Tue, 22 August 2023 SE Radio 578: Ori Mankali on Secrets Management using Distributed Fragments Cryptography In this episode, Ori Mankali, senior VP of engineering at cloud security startup Akeyless, speaks with SE Radio’s Nikhil Krishna about secrets management and the innovative use of distributed fragment cryptography (DFC). In the context of enterprise IT, 'secrets’ are crucial for authentication in providing access to internal applications and services. Ori describes the unique challenges of managing these sensitive data, particularly given the complexities of doing so on a large scale in substantial organizations. They discuss the necessity for a secure system for managing secrets, highlighting key features such as access policies, audit capabilities, and visualization tools. Ori introduces the concept of distributed fragment cryptography, which boosts security by ensuring that the entire secret is never known to any single entity. The episode explores encryption and decryption and the importance of key rotation, as they consider the challenges and potential solutions in secrets management. Direct download: 578_Ori_Mankali_Secrets_Management_using_Distributed_Fragments_Cryptography.mp3 Category:guest/technology -- posted at: 11:42pm CEST

Fri, 18 August 2023 SE Radio 577: Casey Muratori on Clean Code, Horrible Performance? Casey Muratori caused some strong reactions with a blog post and an associated video in which he went through an example from the “Clean Code” book by Robert Martin to demonstrate the negative impact that clean code practices can have on performance. In this episode, he joins SE Radio’s Giovanni Asproni to talk about the potential trade-offs between performance and the qualities that make for maintainable code, these qualities being the main focus of Clean Code. Brought to you by IEEE Computer Society and IEEE Software magazine. Direct download: 577_Casey_Muratori_Clean_Code_Horrible_Performance.mp3 Category:guest/technology -- posted at: 2:20am CEST

Wed, 9 August 2023 SE Radio 576: Jens Neuse on Back Ends for Front Ends Jens Neuse, founder of Wundergraph, joins SE Radio host Jeff Doolittle for a conversation about back ends for front ends, or BFF. Jens begins by explaining how a heavy integration burden is often placed on front-end development teams. When multiple APIs must be integrated, it can be challenging for client development in web, mobile, and desktop environments. Explaining how APIs should be treated as dependencies, just like packages, the episode explores BFF patterns and use cases, as well as the future potential emergence of a “git for APIs” standard. This episode is sponsored by ClickSend.  Direct download: 576_Jens_Neuse_Back_Ends_for_Front_Ends.mp3 Category:guest/technology -- posted at: 8:29pm CEST

Wed, 2 August 2023 SE Radio 575: Nir Valtman on Pipelineless Security Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer fatigue in dealing with alerts. The show ends with some discussion around the product that Arnica offers and how it implements the pipelineless methodology. Direct download: 575_Nir_Valtman_on_Pipelineless_Security.mp3 Category:guest/technology -- posted at: 1:43am CEST