguard websites.  As the discussion continues, they delve into the importance of layering security approaches. Simon advocates for combining techniques like CSPs, real-time monitoring, and AI-driven analysis, which his company c/side employs to detect and block malicious scripts. He also touches on the complexities of securing single-page applications (SPAs), which allow scripts to persist across pages without full reloads, increasing the attack surface for third-party vulnerabilities. Brought to you by IEEE Computer Society and IEEE Software magazine.

Catherine Nelson, author of the new O’Reilly book, Software Engineering for Data Scientists, discusses the collaboration between data scientists and software engineers -- an increasingly common pairing on machine learning and AI projects. Host Philip Winston speaks with Nelson about the role of a data scientist, the difference between running experiments in notebooks and building an automated pipeline for production, machine learning vs. AI, the typical pipeline steps for machine learning, and the role of software engineering in data science. Brought to you by IEEE Computer Society and IEEE Software magazine.

Jonathan Horvath of Z-bit discusses physical access control systems (PACS) with host Jeremy Jung. They start with an overview of PACS components and discuss the proprietary nature of the industry, the slow pace of migration to open standards, and why Windows is commonly used. Jonathan describes the security implications of moving from isolated networks to the cloud, as well as credential vulnerabilities, encryption using symmetric keys versus asymmetric keys, and the risks related to cloning credentials. They also consider several standards, including moving from Wiegand to the Open Supervised Device Protocol (OSDP), as well as the Public Key Open Credential (PKOC) standard, and the open source OSDP implementation that Jonathan authored. Brought to you by IEEE Computer Society and IEEE Software magazine.

Cody Ebberson, CTO of Medplum, s host Sam Taggart to discuss the constraints that working in regulated industries add to the software development process. They explore some general aspects of developing for regulated industries, such as medical and finance, as well as a range of specific considerations that can add complexity and effort. Cody describes how translating regulatory requirements into test specifications and automating those tests can help streamline software development in these regulated environments.  Brought to you by IEEE Computer Society and IEEE Software magazine.

Nick Tune and Jean-Georges Perrin host Giovanni Asproni to talk about their proposed approach to modernizing legacy systems. The episode starts with some high-level perspective to set context for the approach described in their book, Architecture Modernization (Manning, 2024). From there, the discussion turns to important details, including criteria for deciding which aspects to revisit; some of the activities, processes, and tools; and the importance of data engineering in modernization efforts. Nick and Jean-Georges describe how to successfully implement an architecture-modernization effort, and how to fit that work with the teams' other priorities. The episode finishes with some warnings about the typical risks associated with modernizing a legacy system, and suggestions on how to mitigate them. This episode is sponsored by QA Wolf.

Steve Smith, founder and principal architect at Nimble Pros, s host Jeff Doolittle for a conversation about software quality. The episode begins with a discussion of why software quality matters for businesses, customers, and developers. Steve explains some patterns and practices that help teams design for quality. They discuss in detail the practices of testing and quality assurance, and the conversation wraps up with suggestions for fostering a culture of quality in teams and organizations. Brought to you by IEEE Computer Society and IEEE Software magazine.

Sriram Panyam, CTO at DagKnows, discusses SaaS Control Planes with SE Radio host Brijesh Ammanath. The discussion starts off with the basics, examining what control planes are and why they're important. Sriram then discusses reasons for building a control plane and the challenges in deg one. They explore design and architectural considerations when building a SaaS control plane, as well as the key differences between a control plane and a data plane. This episode is sponsored by QA Wolf.

Stevie Caldwell, Senior Engineering Technical Lead at Fairwinds, s host Priyanka Raghavan to discuss zero-trust network reference architecture. The episode begins with high-level definitions of zero-trust architecture, zero-trust reference architecture, and the pillars of Zero Trust. Stevie describes four open-source implementations of the Zero Trust Reference Architecture: Emissary Ingress, Cert Manager, LinkerD, and the Policy Engine Polaris. Each component is explored to help clarify their roles in the Zero Trust journey. The episode concludes with a look at the future direction of Zero Trust Network Architecture. This episode is sponsored by QA Wolf.

Jim Bugwadia, CEO of Nimrata and a committer to the kyverno projects, s host Robert Blumen for a discussion of policy-as-code and the open source kyverno project. The discussion covers the nature of policies; policies and security; policies and compliance to standards; security scans that generate reports compared to tools that allow or deny operations at run time; kyberno as a kubernetes service; the kyveno helm charts; the components of kyverno; bootstrapping a kubernetes cluster with kyverno; installing policies; implementing policies; customizing policies; packaging and installing policies; kubernetes dynamic ission controllers; the kyverno ission controller; securing kyverno itself; observability of kyverno; types of reports and messages available to cluster s. This episode is sponsored by QA Wolf.

Itamar Friedman, the CEO and co-founder of CodiumAI, speaks with host Gregory M. Kapfhammer about how to use generative AI techniques to automated software testing. Their discussion centers around the design and use of Cover-Agent, an open-source implementation of the automated test augmentation tool described in the Foundations of Software Engineering (FSE) paper entitled “Automated Unit Test Improvement using Large Language Models at Meta“ by Alshahwan et al. The episode explores how large-language models (LLMs) can aid testers by automatically generating test cases that increase the code coverage of an existing testing suite. They also investigate other automated testing topics, including how Cover-Agent compares to different LLM-based tools and the strengths and weaknesses of using LLM-based approaches in software testing.

Goran Petrovic, a Staff Software Engineer at Google, speaks with host Gregory M. Kapfhammer about how to perform mutation testing on large software systems. They explore the design and implementation of the mutation testing infrastructure at Google, discussing the strategies for ensuring that it enhances both developer productivity and software quality. They also investigate the findings from experiments that quantify how mutation testing enables software engineers at Google to write better tests that can detect defects and increase confidence in software correctness. Brought to you by IEEE Computer Society and IEEE Software magazine.