Daniel Deogun and Dan Bergh Johnsson -- two of the co-authors of the book, Secure by Design -- discuss the intersection of good software design and security with host Sam Taggart. They describe how following certain software design principles can help developers create secure software without needing to become security experts. They talked about how this is the continuation of developers taking on more responsibilities: Agile asked developers to become responsible for testing their code. DevOps ...
Sep 03, 2025•57 min•Ep. 684
Artie Shevchenko, author of Code Health Guardian , speaks with host Jeff Doolittle about the crucial role of human programmers in the AI era, emphasizing that humans must excel at managing code complexity. Shevchenko discusses these concepts and key takeaways from his book, including the three problems caused by complexity: change amplification, cognitive load, and the most severe, unknown unknowns. He suggests that maintaining code health should be viewed pragmatically as a productivity questio...
Aug 28, 2025•58 min•Ep. 683
Duncan McGregor and Nat Pryce, co-authors of Java to Kotlin: Refactoring Guidebook , speak with host Giovanni Asproni about their hands-on experiences migrating Java codebases. The episode starts by highlighting Kotlin’s seamless interoperability with Java, allowing teams to incrementally adopt Kotlin without disrupting existing Java code. Duncan and Nat then describe some of the benefits of using Kotlin — including stronger type safety, non-nullable types, and better support for immutability — ...
Aug 20, 2025•57 min•Ep. 682
Qian Li of DBOS, a durable execution platform born from research by the creators of Postgres and Spark, speaks with host Kanchan Shringi about building durable, observable, and scalable software systems, and why that matters for modern applications. They discuss database-backed program state, workflow orchestration, real-world AI use cases, and comparisons with other workflow technologies. Li explains how DBOS persists not just application data but also program execution state in Postgres to ena...
Aug 12, 2025•52 min•Ep. 681
Luke Hinds, CTO of Stacklok and creator of Sigstore, speaks with SE Radio's Brijesh Ammanath about the privacy and security concerns of using AI coding agents. They discuss how the increased use of AI coding assistants has improved programmer productivity but has also introduced certain key risks. In the area of secrets management, for example, there is the risk of secrets being passed to LLMs. Coding assistants can also introduce dependency-management risks that can be exploited by malicious ac...
Aug 06, 2025•46 min•Ep. 680
Wesley Beary of Anchor speaks with host Sam Taggart about designing APIs with a particular emphasis on user experience. Wesley discusses what it means to be an “API connoisseur”— paying attention to what makes the APIs we consume enjoyable or frustrating and then taking those lessons and using them when we design our own APIs. Wesley and Sam also explore the many challenges developers face when designing APIs, such as coming up with good abstractions, testing, getting user feedback, documentatio...
Jul 29, 2025•48 min•Ep. 679
Chris Love, co-author of the book Core Kubernetes , joins host Robert Blumen for a conversation about kubernetes security. Chris identifies the node layer, secrets management, the network layer, contains, and pods as the most critical areas to be addressed. The conversation explores a range of topics, including when to accept defaults and when to override; differences between self-managed clusters and cloud-service provider-managed clusters; and what can go wrong at each layer -- and how to addr...
Jul 23, 2025•55 min•Ep. 678
Jacob Visovatti and Conner Goodrum of Deepgram speak with host Kanchan Shringi about testing ML models for enterprise use and why it's critical for product reliability and quality. They discuss the challenges of testing machine learning models in enterprise environments, especially in foundational AI contexts. The conversation particularly highlights the differences in testing needs between companies that build ML models from scratch and those that rely on existing infrastructure. Jacob and Conn...
Jul 15, 2025•1 hr 1 min•Ep. 677
Samuel Colvin, the CEO and founder of Pydantic, speaks with host Gregory M. Kapfhammer about the ecosystem of Pydantic’s Python frameworks, including Pydantic, Pydantic AI, and Pydantic Logfire. Along with discussing the design, implementation, and use of these frameworks, they dive into the refactoring of Pydantic and the follow-on performance improvements. They also explore ways in which Python programmers can use these three frameworks to build, test, evaluate, and monitor their own applicati...
Jul 10, 2025•1 hr 2 min•Ep. 676
Brian Demers, Developer Advocate at Gradle, speaks with host Giovanni Asproni about the importance of having observability in the toolchain. Such information about build times, compiler warnings, test executions, and any other system used to build the production code can help to reduce defects, increase productivity, and improve the developer experience. During the conversation they touch upon what is possible with today’s tools; the impact on productivity and developer experience; and the impac...
Jul 01, 2025•48 min•Ep. 675
Vilhelm von Ehrenheim, co-founder and chief AI officer of QA.tech, speaks with SE Radio's Brijesh Ammanath about autonomous testing. The discussion starts by covering the fundamentals, and how testing has evolved from manual to automated to now autonomous. Vilhelm then deep dives into the details of autonomous testing and the role of agents in autonomous testing. They consider the challenges in adopting autonomous testing, and Wilhelm describes the experiences of some clients who have made the t...
Jun 25, 2025•50 min•Ep. 674
In this episode of Software Engineering Radio , Abhinav Kimothi sits down with host Priyanka Raghavan to explore retrieval-augmented generation (RAG), drawing insights from Abhinav's book, A Simple Guide to Retrieval-Augmented Generation . The conversation begins with an introduction to key concepts, including large language models (LLMs), context windows, RAG, hallucinations, and real-world use cases. They then delve into the essential components and design considerations for building a RAG-ena...
Jun 18, 2025•56 min•Ep. 673
Luca Palmieri, author of Zero to Production in Rust and Principal Engineering Consultant at MainMatter, speaks with SE Radio host Gavin Henry about Rust in production. They discuss what production Rust means, how to get Rust code into production, specific Rust issues to think about when getting an application into production, what Rust profiles are, expected performance, telemetry options, error handling and what parts of Rust to use and avoid. Palmieri discusses docker containers, tracing, robu...
Jun 12, 2025•58 min•Ep. 672
Will McGugan, the CEO and founder of Textualize, speaks with host Gregory M. Kapfhammer about how to use packages such as Rich and Textual to build text-based user interfaces (TUIs) and command-line interfaces (CLIs) in Python. Along with discussing the design idioms that enable developers to create TUIs in Python, they consider practical strategies for efficiently rendering the components of a TUI. They also explore the subtle idiosyncrasies of implementing performant TUI frameworks like Textua...
Jun 04, 2025•51 min•Ep. 669
In this episode, SE Radio host Sriram Panyam explores HTMX with its creator, Carson Gross, who is also creator of Hyperscript, the mind behind the Grug Brained Developer, a professor of software engineering at Montana State University, and co-author of Hypermedia Systems . HTMX is a modern JavaScript library that allows developers to access AJAX, WebSockets, CSS Transitions, and Server-Sent Events directly in HTML using attributes. It represents a return to hypermedia-driven application architec...
Jun 04, 2025•1 hr 16 min•Ep. 671
Matthias Endler, Rust developer, open-source maintainer, and consultant through his company Corrode, speaks with SE Radio host Gavin Henry about prototyping in Rust. They discuss prototyping and why Rust is excellent for prototyping, and Matthias recommends a workflow for it, including what parts of Rust to use, and what parts to avoid at this stage. He describes the key components that Rust provides to help us validate ideas via prototypes, as well as tips and tricks to reach for. In addition, ...
May 29, 2025•1 hr 1 min•Ep. 670
Steve Summers speaks with SE Radio host Sam Taggart about securing test and measurement equipment. They start by differentiating between IT and OT (Operational Technology) and then discuss the threat model and how security has evolved in the OT space, including a look some of the key drivers. They then examine security challenges associated with a specific device called a CompactRIO, which combines a Linux real-time CPU with a field programmable gate array (FPGA) and some analog hardware for cap...
May 13, 2025•55 min•Ep. 668
Ashley Peacock, the author of Serverless Apps on Cloudflare , speaks with host Jeremy Jung about content delivery networks (CDNs). Along the way, they examine dependency injection with bindings, local development, serverless, cold starts, the V8 runtime, AWS Lambda vs Cloudflare workers, WebAssembly limitations, and core services such as R2, D1, KV, and Pages. Ashley suggests why most users use an external database and discusses eventually consistent data stores, S3-to-R2 migration strategies, q...
May 07, 2025•1 hr 5 min•Ep. 667
Eran Yahav, Professor of Computer Science at Technion, Israel, and CTO of Tabnine, speaks with host Gregory M. Kapfhammer about the Tabnine AI coding assistant. They discuss how the design and implementation allows software engineers to use code completion and perform tasks such as automated code review while still maintaining developer privacy. Eran and Gregory also explore how research in the field of natural language processing (NLP) and large language models (LLMs) has informed the features ...
Apr 29, 2025•1 hr 2 min•Ep. 666
Malcolm Matalka, founder of Terrateam, joins host Giovanni Asproni to talk about the reasoning behind choosing a not-so-widespread language (OCaml) and (almost) totally avoiding frameworks for the development of Terrateam. While discussing the reasons for choosing this specific programming language and the advantages and disadvantages of using external frameworks, they also consider a range of related topics, including static vs. dynamic typing, the use of monorepos, and the advantages of choosi...
Apr 23, 2025•56 min•Ep. 665
Emre Baran, CEO and co-founder of Cerbos, and Alex Olivier, CPO and co-founder, join SE Radio host Priyanka Raghavan to explore “stateless decoupled authorization frameworks. The discussion begins with an introduction to key terms, including authorization, authorization models, and decoupled frameworks. They dive into the challenges of building decoupled authorization, as well as the benefits of this approach and the operational hurdles. The conversation shifts to Cerbos, an open-source policy-b...
Apr 15, 2025•52 min•Ep. 664
Tyler Flint, CEO of qpoint.io , joins host Robert Blumen for a conversation about managing external vendor dependencies, including several best practices for adoption. They start with a look at internal versus external services, including details such as the footprint of external services within a micro-services application, and difficulties organizations have tracking their service consumption, quantifying service consumption, and auditing external services. Tyler also discusses the security im...
Apr 08, 2025•52 min•Ep. 663
Software architect and author Vlad Khononov joins host Jeff Doolittle for a discussion on balancing coupling in software design. They start by examining coupling and its relationship to complexity and modularity. Vlad explains the historical models for assessing coupling and introduces his updated approach, integration strength , which aims to simplify earlier frameworks and adapt them for modern practices. The episode explores three dimensions of coupling: integration strength (knowledge sharin...
Apr 01, 2025•56 min•Ep. 662
Sunil Mallya, co-founder and CTO of Flip AI, discusses small language models with host Brijesh Ammanath . They begin by considering the technical distinctions between SLMs and large language models. LLMs excel in generating complex outputs across various natural language processing tasks, leveraging extensive training datasets on with massive GPU clusters. However, this capability comes with high computational costs and concerns about efficiency, particularly in applications that are specific to...
Mar 25, 2025•59 min•Ep. 661
Pete Warden, CEO of Useful Sensors and a founding member of the TensorFlow team at Google, discusses TinyML, the technology enabling machine learning on low-power, small-footprint devices. This innovation opens up applications such as voice-controlled devices, offline translation tools, and smarter embedded systems, which are crucial for privacy and efficiency. SE Radio host Kanchan Shringi speaks with Warden about challenges like model compression, deployment constraints, and privacy concerns. ...
Mar 18, 2025•55 min•Ep. 660
Brenden Matthews, a seasoned software engineer, entrepreneur, and author of the Idiomatic Rust and Code Like a Pro in Rust books (both from Manning), speaks with SE Radio host Gavin Henry about Idiomatic Rust. They start with a look at what "idiomatic" means, and then discuss Generics, Traits, common design patterns you'll see in well written Rust code, and anti-patterns to avoid. Matthews suggests some tools that can help you immediately write idiomatic Rust, as well as what building blocks can...
Mar 12, 2025•54 min•Ep. 659
Tanya Janca, author of Alice and Bob Learn Secure Coding , discusses secure coding and secure software development life cycle with SE Radio host Brijesh Ammanath . This session explores how integrating security into every phase of the SDLC helps prevent vulnerabilities from slipping into production. Tanya strongly recommends defining security requirements early, and discusses the importance of threat modeling during design, secure coding practices, testing strategies such as static, dynamic, and...
Mar 06, 2025•1 hr 12 min•Ep. 658
Hong Minhee, an open source developer and creator of the Fedify ActivityPub library, discusses the ActivityPub protocol and the fediverse with SE Radio's Jeremy Jung . They explore ActivityPub use cases, including microblogging applications such as Mastodon and Misskey, as well as activities built into the specification such as Like, Follow, and Accept. They also discuss extending the specification to include properties like Discoverable and Suspended, how different implementations communicate w...
Feb 27, 2025•40 min•Ep. 657
Ivett Ördög speaks with host Sam Taggart about rewrite versus refactor -- a choice that many projects face as they grow. It's a topic that inspires a lot of dogmatic feelings. They discuss how companies and projects end up at this crossroads and consider some strategies to try to avoid it. Ivett challenges the myth that you should never rewrite but points to two key factors that need to be present for a successful large-scale rewrite or refactor. They end by talking about how to get management o...
Feb 20, 2025•50 min•Ep. 656
In this episode, Charles Humble speaks withhost Brijesh Ammanath about skills that can provide developers a grounding in systems thinking . Charles is a 30-year veteran of the IT industry, including as a former software engineer, architect, and CTO, as well as former editor in chief of InfoQ and chief editor for Container Solutions. He has published “Professional Skills for Software Engineers” as a series of 14 O’Reilly shortcuts covering communication, critical thinking, documentation, and netw...
Feb 13, 2025•55 min•Ep. 655
