Software Engineering Radio - the podcast for professional software developers

Eran Yahav, Professor of Computer Science at Technion, Israel, and CTO of Tabnine, speaks with host Gregory M. Kapfhammer about the Tabnine AI coding assistant. They discuss how the design and implementation allows software engineers to use code completion and perform tasks such as automated code review while still maintaining developer privacy. Eran and Gregory also explore how research in the field of natural language processing (NLP) and large language models (LLMs) has informed the features in Tabnine. Brought to you by IEEE Computer Society and IEEE Software magazine.

Malcolm Matalka, founder of Terrateam, shares insights on developing in OCaml without relying on frameworks. He explains the benefits of strong typing while discussing the seamless integration of front-end and back-end systems. Matalka highlights the importance of community support in a niche language and reflects on the challenges of using OCaml in a Go-centric world. The conversation also covers the pros and cons of monolithic architecture, type management complexities, and custom framework development, all emphasizing a leaner, more controlled software engineering approach.

Emre Baran, CEO of Cerbos and veteran in B2B and B2C products, teams up with Alex Olivier, CPO of Cerbos with a diverse tech background, to explore stateless decoupled authorization frameworks. They clarify key terms and address the challenges and benefits of these systems. A deep dive into Cerbos showcases its advantages over Open Policy Agent. The duo discusses the intricacies of applying YAML for policy management and the critical role of audit logs in compliance. They wrap up with insights into emerging trends in authorization.

Tyler Flint, CEO of qpoint.io and an expert in managing vendor dependencies, shares valuable insights on handling external APIs. He discusses the differences between internal and external services, the challenges of tracking usage, and security concerns like authentication. Metrics for monitoring, acceptable error rates, and tips for managing outages are covered, along with the transition of qPoint from a proxy-based solution to eBPF. Tyler emphasizes the importance of understanding hidden dependencies and maintaining robust API relationships for operational resilience.

Vlad Khononov, a software architect and author of 'Balancing Coupling in Software Design', discusses the crucial balance of coupling in software design. He explores the three dimensions of coupling: integration strength, distance, and volatility. Vlad shares insights on how design decisions affect complexity versus modularity, stressing the importance of managing coupling to reduce cognitive load. The conversation also covers adapting principles of coupling to real-world projects, offering strategies for maintaining software quality and flexibility in changing business environments.

Sunil Mallya, Co-founder and CTO of Flip AI, shares his expertise on small language models (SLMs) versus large language models (LLMs). He delves into their differences, revealing how SLMs can be more efficient and accurate for specific tasks. Sunil highlights the importance of domain-specific training datasets and discusses recent advancements like the DeepSeek R1 that show smaller models outperforming larger ones in particular contexts. He also touches on the evolving landscape of model deployment and how organizations can optimize performance while managing costs.

Pete Warden, CEO of Useful Sensors and a founding member of TensorFlow at Google, delves into TinyML—machine learning for low-power devices. He discusses its real-world applications, from voice activation to offline translation, and emphasizes the importance of local processing for privacy. Warden shares insights on challenges like model compression and deployment. He also highlights its potential in agriculture and healthcare, advocating for practical approaches for beginners eager to dive into TinyML development.

Brenden Matthews is a seasoned software engineer and author known for his expertise in Rust programming. He dives into the concept of idiomatic Rust, explaining its significance and sharing essential design patterns to enhance code readability. Matthews discusses the power of Generics and Traits, emphasizing effective code management. He introduces valuable tools like Rust Format and Clippy for code improvement and highlights anti-patterns to avoid, including the pitfalls of unwrap(). With insights into macros and safe coding practices, this discussion is a treasure trove for developers seeking to master Rust.

In this discussion, Tanya Janca, author of 'Alice and Bob Learn Secure Coding' and a leading voice in application security, shares her insights on integrating security throughout the software development lifecycle. She emphasizes the importance of defining security requirements early and using threat modeling in design. Tanya details secure coding practices, effective testing strategies like SAST and DAST, and the necessity of continuous security monitoring post-deployment. With a focus on practical techniques and real-world examples, she guides developers on enhancing software security.

Hong Minhee, an open source developer behind the Fedify ActivityPub library, dives into the intricacies of the ActivityPub protocol and the expansive Fediverse. They discuss the fascinating interoperability of microblogging apps like Mastodon and Threads and the challenges these platforms face. The conversation also covers the complexities of JSON-LD, the semantic web’s role in improving data accessibility, and innovations for decentralized messaging. Finally, Minhee highlights the vibrant development community in Asia and practical applications of Fedify in app development.