This episode is a conversation with Gilad Bracha about Newspeak, type systems in general and optional/pluggable types in particular. It was recorded during DSL Devcon in the gardens of the Microsoft campus, and thanks to Gilad's "speaking like a book" way of talking it is published completely unedited :-)

Guest Udi Dahan talks with host Robert Blumen about the CQRS (command query responsibility segregation) architectural pattern. The discussion begins with a review of the command pattern. Then a high-level overview of CQRS, which consists of a separation of a command processing subsystem that updates a write model from one or more distinct and separate, […]

Sven Johann talks with Bill Curtis about Software Quality. They discuss examples of failed systems like Obama Care; the role of architecture; move an org from chaos to innovation; relation between Lean, quality improvement and CMM; Team Software Process.

Björn Rabenstein discusses the field of Site Reliability Engineering (SRE) with host Robert Blumen. The term SRE has recently emerged to mean Google's approach to DevOps. The publication of Google's book on SRE has brought many of their practices into more public discussion. The interview covers: what is distinct about SRE versus devops; the SRE focus on development of operational software to minimize manual tasks; the emphasis on reliability; Dickerson's hierarchy of reliability; how reliability can be measured; is there such a thing as too much reliability?; can Google's approach to SRE be applied outside of Google?; Björn's experience in applying SRE to Soundcloud - what worked and what did not; how can engineers best apply SRE to their organizational situation?; the importance of monitoring; monitoring and alerting; being on call, responding to incidents; the importance of documentation for responding to problems; they wrap up with a discussion of why people from non-computer science backgrounds are often found in devops and SRE.

Host Marcus Blankenship talks with Gerald Weinberg about his new book, Errors: Bugs, Boo-boos, and Blunders, focusing on why programmers make errors, how teams can improve their software, and how management should think of and discuss errors.

Docker Security Team lead Diogo Mónica talks with SE Radio’s Kim Carter about Docker Security aspects. Simple Application Security, which hasn’t changed much over the past 15 years, is still considered the most effective way to improve security around Docker containers and infrastructure. The discussion explores characteristics such as Immutability, the copy-on-write filesystem, as well as orchestration principles that are baked into Docker Swarm, such as mutual TLS/PKI by default, secrets distribution, least privilege, content scanning, image signatures, and secure/trusted build pipelines. Diogo also shares his thoughts around the attack surface of the Linux kernel; networking, USB, and driver APIs; and the fact that application security remains more important to focus our attention on and get right.

Edwin Brady speaks to Matthew Farwell about Type Driven Development and the Idris Programming language. The show covers: what a type is; static vs dynamic types in programming languages; dependent types; the Idris programming language; why Idris was created. Type safe printf modelling state in Idris modelling protocols in Idris modelling concurrency in Idris type driven development and how it changes the development process.

1. Founder of Thinkst, Haroon Meer talks with Kim Carter about Network Security. Topics include how attackers are gaining footholds into our networks, moving laterally, and exfilling our precious data, as well as why we care and what software engineers can do about it.

Ron Lichty talks with SE Radio’s Nate Black about managing programmers. Topics include: why programming management is hard, what makes a good programming manager, the costs of micromanagement, self-organizing teams, team dynamics and motivation, and product team performance.

Founder of Signal Sciences Zane Lackey talks with Kim Carter about Application Security around what our top threats are today, culture, threat modelling, and visibility, and how we can improve our security stature as Software Engineers.

Scott Piper and Kim Carter discuss Cloud Security. The Shared Responsibility Model, assets, risks, and countermeasures, evaluation techniques for comparing the security stature of CSPs. Scott discusses his FLAWS CTF engine. Covering tools Security Monkey and StreamAlert.

Kishore Bhatia talks with Travis Kimmel about Engineering Impact: In the age of data-driven decision making, how does one go about measuring, communicating, and improving engineering productivity? We’ll learn from Travis’ experience building data analytics tools in this space, with insights and best practices for engineering teams and business stakeholders for measuring value and productivity.

Bill Venners speaks to Matthew Farwell about Property Based Tests, how they can be used, when they should not be used. We also cover how to define a property, how to generate the data required for a property based test.

Nate Black interviews Glynn Bird on using open source to develop your career or get a job, and how maximize productivity and learning. We discuss how to get your pull request accepted, how to make your own project successful, and how to survive updates.

Felienne interviews Andreas Stefik about creating programs that are accessible for blind and visually impaired users. How do they consume and create software?

Learn how to protect and speed up your application with the help of a Content Delivery Network. You'll also hear about advancements in CDNs that allow you to handle application logic and dynamic content at the edge.

Avi Kivity of Scylladb deep dives into the internals of Scylladb and what makes it a high performant version of Cassandra, a distributed key-value datastore. The discussion covers the architecture of Scylladb, its relationship with high performance...

Felienne interviews Adam Barr about code quality? Why do programmers pick up bad habits about programming and what can be done to improve that?

How can you scale an engineering organization when you haven’t already experienced rapid growth? Jean-Denis Greze of Plaid explains how to proactively enhance team capabilities and readiness by “leveling up” through a maturity map.

Justin Richer, lead author of the OAuth2 In Action book discusses the key technical features of the OAuth2 authorization protocol and the current best practices for selecting the right parts of it for your use case.

Boris Cherny, author of Programming TypeScript, explains how TypeScript can scale JavaScript projects to larger teams, larger code bases, and across devices. Topics include: gradual typing, type refinement, structural typing, and interoperability...

Sam Procter of the SEI discusses architecture design languages, specifically Architecture Analysis and Design Language, and how we can leverage the formal modeling process to improve the security of our application design and improve applications overall.

Katharine Jarmul of DropoutLabs discusses security and privacy concerns as they relate to Machine Learning. Host Justin Beyer spoke with Jarmul about attack types and privacy-protected ML techniques.

Bert Hubert, author of the open source PowerDNS nameserver discusses DNS security and all aspects of the Domain Name System with its flaws and history.

Sven Schleier and Jeroen Willemsen from the OWASP Mobile Application Security Verification Standard and Testing Guide project discuss mobile application security and how the verification standard and testing guide can be used to improve your app’s...

Matt Lacey, author of the Usability Matters book discusses what mobile app usability is and why it can make or break an app destined for consumers, business users or in-house users and what you can do to make the best app possible.

Rob Skillington discusses the architecture, data management, and operational issues around monitoring and alerting systems with a large number of metrics and resources.

Julie Lerman discusses Object Relational Mappers and Entity Framework with Jeremy Jung.

Julie Lerman discusses Object Relational Mappers and Entity Framework with Jeremy Jung.

Felienne discusses diversity and inclusivity in software development with Shawn Wildermuth, Microsoft MVP and creator of the Hello World movie.

Aaron Rinehard, CTO of Verica and author, discusses security chaos engineering (SCE) and how it can be used to enhance the security of modern application architectures.

Michael Ashburne and Maxwell Huffman discuss Quality Assurance with Jeremy Jung.

Kim Carter of BinaryMist discusses Dynamic Application Security Testing (DAST) and how the OWASP purpleteam project can improve early defect detection. Host Justin spoke with Carter about how DAST can provide meaningful feedback loops to developers...

Sergey Gorbunov of Axelar discusses blockchain interoperability, a technology that enables decentralized applications to work across multiple blockchain ecosystems. Host Philip Winston spoke with Gorbunov about programmable blockchains, distributed vs. centralized changes, the Ethereum virtual machine, Axelar's Cross-Chain Gateway Protocol and Cross-Chain Transfer Protocol, security issues, delegated proof of stake...

Kevin Hu, co-founder and CEO at Metaplane discusses "Data Observability" with host Priyanka Raghavan. The discussion touches upon Data observability roots, components, differences with software observability and tooling.

Andy Dang, Head of Engineering at WhyLabs discusses observability and data ops for AI/ML applications and how that differs from traditional observability. SE Radio host Akshay Manchale speaks with Andy about running an AI/ML model in production and how...

Ganesh Datta, CTO and cofounder of Cortex, joins SE Radio's Priyanka Raghavan to discuss site reliability engineering (SRE) vs DevOps. They examine the similarities and differences and how to use the two approaches together to build better software...

Nicholas Manson, a SaaS Architect with more than 2 decades of experience building cloud applications, speaks with host Kanchan Shringi about identity and access management requirements for cloud applications. They begin by examining what a digital...

Simon Bennetts, a distinguished engineer at Jit, discusses one of the flagship projects of OWASP: the Zed Attack Proxy (ZAP) open source security testing tool. As ZAP’s primary maintainer, Simon traces the tool's origins and shares some anecdotes with SE Radio host Priyanka Raghavan on why there was a need for it. They take a deep dive into ZAP’s features and its ability to integrate with CI/CD, as well as shift security left. Bennetts also considers what it takes to build a successful open source project before spending time on ZAP’s ability to script to provide richer results. Finally, the conversation ends with some questions on ZAP’s future in this AI-powered world of bots.

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer fatigue in dealing with alerts. The show ends with some discussion around the product that Arnica offers and how it implements the pipelineless methodology.

Arun Gupta, Vice President and General Manager of Open Ecosystem Initiatives at Intel Corporation, discusses open-source strategy and community with SE Radio host Kanchan Shringi. They explore the business case and business model for why and how big tech participates in the open-source ecosystem. Arun describes ways to foster a culture of engagement with open source within companies such as Intel, Amazon, and Apple. They then consider how the principles can be applied to closed-source software within a company. Finally, they discuss some of the benefits that Intel has gained from more than 20 years of open source contributions and look at the company’s plan for the year ahead. SE Radio is rought to you by IEEE Software magazine and IEEE Computer Society.

Charles Weir—developer, security researcher, and Research Fellow at Security Lancaster—joins host Giovanni Asproni to discuss an approach that development teams can use to create secure systems without wasting effort on unnecessary security work. The episode starts with a broad description of the approach, which is based on Weir's research and on a free Developer Security Essentials workshop he created. Charles presents some examples from real-world projects, his view on AI's impact on security, and information about the workshop and where to find the materials. During the conversation, they consider several related topics including the concept of "good enough" security; security as a product decision; risk assessment, classification, and prioritization; and how to approach security in startups, greenfield, and legacy systems.

Nikhil Shetty, an expert in networking and distributed systems, speaks with SE radio's Kanchan Shringi about virtual private cloud (VPC) and related technologies. They explore how VPC relates to public cloud, private cloud, and virtual private networks (VPNs). The discussion delves into why VPC is fundamental to building on the cloud, as well as configuring a VPC, subnets, and the address space that can be assigned to the VPC. During this episode they look into route tables, network address translation, as well as security groups, network access control lists, and DNS. Finally, Nikhil helps compare VPC offerings from Amazon Web Services (AWS) and Oracle Cloud Infrastructure (OCI).

Zac Hatfield-Dodds, the Assurance Team Lead at Anthropic, speaks with host Gregory M. Kapfhammer about property-based testing techniques and how to use them in an open-source tool called Hypothesis. They discuss how to define properties for a Python function and implement a test case in Hypothesis. They also explore some of the advanced features in Hypothesis that can automatically generate a test case and perform fuzzing campaigns.

Yeckezkel Rabinovich, CTO of Groundcover, speaks with host Philip Winston about observability and eBPF as it applies to Kubernetes. Rabinovich was previously the chief architect at the healthcare security company CyberMDX and spent eight years in the cyber security division of the Israeli Prime Minister’s Office. This episode explores the three pillars of observability, extending the Linux Kernel with eBPF, the basics of Kubernetes, and how Groundcover uses eBPF as the basis for its observability platform.

Eric Olden talks with host Giovanni Asproni about identity orchestration, a software approach for managing distributed identity and access management (IAM) and integrating multiple identity systems or providers (IDPs) to make them look like a single system from a user perspective. The episode starts with a refresher in identity and access management, then introduces identity orchestration and some of the challenges it helps to address, such as integrating disparate identity management systems after company mergers or acquisitions; managing identities in situations where some of the IAM systems are unreachable; and implementing more secure identity management in legacy applications. Brought to you by IEEE Computer Society and IEEE Software magazine.

Sean Moriarity, creator of the Axon deep learning framework, co-creator of the Nx library, and author of Machine Learning in Elixir and Genetic Algorithms in Elixir, published by the Pragmatic Bookshelf, speaks with SE Radio host Gavin Henry about what deep learning (neural networks) means today. Using a practical example with deep learning for fraud detection, they explore what Axon is and why it was created. Moriarity describes why the Beam is ideal for machine learning, and why he dislikes the term “neural network.” They discuss the need for deep learning, its history, how it offers a good fit for many of today’s complex problems, where it shines and when not to use it. Moriarity goes into depth on a range of topics, including how to get datasets in shape, supervised and unsupervised learning, feed-forward neural networks, Nx.serving, decision trees, gradient descent, linear regression, logistic regression, support vector machines, and random forests. The episode considers what a model looks like, what training is, labeling, classification, regression tasks, hardware resources needed, EXGBoost, Jax, PyIgnite, and Explorer. Finally, they look at what’s involved in the ongoing lifecycle or operational side of Axon once a workflow is put into production, so you can safely back it all up and feed in new data. Brought to you by IEEE Computer Society and IEEE Software magazine. This episode sponsored by Miro.

Charlie Jones, Director of Product Management at ReversingLabs and subject matter expert in supply chain security, joins host Priyanka Raghavan to discuss tackling third-party software risks. They begin by defining different types of third-party software risks and then take a deep dive into case studies where third-party components and software have had cascading effects on downstream systems. They consider some frameworks for secure software development that can be used to evaluate third-party software and components – both as a publisher or as a consumer – and end by discussing laws and regulations with final advise from Charlie on how enterprises can tackle third-party software risks. Brought to you by IEEE Computer Society and IEEE Software magazine. This episode is sponsored by WorkOS.

Phillip Carter, Principal Product Manager at Honeycomb and open source software developer, talks with host Giovanni Asproni about observability for large language models (LLMs). The episode explores similarities and differences for observability with LLMs versus more conventional systems. Key topics include: how observability helps in testing parts of LLMs that aren't amenable to automated unit or integration testing; using observability to develop and refine the functionality provided by the LLM (observability-driven development); using observability to debug LLMs; and the importance of incremental development and delivery for LLMs and how observability facilitates both. Phillip also offers suggestions on how to get started with implementing observability for LLMs, as well as an overview of some of the technology's current limitations. This episode is sponsored by WorkOS.

Shahar Binyamin, CEO and co-founder of Inigo, joins host Priyanka Raghavan to discuss GraphQL security. They begin with a look at the state of adoption of GraphQL and why it's so popular. From there, they consider why GraphQL security is important as they take a deep dive into a range of known security issues that have been exploited in GraphQL, including authentication, authorization, and denial of service attacks with references from the OWASP Top 10 API Security Risks. They discuss some mitigation strategies and methodologies for solving GraphQL security problems, and the show ends with discussion of Inigo and Shahar's top three recommendations for building safe GraphQL applications. Brought to you by IEEE Software and IEEE Computer Society.