Software Engineering Radio - the podcast for professional software developers

Malcolm Matalka, founder of Terrateam, joins host Giovanni Asproni to talk about the reasoning behind choosing a not-so-widespread language (OCaml) and (almost) totally avoiding frameworks for the development of Terrateam. While discussing the reasons for choosing this specific programming language and the advantages and disadvantages of using external frameworks, they also consider a range of related topics, including static vs. dynamic typing, the use of monorepos, and the advantages of choosing a single language that can be used both for web front ends and server back ends. The episode ends with lessons learned that can be applied to other contexts and projects. Brought to you by IEEE Computer Society and IEEE Software magazine.

Emre Baran, CEO and co-founder of Cerbos, and Alex Olivier, CPO and co-founder, join SE Radio host Priyanka Raghavan to explore "stateless decoupled authorization frameworks. The discussion begins with an introduction to key terms, including authorization, authorization models, and decoupled frameworks. They dive into the challenges of building decoupled authorization, as well as the benefits of this approach and the operational hurdles. The conversation shifts to Cerbos, an open-source policy-based access control framework, comparing it with OPA (Open Policy Agent). They also delve into Cerbos's technical workings, including specification definitions, GitOps integration, examples of usage, and deployment strategies. The episode concludes with insights into potential trends in the authorization space. This episode is sponsored by Penn Carey Law school

Tyler Flint, CEO of qpoint.io, joins host Robert Blumen for a conversation about managing external vendor dependencies, including several best practices for adoption. They start with a look at internal versus external services, including details such as the footprint of external services within a micro-services application, and difficulties organizations have tracking their service consumption, quantifying service consumption, and auditing external services. Tyler also discusses the security implications of external services, including authentication and authorization. They examine metrics and monitoring, with recommendations on the key metrics to collect, as well as acceptable error rates for external services. From there they consider what can go wrong, how to respond to external service outages, and challenges related to testing external services. The episode wraps up with a discussion of qPoint's migration from a proxy-based solution to one based on eBPF kernel probes. Brought to you by IEEE Computer Society and IEEE Software magazine.

In this engaging discussion, guest Vlad Khononov, a seasoned software architect and author, delves into the intricate world of coupling in software design. He introduces his concept of integration strength, aiming to simplify traditional coupling frameworks. The conversation covers the three dimensions of coupling: knowledge sharing, component distance, and volatility. Vlad emphasizes how mindful design decisions can either complicate or modularize systems, enhancing their adaptability and reducing cognitive load. He offers practical advice for applying these principles in real-world projects.

Sunil Mallya, co-founder and CTO of Flip AI, discusses small language models with host Brijesh Ammanath. They begin by considering the technical distinctions between SLMs and large language models. LLMs excel in generating complex outputs across various natural language processing tasks, leveraging extensive training datasets on with massive GPU clusters. However, this capability comes with high computational costs and concerns about efficiency, particularly in applications that are specific to a given enterprise. To address this, many enterprises are turning to SLMs, fine-tuned on domain-specific datasets. The lower computational requirements and memory usage make SLMs suitable for real-time applications. By focusing on specific domains, SLMs can achieve greater accuracy and relevance aligned with specialized terminologies. The selection of SLMs depends on specific application requirements. Additional influencing factors include the availability of training data, implementation complexity, and adaptability to changing information, allowing organizations to align their choices with operational needs and constraints. This episode is sponsored by Codegate.

Pete Warden, CEO of Useful Sensors and a founding member of the TensorFlow team at Google, discusses TinyML, the technology enabling machine learning on low-power, small-footprint devices. This innovation opens up applications such as voice-controlled devices, offline translation tools, and smarter embedded systems, which are crucial for privacy and efficiency. SE Radio host Kanchan Shringi speaks with Warden about challenges like model compression, deployment constraints, and privacy concerns. They also explore applications in agriculture, healthcare, and consumer electronics, and close with some practical advice from Pete for newcomers to TinyML development. Brought to you by IEEE Computer Society and IEEE Software magazine.

Brenden Matthews, a seasoned software engineer, entrepreneur, and author of the Idiomatic Rust and Code Like a Pro in Rust books (both from Manning), speaks with SE Radio host Gavin Henry about Idiomatic Rust. They start with a look at what "idiomatic" means, and then discuss Generics, Traits, common design patterns you'll see in well written Rust code, and anti-patterns to avoid. Matthews suggests some tools that can help you immediately write idiomatic Rust, as well as what building blocks can also help. This episode examines what Generics are and how they compare to other languages, as well as what Traits are, how macros help, what a Fluent Interface is, and why unwrap() is bad. They also discuss what code smells to look out for, Clone, Copy, and a really nice place to go read real-world Idiomatic Rust code. Brought to you by IEEE Computer Society and IEEE Software magazine.

Tanya Janca, author of Alice and Bob Learn Secure Coding, discusses secure coding and secure software development life cycle with SE Radio host Brijesh Ammanath. This session explores how integrating security into every phase of the SDLC helps prevent vulnerabilities from slipping into production. Tanya strongly recommends defining security requirements early, and discusses the importance of threat modeling during design, secure coding practices, testing strategies such as static, dynamic, and interactive application security testing (SAST, DAST and IAST), and the need for continuous monitoring and improvement after deployment. This episode is sponsored by Codegate.ai

Hong Minhee, an open source developer and creator of the Fedify ActivityPub library, discusses the ActivityPub protocol and the fediverse with SE Radio's Jeremy Jung. They explore ActivityPub use cases, including microblogging applications such as Mastodon and Misskey, as well as activities built into the specification such as Like, Follow, and Accept. They also discuss extending the specification to include properties like Discoverable and Suspended, how different implementations communicate when they don't implement the same extensions, ND the use of JSON-LD and why it is challenging to implement. Finally, they consider the HTTP-based inbox communication model, difficulties with scaling when using a push rather than a pull model, account migration, and resources for implementing the ActivityPub specification. Brought to you by IEEE Computer Society and IEEE Software magazine.

Ivett Ördög, with over 15 years of experience in software development, discusses the critical choice of rewriting versus refactoring in software projects. She challenges the dogma of 'never rewrite,' emphasizing the importance of customer value and phased implementation. Ivett shares insights on legacy code, the nuances of technical debt, and offers strategies for gaining management support on large projects. With practical examples, she highlights when to opt for a rewrite and how to avoid catastrophic pitfalls in scaling and communication.