Podcasts about web applications

If you're in SF, join us tomorrow for a fun meetup at CodeGen Night!If you're in NYC, join us for AI Engineer Summit! The Agent Engineering track is now sold out, but 25 tickets remain for AI Leadership and 5 tickets for the workshops. You can see the full schedule of speakers and workshops at https://ai.engineer!It's exceedingly hard to introduce someone like Bret Taylor. We could recite his Wikipedia page, or his extensive work history through Silicon Valley's greatest companies, but everyone else already does that.As a podcast by AI engineers for AI engineers, we had the opportunity to do something a little different. We wanted to dig into what Bret sees from his vantage point at the top of our industry for the last 2 decades, and how that explains the rise of the AI Architect at Sierra, the leading conversational AI/CX platform.“Across our customer base, we are seeing a new role emerge - the role of the AI architect. These leaders are responsible for helping define, manage and evolve their company's AI agent over time. They come from a variety of both technical and business backgrounds, and we think that every company will have one or many AI architects managing their AI agent and related experience.”In our conversation, Bret Taylor confirms the Paul Buchheit legend that he rewrote Google Maps in a weekend, armed with only the help of a then-nascent Google Closure Compiler and no other modern tooling. But what we find remarkable is that he was the PM of Maps, not an engineer, though of course he still identifies as one. We find this theme recurring throughout Bret's career and worldview. We think it is plain as day that AI leadership will have to be hands-on and technical, especially when the ground is shifting as quickly as it is today:“There's a lot of power in combining product and engineering into as few people as possible… few great things have been created by committee.”“If engineering is an order taking organization for product you can sometimes make meaningful things, but rarely will you create extremely well crafted breakthrough products. Those tend to be small teams who deeply understand the customer need that they're solving, who have a maniacal focus on outcomes.”“And I think the reason why is if you look at like software as a service five years ago, maybe you can have a separation of product and engineering because most software as a service created five years ago. I wouldn't say there's like a lot of technological breakthroughs required for most business applications. And if you're making expense reporting software or whatever, it's useful… You kind of know how databases work, how to build auto scaling with your AWS cluster, whatever, you know, it's just, you're just applying best practices to yet another problem. "When you have areas like the early days of mobile development or the early days of interactive web applications, which I think Google Maps and Gmail represent, or now AI agents, you're in this constant conversation with what the requirements of your customers and stakeholders are and all the different people interacting with it and the capabilities of the technology. And it's almost impossible to specify the requirements of a product when you're not sure of the limitations of the technology itself.”This is the first time the difference between technical leadership for “normal” software and for “AI” software was articulated this clearly for us, and we'll be thinking a lot about this going forward. We left a lot of nuggets in the conversation, so we hope you'll just dive in with us (and thank Bret for joining the pod!)Timestamps* 00:00:02 Introductions and Bret Taylor's background* 00:01:23 Bret's experience at Stanford and the dot-com era* 00:04:04 The story of rewriting Google Maps backend* 00:11:06 Early days of interactive web applications at Google* 00:15:26 Discussion on product management and engineering roles* 00:21:00 AI and the future of software development* 00:26:42 Bret's approach to identifying customer needs and building AI companies* 00:32:09 The evolution of business models in the AI era* 00:41:00 The future of programming languages and software development* 00:49:38 Challenges in precisely communicating human intent to machines* 00:56:44 Discussion on Artificial General Intelligence (AGI) and its impact* 01:08:51 The future of agent-to-agent communication* 01:14:03 Bret's involvement in the OpenAI leadership crisis* 01:22:11 OpenAI's relationship with Microsoft* 01:23:23 OpenAI's mission and priorities* 01:27:40 Bret's guiding principles for career choices* 01:29:12 Brief discussion on pasta-making* 01:30:47 How Bret keeps up with AI developments* 01:32:15 Exciting research directions in AI* 01:35:19 Closing remarks and hiring at Sierra Transcript[00:02:05] Introduction and Guest Welcome[00:02:05] Alessio: Hey everyone, welcome to the Latent Space Podcast. This is Alessio, partner and CTO at Decibel Partners, and I'm joined by my co host swyx, founder of smol.ai.[00:02:17] swyx: Hey, and today we're super excited to have Bret Taylor join us. Welcome. Thanks for having me. It's a little unreal to have you in the studio.[00:02:25] swyx: I've read about you so much over the years, like even before. Open AI effectively. I mean, I use Google Maps to get here. So like, thank you for everything that you've done. Like, like your story history, like, you know, I think people can find out what your greatest hits have been.[00:02:40] Bret Taylor's Early Career and Education[00:02:40] swyx: How do you usually like to introduce yourself when, you know, you talk about, you summarize your career, like, how do you look at yourself?[00:02:47] Bret: Yeah, it's a great question. You know, we, before we went on the mics here, we're talking about the audience for this podcast being more engineering. And I do think depending on the audience, I'll introduce myself differently because I've had a lot of [00:03:00] corporate and board roles. I probably self identify as an engineer more than anything else though.[00:03:04] Bret: So even when I was. Salesforce, I was coding on the weekends. So I think of myself as an engineer and then all the roles that I do in my career sort of start with that just because I do feel like engineering is sort of a mindset and how I approach most of my life. So I'm an engineer first and that's how I describe myself.[00:03:24] Bret: You majored in computer[00:03:25] swyx: science, like 1998. And, and I was high[00:03:28] Bret: school, actually my, my college degree was Oh, two undergrad. Oh, three masters. Right. That old.[00:03:33] swyx: Yeah. I mean, no, I was going, I was going like 1998 to 2003, but like engineering wasn't as, wasn't a thing back then. Like we didn't have the title of senior engineer, you know, kind of like, it was just.[00:03:44] swyx: You were a programmer, you were a developer, maybe. What was it like in Stanford? Like, what was that feeling like? You know, was it, were you feeling like on the cusp of a great computer revolution? Or was it just like a niche, you know, interest at the time?[00:03:57] Stanford and the Dot-Com Bubble[00:03:57] Bret: Well, I was at Stanford, as you said, from 1998 to [00:04:00] 2002.[00:04:02] Bret: 1998 was near the peak of the dot com bubble. So. This is back in the day where most people that they're coding in the computer lab, just because there was these sun microsystems, Unix boxes there that most of us had to do our assignments on. And every single day there was a. com like buying pizza for everybody.[00:04:20] Bret: I didn't have to like, I got. Free food, like my first two years of university and then the dot com bubble burst in the middle of my college career. And so by the end there was like tumbleweed going to the job fair, you know, it was like, cause it was hard to describe unless you were there at the time, the like level of hype and being a computer science major at Stanford was like, A thousand opportunities.[00:04:45] Bret: And then, and then when I left, it was like Microsoft, IBM.[00:04:49] Joining Google and Early Projects[00:04:49] Bret: And then the two startups that I applied to were VMware and Google. And I ended up going to Google in large part because a woman named Marissa Meyer, who had been a teaching [00:05:00] assistant when I was, what was called a section leader, which was like a junior teaching assistant kind of for one of the big interest.[00:05:05] Bret: Yes. Classes. She had gone there. And she was recruiting me and I knew her and it was sort of felt safe, you know, like, I don't know. I thought about it much, but it turned out to be a real blessing. I realized like, you know, you always want to think you'd pick Google if given the option, but no one knew at the time.[00:05:20] Bret: And I wonder if I'd graduated in like 1999 where I've been like, mom, I just got a job at pets. com. It's good. But you know, at the end I just didn't have any options. So I was like, do I want to go like make kernel software at VMware? Do I want to go build search at Google? And I chose Google. 50, 50 ball.[00:05:36] Bret: I'm not really a 50, 50 ball. So I feel very fortunate in retrospect that the economy collapsed because in some ways it forced me into like one of the greatest companies of all time, but I kind of lucked into it, I think.[00:05:47] The Google Maps Rewrite Story[00:05:47] Alessio: So the famous story about Google is that you rewrote the Google maps back in, in one week after the map quest quest maps acquisition, what was the story there?[00:05:57] Alessio: Is it. Actually true. Is it [00:06:00] being glorified? Like how, how did that come to be? And is there any detail that maybe Paul hasn't shared before?[00:06:06] Bret: It's largely true, but I'll give the color commentary. So it was actually the front end, not the back end, but it turns out for Google maps, the front end was sort of the hard part just because Google maps was.[00:06:17] Bret: Largely the first ish kind of really interactive web application, say first ish. I think Gmail certainly was though Gmail, probably a lot of people then who weren't engineers probably didn't appreciate its level of interactivity. It was just fast, but. Google maps, because you could drag the map and it was sort of graphical.[00:06:38] Bret: My, it really in the mainstream, I think, was it a map[00:06:41] swyx: quest back then that was, you had the arrows up and down, it[00:06:44] Bret: was up and down arrows. Each map was a single image and you just click left and then wait for a few seconds to the new map to let it was really small too, because generating a big image was kind of expensive on computers that day.[00:06:57] Bret: So Google maps was truly innovative in that [00:07:00] regard. The story on it. There was a small company called where two technologies started by two Danish brothers, Lars and Jens Rasmussen, who are two of my closest friends now. They had made a windows app called expedition, which had beautiful maps. Even in 2000.[00:07:18] Bret: For whenever we acquired or sort of acquired their company, Windows software was not particularly fashionable, but they were really passionate about mapping and we had made a local search product that was kind of middling in terms of popularity, sort of like a yellow page of search product. So we wanted to really go into mapping.[00:07:36] Bret: We'd started working on it. Their small team seemed passionate about it. So we're like, come join us. We can build this together.[00:07:42] Technical Challenges and Innovations[00:07:42] Bret: It turned out to be a great blessing that they had built a windows app because you're less technically constrained when you're doing native code than you are building a web browser, particularly back then when there weren't really interactive web apps and it ended up.[00:07:56] Bret: Changing the level of quality that we [00:08:00] wanted to hit with the app because we were shooting for something that felt like a native windows application. So it was a really good fortune that we sort of, you know, their unusual technical choices turned out to be the greatest blessing. So we spent a lot of time basically saying, how can you make a interactive draggable map in a web browser?[00:08:18] Bret: How do you progressively load, you know, new map tiles, you know, as you're dragging even things like down in the weeds of the browser at the time, most browsers like Internet Explorer, which was dominant at the time would only load two images at a time from the same domain. So we ended up making our map tile servers have like.[00:08:37] Bret: Forty different subdomains so we could load maps and parallels like lots of hacks. I'm happy to go into as much as like[00:08:44] swyx: HTTP connections and stuff.[00:08:46] Bret: They just like, there was just maximum parallelism of two. And so if you had a map, set of map tiles, like eight of them, so So we just, we were down in the weeds of the browser anyway.[00:08:56] Bret: So it was lots of plumbing. I can, I know a lot more about browsers than [00:09:00] most people, but then by the end of it, it was fairly, it was a lot of duct tape on that code. If you've ever done an engineering project where you're not really sure the path from point A to point B, it's almost like. Building a house by building one room at a time.[00:09:14] Bret: The, there's not a lot of architectural cohesion at the end. And then we acquired a company called Keyhole, which became Google earth, which was like that three, it was a native windows app as well, separate app, great app, but with that, we got licenses to all this satellite imagery. And so in August of 2005, we added.[00:09:33] Bret: Satellite imagery to Google Maps, which added even more complexity in the code base. And then we decided we wanted to support Safari. There was no mobile phones yet. So Safari was this like nascent browser on, on the Mac. And it turns out there's like a lot of decisions behind the scenes, sort of inspired by this windows app, like heavy use of XML and XSLT and all these like.[00:09:54] Bret: Technologies that were like briefly fashionable in the early two thousands and everyone hates now for good [00:10:00] reason. And it turns out that all of the XML functionality and Internet Explorer wasn't supporting Safari. So people are like re implementing like XML parsers. And it was just like this like pile of s**t.[00:10:11] Bret: And I had to say a s**t on your part. Yeah, of[00:10:12] Alessio: course.[00:10:13] Bret: So. It went from this like beautifully elegant application that everyone was proud of to something that probably had hundreds of K of JavaScript, which sounds like nothing. Now we're talking like people have modems, you know, not all modems, but it was a big deal.[00:10:29] Bret: So it was like slow. It took a while to load and just, it wasn't like a great code base. Like everything was fragile. So I just got. Super frustrated by it. And then one weekend I did rewrite all of it. And at the time the word JSON hadn't been coined yet too, just to give you a sense. So it's all XML.[00:10:47] swyx: Yeah.[00:10:47] Bret: So we used what is now you would call JSON, but I just said like, let's use eval so that we can parse the data fast. And, and again, that's, it would literally as JSON, but at the time there was no name for it. So we [00:11:00] just said, let's. Pass on JavaScript from the server and eval it. And then somebody just refactored the whole thing.[00:11:05] Bret: And, and it wasn't like I was some genius. It was just like, you know, if you knew everything you wished you had known at the beginning and I knew all the functionality, cause I was the primary, one of the primary authors of the JavaScript. And I just like, I just drank a lot of coffee and just stayed up all weekend.[00:11:22] Bret: And then I, I guess I developed a bit of reputation and no one knew about this for a long time. And then Paul who created Gmail and I ended up starting a company with him too, after all of this told this on a podcast and now it's large, but it's largely true. I did rewrite it and it, my proudest thing.[00:11:38] Bret: And I think JavaScript people appreciate this. Like the un G zipped bundle size for all of Google maps. When I rewrote, it was 20 K G zipped. It was like much smaller for the entire application. It went down by like 10 X. So. What happened on Google? Google is a pretty mainstream company. And so like our usage is shot up because it turns out like it's faster.[00:11:57] Bret: Just being faster is worth a lot of [00:12:00] percentage points of growth at a scale of Google. So how[00:12:03] swyx: much modern tooling did you have? Like test suites no compilers.[00:12:07] Bret: Actually, that's not true. We did it one thing. So I actually think Google, I, you can. Download it. There's a, Google has a closure compiler, a closure compiler.[00:12:15] Bret: I don't know if anyone still uses it. It's gone. Yeah. Yeah. It's sort of gone out of favor. Yeah. Well, even until recently it was better than most JavaScript minifiers because it was more like it did a lot more renaming of variables and things. Most people use ES build now just cause it's fast and closure compilers built on Java and super slow and stuff like that.[00:12:37] Bret: But, so we did have that, that was it. Okay.[00:12:39] The Evolution of Web Applications[00:12:39] Bret: So and that was treated internally, you know, it was a really interesting time at Google at the time because there's a lot of teams working on fairly advanced JavaScript when no one was. So Google suggest, which Kevin Gibbs was the tech lead for, was the first kind of type ahead, autocomplete, I believe in a web browser, and now it's just pervasive in search boxes that you sort of [00:13:00] see a type ahead there.[00:13:01] Bret: I mean, chat, dbt[00:13:01] swyx: just added it. It's kind of like a round trip.[00:13:03] Bret: Totally. No, it's now pervasive as a UI affordance, but that was like Kevin's 20 percent project. And then Gmail, Paul you know, he tells the story better than anyone, but he's like, you know, basically was scratching his own itch, but what was really neat about it is email, because it's such a productivity tool, just needed to be faster.[00:13:21] Bret: So, you know, he was scratching his own itch of just making more stuff work on the client side. And then we, because of Lars and Yen sort of like setting the bar of this windows app or like we need our maps to be draggable. So we ended up. Not only innovate in terms of having a big sync, what would be called a single page application today, but also all the graphical stuff you know, we were crashing Firefox, like it was going out of style because, you know, when you make a document object model with the idea that it's a document and then you layer on some JavaScript and then we're essentially abusing all of this, it just was running into code paths that were not.[00:13:56] Bret: Well, it's rotten, you know, at this time. And so it was [00:14:00] super fun. And, and, you know, in the building you had, so you had compilers, people helping minify JavaScript just practically, but there is a great engineering team. So they were like, that's why Closure Compiler is so good. It was like a. Person who actually knew about programming languages doing it, not just, you know, writing regular expressions.[00:14:17] Bret: And then the team that is now the Chrome team believe, and I, I don't know this for a fact, but I'm pretty sure Google is the main contributor to Firefox for a long time in terms of code. And a lot of browser people were there. So every time we would crash Firefox, we'd like walk up two floors and say like, what the hell is going on here?[00:14:35] Bret: And they would load their browser, like in a debugger. And we could like figure out exactly what was breaking. And you can't change the code, right? Cause it's the browser. It's like slow, right? I mean, slow to update. So, but we could figure out exactly where the bug was and then work around it in our JavaScript.[00:14:52] Bret: So it was just like new territory. Like so super, super fun time, just like a lot of, a lot of great engineers figuring out [00:15:00] new things. And And now, you know, the word, this term is no longer in fashion, but the word Ajax, which was asynchronous JavaScript and XML cause I'm telling you XML, but see the word XML there, to be fair, the way you made HTTP requests from a client to server was this.[00:15:18] Bret: Object called XML HTTP request because Microsoft and making Outlook web access back in the day made this and it turns out to have nothing to do with XML. It's just a way of making HTTP requests because XML was like the fashionable thing. It was like that was the way you, you know, you did it. But the JSON came out of that, you know, and then a lot of the best practices around building JavaScript applications is pre React.[00:15:44] Bret: I think React was probably the big conceptual step forward that we needed. Even my first social network after Google, we used a lot of like HTML injection and. Making real time updates was still very hand coded and it's really neat when you [00:16:00] see conceptual breakthroughs like react because it's, I just love those things where it's like obvious once you see it, but it's so not obvious until you do.[00:16:07] Bret: And actually, well, I'm sure we'll get into AI, but I, I sort of feel like we'll go through that evolution with AI agents as well that I feel like we're missing a lot of the core abstractions that I think in 10 years we'll be like, gosh, how'd you make agents? Before that, you know, but it was kind of that early days of web applications.[00:16:22] swyx: There's a lot of contenders for the reactive jobs of of AI, but no clear winner yet. I would say one thing I was there for, I mean, there's so much we can go into there. You just covered so much.[00:16:32] Product Management and Engineering Synergy[00:16:32] swyx: One thing I just, I just observe is that I think the early Google days had this interesting mix of PM and engineer, which I think you are, you didn't, you didn't wait for PM to tell you these are my, this is my PRD.[00:16:42] swyx: This is my requirements.[00:16:44] mix: Oh,[00:16:44] Bret: okay.[00:16:45] swyx: I wasn't technically a software engineer. I mean,[00:16:48] Bret: by title, obviously. Right, right, right.[00:16:51] swyx: It's like a blend. And I feel like these days, product is its own discipline and its own lore and own industry and engineering is its own thing. And there's this process [00:17:00] that happens and they're kind of separated, but you don't produce as good of a product as if they were the same person.[00:17:06] swyx: And I'm curious, you know, if, if that, if that sort of resonates in, in, in terms of like comparing early Google versus modern startups that you see out there,[00:17:16] Bret: I certainly like wear a lot of hats. So, you know, sort of biased in this, but I really agree that there's a lot of power and combining product design engineering into as few people as possible because, you know few great things have been created by committee, you know, and so.[00:17:33] Bret: If engineering is an order taking organization for product you can sometimes make meaningful things, but rarely will you create extremely well crafted breakthrough products. Those tend to be small teams who deeply understand the customer need that they're solving, who have a. Maniacal focus on outcomes.[00:17:53] Bret: And I think the reason why it's, I think for some areas, if you look at like software as a service five years ago, maybe you can have a [00:18:00] separation of product and engineering because most software as a service created five years ago. I wouldn't say there's like a lot of like. Technological breakthroughs required for most, you know, business applications.[00:18:11] Bret: And if you're making expense reporting software or whatever, it's useful. I don't mean to be dismissive of expense reporting software, but you probably just want to understand like, what are the requirements of the finance department? What are the requirements of an individual file expense report? Okay.[00:18:25] Bret: Go implement that. And you kind of know how web applications are implemented. You kind of know how to. How databases work, how to build auto scaling with your AWS cluster, whatever, you know, it's just, you're just applying best practices to yet another problem when you have areas like the early days of mobile development or the early days of interactive web applications, which I think Google Maps and Gmail represent, or now AI agents, you're in this constant conversation with what the requirements of your customers and stakeholders are and all the different people interacting with it.[00:18:58] Bret: And the capabilities of the [00:19:00] technology. And it's almost impossible to specify the requirements of a product when you're not sure of the limitations of the technology itself. And that's why I use the word conversation. It's not literal. That's sort of funny to use that word in the age of conversational AI.[00:19:15] Bret: You're constantly sort of saying, like, ideally, you could sprinkle some magic AI pixie dust and solve all the world's problems, but it's not the way it works. And it turns out that actually, I'll just give an interesting example.[00:19:26] AI Agents and Modern Tooling[00:19:26] Bret: I think most people listening probably use co pilots to code like Cursor or Devon or Microsoft Copilot or whatever.[00:19:34] Bret: Most of those tools are, they're remarkable. I'm, I couldn't, you know, imagine development without them now, but they're not autonomous yet. Like I wouldn't let it just write most code without my interactively inspecting it. We just are somewhere between it's an amazing co pilot and it's an autonomous software engineer.[00:19:53] Bret: As a product manager, like your aspirations for what the product is are like kind of meaningful. But [00:20:00] if you're a product person, yeah, of course you'd say it should be autonomous. You should click a button and program should come out the other side. The requirements meaningless. Like what matters is like, what is based on the like very nuanced limitations of the technology.[00:20:14] Bret: What is it capable of? And then how do you maximize the leverage? It gives a software engineering team, given those very nuanced trade offs. Coupled with the fact that those nuanced trade offs are changing more rapidly than any technology in my memory, meaning every few months you'll have new models with new capabilities.[00:20:34] Bret: So how do you construct a product that can absorb those new capabilities as rapidly as possible as well? That requires such a combination of technical depth and understanding the customer that you really need more integration. Of product design and engineering. And so I think it's why with these big technology waves, I think startups have a bit of a leg up relative to incumbents because they [00:21:00] tend to be sort of more self actualized in terms of just like bringing those disciplines closer together.[00:21:06] Bret: And in particular, I think entrepreneurs, the proverbial full stack engineers, you know, have a leg up as well because. I think most breakthroughs happen when you have someone who can understand those extremely nuanced technical trade offs, have a vision for a product. And then in the process of building it, have that, as I said, like metaphorical conversation with the technology, right?[00:21:30] Bret: Gosh, I ran into a technical limit that I didn't expect. It's not just like changing that feature. You might need to refactor the whole product based on that. And I think that's, that it's particularly important right now. So I don't, you know, if you, if you're building a big ERP system, probably there's a great reason to have product and engineering.[00:21:51] Bret: I think in general, the disciplines are there for a reason. I think when you're dealing with something as nuanced as the like technologies, like large language models today, there's a ton of [00:22:00] advantage of having. Individuals or organizations that integrate the disciplines more formally.[00:22:05] Alessio: That makes a lot of sense.[00:22:06] Alessio: I've run a lot of engineering teams in the past, and I think the product versus engineering tension has always been more about effort than like whether or not the feature is buildable. But I think, yeah, today you see a lot more of like. Models actually cannot do that. And I think the most interesting thing is on the startup side, people don't yet know where a lot of the AI value is going to accrue.[00:22:26] Alessio: So you have this rush of people building frameworks, building infrastructure, layered things, but we don't really know the shape of the compute. I'm curious that Sierra, like how you thought about building an house, a lot of the tooling for evals or like just, you know, building the agents and all of that.[00:22:41] Alessio: Versus how you see some of the startup opportunities that is maybe still out there.[00:22:46] Bret: We build most of our tooling in house at Sierra, not all. It's, we don't, it's not like not invented here syndrome necessarily, though, maybe slightly guilty of that in some ways, but because we're trying to build a platform [00:23:00] that's in Dorian, you know, we really want to have control over our own destiny.[00:23:03] Bret: And you had made a comment earlier that like. We're still trying to figure out who like the reactive agents are and the jury is still out. I would argue it hasn't been created yet. I don't think the jury is still out to go use that metaphor. We're sort of in the jQuery era of agents, not the react era.[00:23:19] Bret: And, and that's like a throwback for people listening,[00:23:22] swyx: we shouldn't rush it. You know?[00:23:23] Bret: No, yeah, that's my point is. And so. Because we're trying to create an enduring company at Sierra that outlives us, you know, I'm not sure we want to like attach our cart to some like to a horse where it's not clear that like we've figured out and I actually want as a company, we're trying to enable just at a high level and I'll, I'll quickly go back to tech at Sierra, we help consumer brands build customer facing AI agents.[00:23:48] Bret: So. Everyone from Sonos to ADT home security to Sirius XM, you know, if you call them on the phone and AI will pick up with you, you know, chat with them on the Sirius XM homepage. It's an AI agent called Harmony [00:24:00] that they've built on our platform. We're what are the contours of what it means for someone to build an end to end complete customer experience with AI with conversational AI.[00:24:09] Bret: You know, we really want to dive into the deep end of, of all the trade offs to do it. You know, where do you use fine tuning? Where do you string models together? You know, where do you use reasoning? Where do you use generation? How do you use reasoning? How do you express the guardrails of an agentic process?[00:24:25] Bret: How do you impose determinism on a fundamentally non deterministic technology? There's just a lot of really like as an important design space. And I could sit here and tell you, we have the best approach. Every entrepreneur will, you know. But I hope that in two years, we look back at our platform and laugh at how naive we were, because that's the pace of change broadly.[00:24:45] Bret: If you talk about like the startup opportunities, I'm not wholly skeptical of tools companies, but I'm fairly skeptical. There's always an exception for every role, but I believe that certainly there's a big market for [00:25:00] frontier models, but largely for companies with huge CapEx budgets. So. Open AI and Microsoft's Anthropic and Amazon Web Services, Google Cloud XAI, which is very well capitalized now, but I think the, the idea that a company can make money sort of pre training a foundation model is probably not true.[00:25:20] Bret: It's hard to, you're competing with just, you know, unreasonably large CapEx budgets. And I just like the cloud infrastructure market, I think will be largely there. I also really believe in the applications of AI. And I define that not as like building agents or things like that. I define it much more as like, you're actually solving a problem for a business.[00:25:40] Bret: So it's what Harvey is doing in legal profession or what cursor is doing for software engineering or what we're doing for customer experience and customer service. The reason I believe in that is I do think that in the age of AI, what's really interesting about software is it can actually complete a task.[00:25:56] Bret: It can actually do a job, which is very different than the value proposition of [00:26:00] software was to ancient history two years ago. And as a consequence, I think the way you build a solution and For a domain is very different than you would have before, which means that it's not obvious, like the incumbent incumbents have like a leg up, you know, necessarily, they certainly have some advantages, but there's just such a different form factor, you know, for providing a solution and it's just really valuable.[00:26:23] Bret: You know, it's. Like just think of how much money cursor is saving software engineering teams or the alternative, how much revenue it can produce tool making is really challenging. If you look at the cloud market, just as a analog, there are a lot of like interesting tools, companies, you know, Confluent, Monetized Kafka, Snowflake, Hortonworks, you know, there's a, there's a bunch of them.[00:26:48] Bret: A lot of them, you know, have that mix of sort of like like confluence or have the open source or open core or whatever you call it. I, I, I'm not an expert in this area. You know, I do think [00:27:00] that developers are fickle. I think that in the tool space, I probably like. Default towards open source being like the area that will win.[00:27:09] Bret: It's hard to build a company around this and then you end up with companies sort of built around open source to that can work. Don't get me wrong, but I just think that it's nowadays the tools are changing so rapidly that I'm like, not totally skeptical of tool makers, but I just think that open source will broadly win, but I think that the CapEx required for building frontier models is such that it will go to a handful of big companies.[00:27:33] Bret: And then I really believe in agents for specific domains which I think will, it's sort of the analog to software as a service in this new era. You know, it's like, if you just think of the cloud. You can lease a server. It's just a low level primitive, or you can buy an app like you know, Shopify or whatever.[00:27:51] Bret: And most people building a storefront would prefer Shopify over hand rolling their e commerce storefront. I think the same thing will be true of AI. So [00:28:00] I've. I tend to like, if I have a, like an entrepreneur asked me for advice, I'm like, you know, move up the stack as far as you can towards a customer need.[00:28:09] Bret: Broadly, but I, but it doesn't reduce my excitement about what is the reactive building agents kind of thing, just because it is, it is the right question to ask, but I think we'll probably play out probably an open source space more than anything else.[00:28:21] swyx: Yeah, and it's not a priority for you. There's a lot in there.[00:28:24] swyx: I'm kind of curious about your idea maze towards, there are many customer needs. You happen to identify customer experience as yours, but it could equally have been coding assistance or whatever. I think for some, I'm just kind of curious at the top down, how do you look at the world in terms of the potential problem space?[00:28:44] swyx: Because there are many people out there who are very smart and pick the wrong problem.[00:28:47] Bret: Yeah, that's a great question.[00:28:48] Future of Software Development[00:28:48] Bret: By the way, I would love to talk about the future of software, too, because despite the fact it didn't pick coding, I have a lot of that, but I can talk to I can answer your question, though, you know I think when a technology is as [00:29:00] cool as large language models.[00:29:02] Bret: You just see a lot of people starting from the technology and searching for a problem to solve. And I think it's why you see a lot of tools companies, because as a software engineer, you start building an app or a demo and you, you encounter some pain points. You're like,[00:29:17] swyx: a lot of[00:29:17] Bret: people are experiencing the same pain point.[00:29:19] Bret: What if I make it? That it's just very incremental. And you know, I always like to use the metaphor, like you can sell coffee beans, roasted coffee beans. You can add some value. You took coffee beans and you roasted them and roasted coffee beans largely, you know, are priced relative to the cost of the beans.[00:29:39] Bret: Or you can sell a latte and a latte. Is rarely priced directly like as a percentage of coffee bean prices. In fact, if you buy a latte at the airport, it's a captive audience. So it's a really expensive latte. And there's just a lot that goes into like. How much does a latte cost? And I bring it up because there's a supply chain from growing [00:30:00] coffee beans to roasting coffee beans to like, you know, you could make one at home or you could be in the airport and buy one and the margins of the company selling lattes in the airport is a lot higher than the, you know, people roasting the coffee beans and it's because you've actually solved a much more acute human problem in the airport.[00:30:19] Bret: And, and it's just worth a lot more to that person in that moment. It's kind of the way I think about technology too. It sounds funny to liken it to coffee beans, but you're selling tools on top of a large language model yet in some ways your market is big, but you're probably going to like be price compressed just because you're sort of a piece of infrastructure and then you have open source and all these other things competing with you naturally.[00:30:43] Bret: If you go and solve a really big business problem for somebody, that's actually like a meaningful business problem that AI facilitates, they will value it according to the value of that business problem. And so I actually feel like people should just stop. You're like, no, that's, that's [00:31:00] unfair. If you're searching for an idea of people, I, I love people trying things, even if, I mean, most of the, a lot of the greatest ideas have been things no one believed in.[00:31:07] Bret: So I like, if you're passionate about something, go do it. Like who am I to say, yeah, a hundred percent. Or Gmail, like Paul as far, I mean I, some of it's Laura at this point, but like Gmail is Paul's own email for a long time. , and then I amusingly and Paul can't correct me, I'm pretty sure he sent her in a link and like the first comment was like, this is really neat.[00:31:26] Bret: It would be great. It was not your email, but my own . I don't know if it's a true story. I'm pretty sure it's, yeah, I've read that before. So scratch your own niche. Fine. Like it depends on what your goal is. If you wanna do like a venture backed company, if its a. Passion project, f*****g passion, do it like don't listen to anybody.[00:31:41] Bret: In fact, but if you're trying to start, you know an enduring company, solve an important business problem. And I, and I do think that in the world of agents, the software industries has shifted where you're not just helping people more. People be more productive, but you're actually accomplishing tasks autonomously.[00:31:58] Bret: And as a consequence, I think the [00:32:00] addressable market has just greatly expanded just because software can actually do things now and actually accomplish tasks and how much is coding autocomplete worth. A fair amount. How much is the eventual, I'm certain we'll have it, the software agent that actually writes the code and delivers it to you, that's worth a lot.[00:32:20] Bret: And so, you know, I would just maybe look up from the large language models and start thinking about the economy and, you know, think from first principles. I don't wanna get too far afield, but just think about which parts of the economy. We'll benefit most from this intelligence and which parts can absorb it most easily.[00:32:38] Bret: And what would an agent in this space look like? Who's the customer of it is the technology feasible. And I would just start with these business problems more. And I think, you know, the best companies tend to have great engineers who happen to have great insight into a market. And it's that last part that I think some people.[00:32:56] Bret: Whether or not they have, it's like people start so much in the technology, they [00:33:00] lose the forest for the trees a little bit.[00:33:02] Alessio: How do you think about the model of still selling some sort of software versus selling more package labor? I feel like when people are selling the package labor, it's almost more stateless, you know, like it's easier to swap out if you're just putting an input and getting an output.[00:33:16] Alessio: If you think about coding, if there's no ID, you're just putting a prompt and getting back an app. It doesn't really matter. Who generates the app, you know, you have less of a buy in versus the platform you're building, I'm sure on the backend customers have to like put on their documentation and they have, you know, different workflows that they can tie in what's kind of like the line to draw there versus like going full where you're managed customer support team as a service outsource versus.[00:33:40] Alessio: This is the Sierra platform that you can build on. What was that decision? I'll sort of[00:33:44] Bret: like decouple the question in some ways, which is when you have something that's an agent, who is the person using it and what do they want to do with it? So let's just take your coding agent for a second. I will talk about Sierra as well.[00:33:59] Bret: Who's the [00:34:00] customer of a, an agent that actually produces software? Is it a software engineering manager? Is it a software engineer? And it's there, you know, intern so to speak. I don't know. I mean, we'll figure this out over the next few years. Like what is that? And is it generating code that you then review?[00:34:16] Bret: Is it generating code with a set of unit tests that pass, what is the actual. For lack of a better word contract, like, how do you know that it did what you wanted it to do? And then I would say like the product and the pricing, the packaging model sort of emerged from that. And I don't think the world's figured out.[00:34:33] Bret: I think it'll be different for every agent. You know, in our customer base, we do what's called outcome based pricing. So essentially every time the AI agent. Solves the problem or saves a customer or whatever it might be. There's a pre negotiated rate for that. We do that. Cause it's, we think that that's sort of the correct way agents, you know, should be packaged.[00:34:53] Bret: I look back at the history of like cloud software and notably the introduction of the browser, which led to [00:35:00] software being delivered in a browser, like Salesforce to. Famously invented sort of software as a service, which is both a technical delivery model through the browser, but also a business model, which is you subscribe to it rather than pay for a perpetual license.[00:35:13] Bret: Those two things are somewhat orthogonal, but not really. If you think about the idea of software running in a browser, that's hosted. Data center that you don't own, you sort of needed to change the business model because you don't, you can't really buy a perpetual license or something otherwise like, how do you afford making changes to it?[00:35:31] Bret: So it only worked when you were buying like a new version every year or whatever. So to some degree, but then the business model shift actually changed business as we know it, because now like. Things like Adobe Photoshop. Now you subscribe to rather than purchase. So it ended up where you had a technical shift and a business model shift that were very logically intertwined that actually the business model shift was turned out to be as significant as the technical as the shift.[00:35:59] Bret: And I think with [00:36:00] agents, because they actually accomplish a job, I do think that it doesn't make sense to me that you'd pay for the privilege of like. Using the software like that coding agent, like if it writes really bad code, like fire it, you know, I don't know what the right metaphor is like you should pay for a job.[00:36:17] Bret: Well done in my opinion. I mean, that's how you pay your software engineers, right? And[00:36:20] swyx: and well, not really. We paid to put them on salary and give them options and they vest over time. That's fair.[00:36:26] Bret: But my point is that you don't pay them for how many characters they write, which is sort of the token based, you know, whatever, like, There's a, that famous Apple story where we're like asking for a report of how many lines of code you wrote.[00:36:40] Bret: And one of the engineers showed up with like a negative number cause he had just like done a big refactoring. There was like a big F you to management who didn't understand how software is written. You know, my sense is like the traditional usage based or seat based thing. It's just going to look really antiquated.[00:36:55] Bret: Cause it's like asking your software engineer, how many lines of code did you write today? Like who cares? Like, cause [00:37:00] absolutely no correlation. So my old view is I don't think it's be different in every category, but I do think that that is the, if an agent is doing a job, you should, I think it properly incentivizes the maker of that agent and the customer of, of your pain for the job well done.[00:37:16] Bret: It's not always perfect to measure. It's hard to measure engineering productivity, but you can, you should do something other than how many keys you typed, you know Talk about perverse incentives for AI, right? Like I can write really long functions to do the same thing, right? So broadly speaking, you know, I do think that we're going to see a change in business models of software towards outcomes.[00:37:36] Bret: And I think you'll see a change in delivery models too. And, and, you know, in our customer base you know, we empower our customers to really have their hands on the steering wheel of what the agent does they, they want and need that. But the role is different. You know, at a lot of our customers, the customer experience operations folks have renamed themselves the AI architects, which I think is really cool.[00:37:55] Bret: And, you know, it's like in the early days of the Internet, there's the role of the webmaster. [00:38:00] And I don't know whether your webmaster is not a fashionable, you know, Term, nor is it a job anymore? I just, I don't know. Will they, our tech stand the test of time? Maybe, maybe not. But I do think that again, I like, you know, because everyone listening right now is a software engineer.[00:38:14] Bret: Like what is the form factor of a coding agent? And actually I'll, I'll take a breath. Cause actually I have a bunch of pins on them. Like I wrote a blog post right before Christmas, just on the future of software development. And one of the things that's interesting is like, if you look at the way I use cursor today, as an example, it's inside of.[00:38:31] Bret: A repackaged visual studio code environment. I sometimes use the sort of agentic parts of it, but it's largely, you know, I've sort of gotten a good routine of making it auto complete code in the way I want through tuning it properly when it actually can write. I do wonder what like the future of development environments will look like.[00:38:55] Bret: And to your point on what is a software product, I think it's going to change a lot in [00:39:00] ways that will surprise us. But I always use, I use the metaphor in my blog post of, have you all driven around in a way, Mo around here? Yeah, everyone has. And there are these Jaguars, the really nice cars, but it's funny because it still has a steering wheel, even though there's no one sitting there and the steering wheels like turning and stuff clearly in the future.[00:39:16] Bret: If once we get to that, be more ubiquitous, like why have the steering wheel and also why have all the seats facing forward? Maybe just for car sickness. I don't know, but you could totally rearrange the car. I mean, so much of the car is oriented around the driver, so. It stands to reason to me that like, well, autonomous agents for software engineering run through visual studio code.[00:39:37] Bret: That seems a little bit silly because having a single source code file open one at a time is kind of a goofy form factor for when like the code isn't being written primarily by you, but it begs the question of what's your relationship with that agent. And I think the same is true in our industry of customer experience, which is like.[00:39:55] Bret: Who are the people managing this agent? What are the tools do they need? And they definitely need [00:40:00] tools, but it's probably pretty different than the tools we had before. It's certainly different than training a contact center team. And as software engineers, I think that I would like to see particularly like on the passion project side or research side.[00:40:14] Bret: More innovation in programming languages. I think that we're bringing the cost of writing code down to zero. So the fact that we're still writing Python with AI cracks me up just cause it's like literally was designed to be ergonomic to write, not safe to run or fast to run. I would love to see more innovation and how we verify program correctness.[00:40:37] Bret: I studied for formal verification in college a little bit and. It's not very fashionable because it's really like tedious and slow and doesn't work very well. If a lot of code is being written by a machine, you know, one of the primary values we can provide is verifying that it actually does what we intend that it does.[00:40:56] Bret: I think there should be lots of interesting things in the software development life cycle, like how [00:41:00] we think of testing and everything else, because. If you think about if we have to manually read every line of code that's coming out as machines, it will just rate limit how much the machines can do. The alternative is totally unsafe.[00:41:13] Bret: So I wouldn't want to put code in production that didn't go through proper code review and inspection. So my whole view is like, I actually think there's like an AI native I don't think the coding agents don't work well enough to do this yet, but once they do, what is sort of an AI native software development life cycle and how do you actually.[00:41:31] Bret: Enable the creators of software to produce the highest quality, most robust, fastest software and know that it's correct. And I think that's an incredible opportunity. I mean, how much C code can we rewrite and rust and make it safe so that there's fewer security vulnerabilities. Can we like have more efficient, safer code than ever before?[00:41:53] Bret: And can you have someone who's like that guy in the matrix, you know, like staring at the little green things, like where could you have an operator [00:42:00] of a code generating machine be like superhuman? I think that's a cool vision. And I think too many people are focused on like. Autocomplete, you know, right now, I'm not, I'm not even, I'm guilty as charged.[00:42:10] Bret: I guess in some ways, but I just like, I'd like to see some bolder ideas. And that's why when you were joking, you know, talking about what's the react of whatever, I think we're clearly in a local maximum, you know, metaphor, like sort of conceptual local maximum, obviously it's moving really fast. I think we're moving out of it.[00:42:26] Alessio: Yeah. At the end of 23, I've read this blog post from syntax to semantics. Like if you think about Python. It's taking C and making it more semantic and LLMs are like the ultimate semantic program, right? You can just talk to them and they can generate any type of syntax from your language. But again, the languages that they have to use were made for us, not for them.[00:42:46] Alessio: But the problem is like, as long as you will ever need a human to intervene, you cannot change the language under it. You know what I mean? So I'm curious at what point of automation we'll need to get, we're going to be okay making changes. To the underlying languages, [00:43:00] like the programming languages versus just saying, Hey, you just got to write Python because I understand Python and I'm more important at the end of the day than the model.[00:43:08] Alessio: But I think that will change, but I don't know if it's like two years or five years. I think it's more nuanced actually.[00:43:13] Bret: So I think there's a, some of the more interesting programming languages bring semantics into syntax. So let me, that's a little reductive, but like Rust as an example, Rust is memory safe.[00:43:25] Bret: Statically, and that was a really interesting conceptual, but it's why it's hard to write rust. It's why most people write python instead of rust. I think rust programs are safer and faster than python, probably slower to compile. But like broadly speaking, like given the option, if you didn't have to care about the labor that went into it.[00:43:45] Bret: You should prefer a program written in Rust over a program written in Python, just because it will run more efficiently. It's almost certainly safer, et cetera, et cetera, depending on how you define safe, but most people don't write Rust because it's kind of a pain in the ass. And [00:44:00] the audience of people who can is smaller, but it's sort of better in most, most ways.[00:44:05] Bret: And again, let's say you're making a web service and you didn't have to care about how hard it was to write. If you just got the output of the web service, the rest one would be cheaper to operate. It's certainly cheaper and probably more correct just because there's so much in the static analysis implied by the rest programming language that it probably will have fewer runtime errors and things like that as well.[00:44:25] Bret: So I just give that as an example, because so rust, at least my understanding that came out of the Mozilla team, because. There's lots of security vulnerabilities in the browser and it needs to be really fast. They said, okay, we want to put more of a burden at the authorship time to have fewer issues at runtime.[00:44:43] Bret: And we need the constraint that it has to be done statically because browsers need to be really fast. My sense is if you just think about like the, the needs of a programming language today, where the role of a software engineer is [00:45:00] to use an AI to generate functionality and audit that it does in fact work as intended, maybe functionally, maybe from like a correctness standpoint, some combination thereof, how would you create a programming system that facilitated that?[00:45:15] Bret: And, you know, I bring up Rust is because I think it's a good example of like, I think given a choice of writing in C or Rust, you should choose Rust today. I think most people would say that, even C aficionados, just because. C is largely less safe for very similar, you know, trade offs, you know, for the, the system and now with AI, it's like, okay, well, that just changes the game on writing these things.[00:45:36] Bret: And so like, I just wonder if a combination of programming languages that are more structurally oriented towards the values that we need from an AI generated program, verifiable correctness and all of that. If it's tedious to produce for a person, that maybe doesn't matter. But one thing, like if I asked you, is this rest program memory safe?[00:45:58] Bret: You wouldn't have to read it, you just have [00:46:00] to compile it. So that's interesting. I mean, that's like an, that's one example of a very modest form of formal verification. So I bring that up because I do think you have AI inspect AI, you can have AI reviewed. Do AI code reviews. It would disappoint me if the best we could get was AI reviewing Python and having scaled a few very large.[00:46:21] Bret: Websites that were written on Python. It's just like, you know, expensive and it's like every, trust me, every team who's written a big web service in Python has experimented with like Pi Pi and all these things just to make it slightly more efficient than it naturally is. You don't really have true multi threading anyway.[00:46:36] Bret: It's just like clearly that you do it just because it's convenient to write. And I just feel like we're, I don't want to say it's insane. I just mean. I do think we're at a local maximum. And I would hope that we create a programming system, a combination of programming languages, formal verification, testing, automated code reviews, where you can use AI to generate software in a high scale way and trust it.[00:46:59] Bret: And you're [00:47:00] not limited by your ability to read it necessarily. I don't know exactly what form that would take, but I feel like that would be a pretty cool world to live in.[00:47:08] Alessio: Yeah. We had Chris Lanner on the podcast. He's doing great work with modular. I mean, I love. LVM. Yeah. Basically merging rust in and Python.[00:47:15] Alessio: That's kind of the idea. Should be, but I'm curious is like, for them a big use case was like making it compatible with Python, same APIs so that Python developers could use it. Yeah. And so I, I wonder at what point, well, yeah.[00:47:26] Bret: At least my understanding is they're targeting the data science Yeah. Machine learning crowd, which is all written in Python, so still feels like a local maximum.[00:47:34] Bret: Yeah.[00:47:34] swyx: Yeah, exactly. I'll force you to make a prediction. You know, Python's roughly 30 years old. In 30 years from now, is Rust going to be bigger than Python?[00:47:42] Bret: I don't know this, but just, I don't even know this is a prediction. I just am sort of like saying stuff I hope is true. I would like to see an AI native programming language and programming system, and I use language because I'm not sure language is even the right thing, but I hope in 30 years, there's an AI native way we make [00:48:00] software that is wholly uncorrelated with the current set of programming languages.[00:48:04] Bret: or not uncorrelated, but I think most programming languages today were designed to be efficiently authored by people and some have different trade offs.[00:48:15] Evolution of Programming Languages[00:48:15] Bret: You know, you have Haskell and others that were designed for abstractions for parallelism and things like that. You have programming languages like Python, which are designed to be very easily written, sort of like Perl and Python lineage, which is why data scientists use it.[00:48:31] Bret: It's it can, it has a. Interactive mode, things like that. And I love, I'm a huge Python fan. So despite all my Python trash talk, a huge Python fan wrote at least two of my three companies were exclusively written in Python and then C came out of the birth of Unix and it wasn't the first, but certainly the most prominent first step after assembly language, right?[00:48:54] Bret: Where you had higher level abstractions rather than and going beyond go to, to like abstractions, [00:49:00] like the for loop and the while loop.[00:49:01] The Future of Software Engineering[00:49:01] Bret: So I just think that if the act of writing code is no longer a meaningful human exercise, maybe it will be, I don't know. I'm just saying it sort of feels like maybe it's one of those parts of history that just will sort of like go away, but there's still the role of this offer engineer, like the person actually building the system.[00:49:20] Bret: Right. And. What does a programming system for that form factor look like?[00:49:25] React and Front-End Development[00:49:25] Bret: And I, I just have a, I hope to be just like I mentioned, I remember I was at Facebook in the very early days when, when, what is now react was being created. And I remember when the, it was like released open source I had left by that time and I was just like, this is so f*****g cool.[00:49:42] Bret: Like, you know, to basically model your app independent of the data flowing through it, just made everything easier. And then now. You know, I can create, like there's a lot of the front end software gym play is like a little chaotic for me, to be honest with you. It is like, it's sort of like [00:50:00] abstraction soup right now for me, but like some of those core ideas felt really ergonomic.[00:50:04] Bret: I just wanna, I'm just looking forward to the day when someone comes up with a programming system that feels both really like an aha moment, but completely foreign to me at the same time. Because they created it with sort of like from first principles recognizing that like. Authoring code in an editor is maybe not like the primary like reason why a programming system exists anymore.[00:50:26] Bret: And I think that's like, that would be a very exciting day for me.[00:50:28] The Role of AI in Programming[00:50:28] swyx: Yeah, I would say like the various versions of this discussion have happened at the end of the day, you still need to precisely communicate what you want. As a manager of people, as someone who has done many, many legal contracts, you know how hard that is.[00:50:42] swyx: And then now we have to talk to machines doing that and AIs interpreting what we mean and reading our minds effectively. I don't know how to get across that barrier of translating human intent to instructions. And yes, it can be more declarative, but I don't know if it'll ever Crossover from being [00:51:00] a programming language to something more than that.[00:51:02] Bret: I agree with you. And I actually do think if you look at like a legal contract, you know, the imprecision of the English language, it's like a flaw in the system. How many[00:51:12] swyx: holes there are.[00:51:13] Bret: And I do think that when you're making a mission critical software system, I don't think it should be English language prompts.[00:51:19] Bret: I think that is silly because you want the precision of a a programming language. My point was less about that and more about if the actual act of authoring it, like if you.[00:51:32] Formal Verification in Software[00:51:32] Bret: I'll think of some embedded systems do use formal verification. I know it's very common in like security protocols now so that you can, because the importance of correctness is so great.[00:51:41] Bret: My intellectual exercise is like, why not do that for all software? I mean, probably that's silly just literally to do what we literally do for. These low level security protocols, but the only reason we don't is because it's hard and tedious and hard and tedious are no longer factors. So, like, if I could, I mean, [00:52:00] just think of, like, the silliest app on your phone right now, the idea that that app should be, like, formally verified for its correctness feels laughable right now because, like, God, why would you spend the time on it?[00:52:10] Bret: But if it's zero costs, like, yeah, I guess so. I mean, it never crashed. That's probably good. You know, why not? I just want to, like, set our bars really high. Like. We should make, software has been amazing. Like there's a Mark Andreessen blog post, software is eating the world. And you know, our whole life is, is mediated digitally.[00:52:26] Bret: And that's just increasing with AI. And now we'll have our personal agents talking to the agents on the CRO platform and it's agents all the way down, you know, our core infrastructure is running on these digital systems. We now have like, and we've had a shortage of software developers for my entire life.[00:52:45] Bret: And as a consequence, you know if you look, remember like health care, got healthcare. gov that fiasco security vulnerabilities leading to state actors getting access to critical infrastructure. I'm like. We now have like created this like amazing system that can [00:53:00] like, we can fix this, you know, and I, I just want to, I'm both excited about the productivity gains in the economy, but I just think as software engineers, we should be bolder.[00:53:08] Bret: Like we should have aspirations to fix these systems so that like in general, as you said, as precise as we want to be in the specification of the system. We can make it work correctly now, and I'm being a little bit hand wavy, and I think we need some systems. I think that's where we should set the bar, especially when so much of our life depends on this critical digital infrastructure.[00:53:28] Bret: So I'm I'm just like super optimistic about it. But actually, let's go to w

Join us as Tanner Linsley, the creator and founder of TanStack Start talks about its transition from Vinci to a more streamlined architecture built on Nitro. Learn about the framework's innovative approach to server functions, its isomorphic design philosophy, and how it differs from other frameworks like Remix. Tanner also shares insights into TanStack's sustainable open-source business model and his journey to building developer tools that prioritize user experience over rapid growth.Show Notes0:00 - Intro0:38 - Welcome Tanner Linsley3:43 - React Server Components and TanStack Evolution6:04 - TanStack Start Overview and Vinci Transition11:26 - Nitro Integration and Framework Architecture15:19 - Server Functions and Framework Comparisons20:58 - API Design Philosophy24:19 - Testing and Development Process30:58 - Team and Collaboration Discussion33:38 - Open Source Sponsorship Strategy36:32 - Netlify Partnership Announcement38:37 - Open Source Sustainability Discussion41:03 - Picks and Plugs LinksProducts & Tools:TanStackVinxi by Nikhil SarafNitroReact RouterTRPCRemixH3 (web request library)XPro (Tweet Deck)Deck.blue (BlueSky client)MOTU M4 audio interfaceBamboo Lab A1 3D printerLashbrook Designs (Brad's wedding band)Companies & Sponsors:ConvexClerkAG GridSentryNetlifyGames & Entertainment:Blockus (board game)Severance (TV Show on Apple TV+)"First Lie Wins" (book)Personal Projects & Links:buildtwelve.com (Amy's project)Brad on BlueSky (@bradgaropy.com)Nozzle (Tanner's startup)Technical Resources:Babel Dead Code Elimination (by Pedro Katori)GitHub 3D Contribution Graph GeneratorReact Server Components documentationOther Projects Mentioned:Solid StartAstro

Daniel Walrond works in Oslo as a Senior System consultant and in this episode of IT Talks, he goes into depth about Varnish Cache.  Varnish Cache is an open-source tool, free to use, and making web pages 10 to 100 times faster. It is invaluable for anyone using HTTP to prevent delays and improving connection speed. Learn how it works, who it's for, and why it's a game-changer for managing connections. All this and more in today's episode of IT Talks!

Change your life in 2025! You have access to fantastic training from the amazing Dr Chuck - no excuses!! // Python for Everybody // Python for Everybody: https://www.py4e.com/ Python for Everybody on Coursera: https://www.coursera.org/specializati... YouTube: • Python for Everybody - Full Universit... Free Python Book: http://do1.dr-chuck.com/pythonlearn/E... Dr Chuck's Website: https://www.dr-chuck.com/ Free Python Book options: https://www.py4e.com/book // C for Everybody Course // Free C Programming Course https://www.cc4e.com/ Free course on YouTube (freeCodeCamp): • Dr. Chuck reads C Programming (the cl... C Programming for Everybody on Coursera: https://www.coursera.org/specializati... // C book Audio by Dr Chuck // https://www.cc4e.com/podcast // Django for Everybody // Django for Everybody: https://www.dj4e.com/ Django for Everybody for on Coursera: https://www.coursera.org/specializati... YouTube: • Django For Everybody - Full Python Un... // PostgreSQL for Everybody // PostgreSQL for Everybody: https://www.pg4e.com/ PostgreSQL for Everybody on Coursera: https://www.coursera.org/specializati... YouTube: • Welcome to PostgreSQL for Everybody -... // Web Applications for Everybody // YouTube: • Web Applications for Everybody Course... Web Applications for Everybody: https://www.wa4e.com/ Web Applications for Everybody on Coursera: https://www.coursera.org/specializati... YouTube: • Welcome to Web Applications for Every... // Books // The C Programming Language by Brian Kernighan and Dennis Ritchie (the 1984 Second Ed and 1978 First Ed): https://amzn.to/3G0HSkU // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // Dr Chuck Social // Website: https://www.dr-chuck.com/ Twitter: / drchuck YouTube: / csev Coursera: https://www.coursera.org/instructor/d... // MENU // 0:00 - Coming up 01:33 - How A.I. is affecting education 04:25 - Using A.I. to help students learn 08:11 - A.I. will fail you // Using A.I. to cheat in the real-world 19:40 - The Golden Age of A.I. and how it will get worse 24:51 - Is it worth it becoming a programmer in 2025 27:15 - Will A.I. replace programmers? 29:12 - Programming as a career choice 36:52 - A.I. is becoming a hardware problem 40:28 - Expectations of the younger generation 44:40 - The Master Programmer explained // Higher education is changing 52:03 - The Master Programmer courses and how to get started 56:23 - Learning JavaScript 01:09:37 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Chris Cooper interviews Atsushi Mizumoto from Kansai University lostincitations@gmail.com

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.In this  episode our special guest is Mark Spears.Mark is currently a Principal Security Consultant at Solis Security. Having fulfilled significant time as a network defender and vCISO dealing with writing and testing InfoSec Programs and dealing with auditors and endless reporting, he has now re-focused his time on Penetration Testing to get his fill of offensive security operations. So Red Pill or Blue Pill?A lot of his most recent education and skill focus has been on helping companies with their Web Application security through Secure-SDLC practices including configuration of Web Application Firewalls and Zero Trust solutions. When not enjoying his work at Solis Security, he can be found practicing physical security, lock picking, social engineering, or hardware hacking. Or, out on a Harley Davidson!

Today in the Creator's Lab, Tony Dang joins Elixir Wizards Sundi Myint and Owen Bickford to break down his journey of creating a local-first, offline-ready to-do app using Phoenix LiveView, Svelte, and CRDTs (Conflict-free Replicated Data Types). Tony explains why offline functionality matters and how this feature can transform various apps. He shares insights on different libraries, algorithms, and techniques for building local-first experiences and highlights the advantages of Elixir and Phoenix LiveView. Tony also shares his go-to tools, like Inertia.js for connecting Phoenix backends with JavaScript frontends, and favorite Elixir packages like Oban, Joken, and Hammer, offering a toolkit for anyone building powerful, adaptable applications. Topics discussed in this episode: Tony Dang's background from mechanical engineer to web developer Building an offline-enabled to-do app with Phoenix LiveView and Svelte CRDTs: Conflict-free Replicated Data Types for merging changes offline How to make a LiveView app work offline Sending full state updates vs. incremental updates for performance optimization Inspiring others through open-source projects and community contributions Learning vanilla Phoenix and Channels to understand LiveView better Handling stale CSRF tokens when reconnecting to a LiveView app offline Exploring service workers and browser APIs for managing offline connectivity Balancing the use of JavaScript and Elixir in web development Fostering a supportive and inspiring Elixir community Links mentioned: Working in Elevators: How to build an offline-enabled, real-time todo app (https://www.youtube.com/watch?v=PX9-lq0LL9Q) w/ LiveView, Svelte, & Yjs Tony's Twitter: https://x.com/tonydangblog https://liveview-svelte-pwa.fly.dev/ https://github.com/tonydangblog/liveview-svelte-pwa CRDT: https://en.wikipedia.org/wiki/Conflict-freereplicateddatatype PWA: https://en.wikipedia.org/wiki/Progressivewebapp https://github.com/josevalim/sync https://github.com/sveltejs/svelte https://github.com/woutdp/livesvelte https://github.com/yjs/yjs https://github.com/satoren/yex https://github.com/y-crdt/y-crdt https://linear.app/ https://github.com/automerge/automerge https://hexdocs.pm/phoenix/1.4.0-rc.1/presence.html Vaxine, the Rich CRDT Database for ElixirPhoenix Apps (https://www.youtube.com/watch?v=n2c5eWIfziY) | James Arthur | Code BEAM America 2022 https://github.com/electric-sql/vaxine Hybrid Logical Clocks https://muratbuffalo.blogspot.com/2014/07/hybrid-logical-clocks.html https://en.wikipedia.org/wiki/256(number) CSRF Tokens in LiveView https://hexdocs.pm/phoenixliveview/Phoenix.LiveView.html#getconnectparams/1 https://hexdocs.pm/phoenix/channels.html Authentication with Passkeys (https://www.youtube.com/playlist?list=PL8lFmBcH3vX-JNIgxW3THUy7REthSRFEI) Talk by Tony https://www.meetup.com/dc-elixir/ https://github.com/rails/rails https://github.com/facebook/react-native https://github.com/vuejs https://github.com/laravel/laravel https://hexdocs.pm/phoenixliveview/js-interop.html https://github.com/inertiajs https://github.com/inertiajs/inertia-phoenix https://savvycal.com/ https://github.com/wojtekmach/req https://github.com/oban-bg/oban https://github.com/joken-elixir/joken https://github.com/ExHammer/hammer Special Guest: Tony Dang.

In this Episode, you will discover

Kent C. Dodds, web dev educator, discusses the evolution of web architectures, the potential of React Server Components, and the latest advancements in React 19, offering insights perfect for developers eager to stay ahead. Links https://kentcdodds.com https://x.com/kentcdodds https://github.com/kentcdodds https://www.youtube.com/c/KentCDodds-vids https://www.linkedin.com/in/kentcdodds https://www.epicreact.dev https://www.testingjavascript.com https://www.epicweb.dev We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Kent C. Dodds.

Web Application Security: The Secret to Hack-Proof Apps" is your gateway to mastering the critical skills necessary to protect your web applications from

Welcome to our quick guide on Web Applications! In this Epiosode, we'll cover the basics of web applications, including what they are, how they work, and why they are essential in today's digital landscape. Whether you're a beginner or looking to refresh your knowledge, this Session will give you a solid foundation to understand the fundamentals of web applications. Don't forget to like, comment, and subscribe for more tech insights!

David Neal, developer advocate and Asana content creator, discusses his talk, The Illustrated Guide to Node.js. David shares insights from his 10-year journey with Node.js, discussing its origins, use cases, and why it remains a vital tool for developers, giving insights into JavaScript's evolution and practical tips for navigating the Node.js ecosystem. Links https://reverentgeek.com https://twitter.com/reverentgeek https://techhub.social/@reverentgeek https://staging.bsky.app/profile/reverentgeek.com https://www.threads.net/@reverentgeek https://github.com/reverentgeek https://www.youtube.com/ReverentGeek https://www.linkedin.com/in/davidneal We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: David Neal.

What makes a Web Application Firewall (WAF) a Web Application and API Protection (WAAP) solution? How is the landscape of the market changing and does every organization need a WAAP solution? Tune in to this episode of the Analyst Chat with guest Osman Celik and host Matthias Reinwarth to learn more. Dive deeper into the topic: https://www.kuppingercole.com/research/lc80921/web-application-firewalls

What makes a Web Application Firewall (WAF) a Web Application and API Protection (WAAP) solution? How is the landscape of the market changing and does every organization need a WAAP solution? Tune in to this episode of the Analyst Chat with guest Osman Celik and host Matthias Reinwarth to learn more. Dive deeper into the topic: https://www.kuppingercole.com/research/lc80921/web-application-firewalls

Jason Haley is a Full Stack Solution Architect at Jason Haley Consulting, LLC, where he provides custom Azure and .NET application development solutions for a variety of clients. With over 20 years of experience using Microsoft technologies, he has earned the title of Microsoft Azure MVP and holds numerous certifications.   His expertise lies in developing Web Applications and Single Page Applications (SPA) using Blazor, Angular, jQuery, ASP.Net Core, Entity Framework Core, Redis, SQL Server, and Windows Azure Active Directory. In addition, he customizes build processes for Azure DevOps pipelines and creates courseware for .NET and Azure topics. He is deeply passionate about learning and sharing his knowledge with the local Azure and .NET community, and he leads two user groups in the Boston area.   Topics of Discussion: [3:40] The two things that have stuck out in Jason's career. [5:36] When Jason started paying attention to GenAI. [9:12] Looking at GenAI from a solution perspective. [10:52] Where to start as a .NET developer. [16:49] Why aren't there more examples in C#? [18:02] What is Graph RAG? [19:11] Using language models for natural language processing tasks, including prompt engineering and token limits. [20:56] The importance of prompt engineering, and how to optimize prompts. [25:04] Cost and mechanics of using OpenAI's language model in Azure. [32:12] Using Azure AI services for business problems and thinking about AI as an intern. [34:48] Recommendations for .NET developers to get started with Azure Open AI and semantic search.   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Programming with Palermo — New Video Podcast! Email us at programming@palermo.net. Clear Measure, Inc. (Sponsor) .NET DevOps for Azure: A Developer's Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon! Jeffrey Palermo's Twitter — Follow to stay informed about future events! Jason Haley website Generative AI for Beginners Azure OpenAI RAG Pattern using a SQL Vector Database   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

On this episode, Skyler talks to Principal Security Consultant Drew Kirkpatrick who recently gave a talk at CackalackyCon where he demonstrated new features of his tool, JS-Tap. The tool allows red teams to monitor and attack web applications by rewriting code in the user's browser. Drew introduced a new feature called Mimic, which automates the process of generating custom JavaScript payloads for performing actions as the user in the application. The payloads can be integrated with a Command and Control (C2) system to execute tasks in the user's browser. Drew provided a demo of the tool using a vulnerable WordPress site. JS-Tap is a powerful tool for monitoring and attacking web applications. It allows users to log in and track client activity, including cookies, local storage, and session storage. JS-Tap can intercept form submissions and network communications, making it useful for both monitoring and attacking. It can generate custom payloads and exfiltrate data from the target application. The tool is versatile and can be used for red teaming, penetration testing, and post-exploitation. JS-TAP is available on GitHub and is open source. Watch the podcast and demo on YouTube here - https://youtu.be/cU915mxLfTo About this podcast Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!

Commentary by Dr. Valentin Fuster

ACC.24: TACTiC Trial

In this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces OWASP and its significant contributions to software security, then progresses to explain each of the OWASP Top 10 risks in detail, such as broken access control, injection flaws, and security misconfigurations. Through examples and recommendations, listeners are equipped with the knowledge to better protect their web applications and ultimately improve their cybersecurity posture. OWASP Cheat Sheets: https://cheatsheetseries.owasp.org/ OWASP Top 10: https://owasp.org/www-project-top-ten/ Transcripts: https://docs.google.com/document/d/17Tzyd6i6qRqNfMJ8OOEOOGpGGW0S8w32 Chapters 00:00 Introduction 01:11 Introducing OWASP: A Pillar in Cybersecurity 02:28 The Evolution of Web Vulnerabilities 05:01 Exploring Web Application Security Risks 07:46 Diving Deep into OWASP Top 10 Risks 09:28 1) Broken Access Control 14:09 2) Cryptographic Failures 18:40 3) Injection Attacks 23:57 4) Insecure Design 25:15 5) Security Misconfiguration 29:27 6) Vulnerable and Outdated Software Components 32:31 7) Identification and Authentication Failures 36:49 8) Software and Data Integrity Failures 38:46 9) Security Logging and Monitoring Practices 40:32 10) Server Side Request Forgery (SSRF) 42:15 Recap and Conclusion: Mastering Web Application Security

Did the Devin AI just replace us and become the first fully autonomous AI software engineer? Dr Chuck tells us if this is fact or hype. // C for Everybody Course // Free C Programming Course https://www.cc4e.com/ Free course on YouTube (freeCodeCamp): • Learn C Programming with Dr. Chuck (f... C Programming for Everybody on Coursera: https://www.coursera.org/specializati... // C book Audio by Dr Chuck // https://www.cc4e.com/podcast // Python for Everybody // Python for Everybody: https://www.py4e.com/ Python for Everybody on Coursera: https://www.coursera.org/specializati... YouTube: • Python for Everybody - Full Universit... Free Python Book: http://do1.dr-chuck.com/pythonlearn/E... Dr Chuck's Website: https://www.dr-chuck.com/ Free Python Book options: https://www.py4e.com/book // Django for Everybody // Django for Everybody: https://www.dj4e.com/ Django for Everybody for on Coursera: https://www.coursera.org/specializati... YouTube: • Django For Everybody - Full Python Un... // PostgreSQL for Everybody // PostgreSQL for Everybody: https://www.pg4e.com/ PostgreSQL for Everybody on Coursera: https://www.coursera.org/specializati... YouTube: • Welcome to PostgreSQL for Everybody -... // Web Applications for Everybody // YouTube: • Web Applications for Everybody Course... Web Applications for Everybody: https://www.wa4e.com/ Web Applications for Everybody on Coursera: https://www.coursera.org/specializati... YouTube: • Welcome to Web Applications for Every... // Books // The C Programming Language by Brian Kernighan and Dennis Ritchie (the 1984 Second Ed and 1978 First Ed): https://amzn.to/3G0HSkU // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: / discord Twitter: / davidbombal Instagram: / davidbombal LinkedIn: / davidbombal Facebook: / davidbombal.co TikTok: / davidbombal YouTube: / davidbombal // Dr Chuck Social // Website: https://www.dr-chuck.com/ Twitter: / drchuck YouTube: / csev Coursera: https://www.coursera.org/instructor/d... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal ai devin devin ai nvidia the first AI agent software engineer AI Agent Software Engineer gpu nvidia chatgpt artificial intelligence bard ai jobs lamda c dr chuck dr chuck master programmer python neural network machine learning deep learning sentient google ai artificial intelligence google ai sentient google ai lamda google ai sentient conversation google ai alive ai jobs Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #ai #devin #nvidia

Alex's new Epyc server build, and Jon Seager from Canonical joins us to chat about Nix in the homelab, packaging Scrutiny, and how Nix fits with existing infrastructure management tools. Special Guest: Jon Seager .

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.The conversation begins with a key question: What is client-side protection?Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,' where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva's Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva's Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.Top Questions AddressedWhat is client-side protection?How can an organization protect itself against client-side attacks?What is the role of Imperva's Client Side Protection product in combating client-side security threats? Note: This story contains promotional content. Learn more.Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lynnmarks1/Blog | https://thenewstack.io/author/lynn-marks/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttqCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Founded in 2010 with the mission of providing technical contracting services to the United States government and private sector, Sourceree continues to support programs across multiple offices in the Department of Defense, Department of Homeland Security, intelligence community, and commercial enterprises around the world. Founder Adam Murphy steps up to the One Mic Stand to talk about his Johnstown-based business' values of embracing innovation and challenging the status quo. Sourceree builds custom software that impacts the world in meaningful ways. Software includes: Enterprise Applications, Web Applications, Mobile (Responsive Web, Native iOS & Android), Big Data and Artificial Intelligence. Learn more at https://www.sourceree.com/

Jeff Fritz is an experienced developer, technical educator, and PM on the .NET team at Microsoft. He founded The Live Coders team on Twitch, and regularly livestreams builds of websites and fun applications. You can follow Jeff for more .NET, .NET Core, and Visual Studio content on Twitch and Twitter at @csharpfritz.   Topics of Discussion: [2:00] Jeff talks about how he shifted from programming to teaching. [4:08] Teaching and mentoring led Jeff to an opportunity to join Microsoft as a developer advocate. [7:33] Jeff is the Executive Producer for .NET Conf. [8:10] What are some of the great events happening at .NET Conf? [10:00] When did Jeff build the .NET Conf 2023 team? [11:35] The planning and execution of .NET Conf. [15:31] Virtual vs. in-person conferences and interactivity. [22:16] The biggest .NET conference announcements and new features that attendees shouldn't miss. [23:20] .NET Aspire. [24:33] Intro to Web Applications for .NET for experts. [29:40] Jeff loves that “aha moment” that can come with thinking outside the box. [30:24] What should people do next?   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Programming with Palermo — New Video Podcast! Email us at programming@palermo.net. Clear Measure, Inc. (Sponsor) .NET DevOps for Azure: A Developer's Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon! Jeffrey Palermo's Twitter — Follow to stay informed about future events! Github.com/dotnet-presentations/dotNETConf/tree/main/2023 .NET Conf   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

In this repeat episode picked by host Noel Minchow, Kent C. Dodds talks about his project, the Epic Stack, a stack curated by Kent aimed at giving devs the tools they need without overwhelming them with too many options. Links https://twitter.com/jonmeyers_io https://kentcdodds.com https://www.linkedin.com/in/kentcdodds https://github.com/kentcdodds https://twitter.com/kentcdodds http://EpicWeb.dev http://EpicReact.dev http://TestingJavaScript.com We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Kent C. Dodds.

Bonus Episode - November 17, 2023 Dive into the world of cybersecurity with Sam Paredes on our latest podcast episode. As the Founder and Security Researcher at BugNode, Samuel shares his personal odyssey within the tech industry, from a burgeoning passion to the helm of a trailblazing security enterprise. BugNode isn't just another web application testing service. Under Samuel's leadership, the company champions a meticulous, hands-on approach to safeguarding applications. By tackling security challenges with human ingenuity, BugNode's expert team crafts a tailored defense strategy for each client, ensuring robust protection that empowers businesses to thrive without the overhead of digital threats. Throughout the episode, Samuel provides an insider's look at the hurdles faced by security professionals and how BugNode strategically overcomes them. Tune in to gain valuable insights into the intersection of personal growth and professional excellence in the fast-evolving landscape of application security. *Learn more about BugNode - https://www.bugnode.io/ *Connect with Sam - https://www.linkedin.com/in/sam-par/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

There's no one way to architect any application. With that said, some ways tend to work a tad better than others. In addition, the architecture of any application is bound to continually change as user base grows, as requirements change, as SLAs become tighter, as organizational structures change, and more. So, while it is important to get the architecture right to begin with, what's even more important is to ensure that it is resilient to change, is extensible, is flexible and long story short, stands the test of time. In this course, we'll look at one such architecture. Purchase course in one of 2 ways: 1. Go to https://getsnowpal.com, and purchase it on the Web 2. On your phone:     (i) If you are an iPhone user, go to http://ios.snowpal.com, and watch the course on the go.     (ii). If you are an Android user, go to http://android.snowpal.com.

Kanban is an immensely popular way to schedule your activities. We'll take a look at implementing one. Our Web Application supports multiple rendering modes, one of which is a Kanban mode. There's a number of things you can do when you are in Kanban mode, and all of it is functionality we wired (read: handcoded) into a Kanban component that we integrated. Essentially, we started off with integrating a Kanban component (and yes, we never try to reinvent the wheel!), and added all the necessary functionality we needed into it. In this course, we'll show you some of those. Purchase course in one of 2 ways: 1. Go to https://getsnowpal.com, and purchase it on the Web 2. On your phone:     (i) If you are an iPhone user, go to http://ios.snowpal.com, and watch the course on the go.     (ii). If you are an Android user, go to http://android.snowpal.com.

We implement new features (and enhancements) on a daily basis at Snowpal, and while how we approach each of those features from a UI/UX standpoint really depends, and is driven primarily by the feature and its complexities, there are many aspects of our approach that are generic to almost all features and enhancements. In this course, we'll take a look at a simple feature to help understand what the process looks like. We'll start with Requirements, discuss User Experience (UX), immediately followed by User Interface (UI). Note that we'll be focusing on a Web Application but a lot of what we learn would be just as applicable to Mobile Apps as well. Purchase course in one of 2 ways: 1. Go to https://getsnowpal.com, and purchase it on the Web 2. On your phone:     (i) If you are an iPhone user, go to http://ios.snowpal.com, and watch the course on the go.     (ii). If you are an Android user, go to http://android.snowpal.com.

In this episode, Spencer and Darrius go "behind the hack" and discuss what life is like behind the keyboard of a web application penetration tester. They discuss various parts of a web app penetration test such as planning and preparation, execution, and post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Kyle “Getify” Simpson, human-centric technologist, comes on to talk about the argument for the future of the local-first web. Links https://www.linkedin.com/in/getify https://me.getify.com https://github.com/getify https://www.youtube.com/watch?v=ADwNXpak4tM&ab Tell us what you think of PodRocket We want to hear from you! We want to know what you love and hate about the podcast. What do you want to hear more about? Who do you want to see on the show? Our producers want to know, and if you talk with us, we'll send you a $25 gift card! If you're interested, schedule a call with us (https://podrocket.logrocket.com/contact-us) or you can email producer Kate Trahan at kate@logrocket.com (mailto:kate@logrocket.com) Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. (https://logrocket.com/signup/?pdr)

Igalia's Brian Kardell and Eric Meyer look back on things developing in WHATWG specs in 2004 and chat about what we've gotten and what remains outstanding.

Karl Fosaaen, the author of Penetration Testing "Azure for Ethical Hacker" and the VP of Research at NetSPI, came as a guest to share why the penetration Test of a Web Application hosted on Azure Cloud in 2023 is quite different to just a simple/traditional web app pentesting and the skills you need to pentest Azure environments. Cloud Penetration testing is misunderstood to be just config review in Microsoft Azure Cloud just like in AWS and Google Cloud. In this video, we have Karl Fosaaen was kind enough to answer the following questions and methods. Episode YouTube: ⁠ ⁠⁠⁠Video Link⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Guest Socials: Karl's Linkedin (⁠⁠⁠⁠Karl Fosaaen) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Question (00:00) Introduction (02:32) A bit about Karl Fosaaen (03:26) How is pentesting in Azure different from AWS? (04:35) Cloud pentesting is not just config review (05:42) Cloud pentesting vs Network pentesting (06:25) Cloud Pentest - Next evolution of Network Pentest? (07:14) Boundaries of cloud pentesting (09:07) Do you need prior approval for Azure Pentest? (09:32) Working with Microsoft Security Research Centre (10:35) Process of pentesting in Azure (11:57) Low hanging fruits to start off with! (13:37) How to persist and escalate? (14:58) Managed Identities in Azure (16:23) Impact of peripheral services to Azure (18:33) Scale of deployments in Azure (21:02) Getting access to permissions for Azure Entra (22:36) Scaling your pentest tools (23:34) TTPs or Matrix you can use (25:30) Getting into Azure Pentesting (26:56) Transitioning from network to azure pentesting (28:37) Connect with Karl Resources: The NetSPI Blog to learn more about offensive cloud security Mitre - Cloud Attack Matrix ATRM Karl's Book - Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments See you at the next episode!

Penetration Test of a Web Application hosted on Google Cloud in 2023 is quite different to just a simple/traditional web app pentesting.Cloud Penetration testing is misunderstood to be just config review in Google Cloud. In this video, we have Kat Traxler who is a cloud security researcher, SANS Course author and has worked in the Google Cloud space to even build open source tools that can be used to perform cloud security testing. Episode YouTube: ⁠ ⁠⁠⁠Video Link⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Guest Socials: Kat Traxler (⁠⁠ Kat Traxler's Linkedin ⁠⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Question (00:00) Introduction (04:17) A bit about Kat Traxler (05:56) Pentesting in GCP vs AWS (08:07) Config review vs cloud pentesting (09:24) Cloud pentest vs Traditional Pentest (10:28) Starting to do GCP pentesting (12:35) Common services used in GCP (14:10) Low hanging fruits in GCP (15:25) What are default service accounts? (17:52) You may already have google cloud (20:00) How to persist access in Google Cloud? (21:56) Shared responsibility in GCP (24:01) Common TTPs in GCP (28:05) Is there SSRF in GCP? (30:19) Open source tools for cloud pentest (33:59) Fun questions Resources that Kat shared during the episode The Google Cloud Adoption Framework Google Cloud Org Policy Bot GCAT Threat Horizons Report Pacu Microburst DeRF Stratus See you at the next episode!

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices   As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!     With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!   Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.  This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!   The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them!   Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them!     Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution.     This segment is sponsored by Critical Start.  Visit https://securityweekly.com/criticalstartbh to learn more about them!     Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly   Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw-328

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.   The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! This segment is sponsored by Critical Start.  Visit https://securityweekly.com/criticalstartbh to learn more about them! This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw-328

The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them!   Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them!   Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartbh to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328 

Embark on a cybersecurity journey with Sam Pickles, the dynamic founder of RedShield, a pioneering web application firewall (WAF) company. Dive deep into the captivating evolution of WAFs, how they're navigating the ever-changing threat landscape, and the innovative solutions to operationalize security for enterprises inundated with hundreds or even thousands of websites to safeguard. This insightful conversation exposes the challenges around WAF deployment, the pitfalls of certain competitive models, and the industry's escalating skills shortage. Get a raw and unfiltered look at the real-world struggles of fixing legacy code, and discover how Sam and his team at RedShield are pushing the boundaries to build a safer digital world.

Kent C. Dodds is back again with his newest project, the Epic Stack, a stack curated by Kent aimed at giving devs the tools they need without overwhelming them with too many options. Links https://kentcdodds.com https://www.linkedin.com/in/kentcdodds https://github.com/kentcdodds https://twitter.com/kentcdodds http://EpicWeb.dev http://EpicReact.dev http://TestingJavaScript.com Tell us what you think of PodRocket We want to hear from you! We want to know what you love and hate about the podcast. What do you want to hear more about? Who do you want to see on the show? Our producers want to know, and if you talk with us, we'll send you a $25 gift card! If you're interested, schedule a call with us (https://podrocket.logrocket.com/contact-us) or you can email producer Kate Trahan at kate@logrocket.com (mailto:kate@logrocket.com) Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Kent C. Dodds.

Phoenix core team members Chris McCord and Jason Stiebs join Elixir Wizards Sundi Myint and Owen Bickford the growth of Phoenix and LiveView, the latest updates, and what they're excited to see in the future. They express excitement for the possibilities of machine learning, AI, and distributed systems and how these emerging technologies will enhance the user experience of Elixir and LiveView applications in the next decade. Key Topics Discussed in this Episode: How community contributions and feedback help improve Phoenix LiveView The addition of function components, declarative assigns, HEEx, and streams Why Ecto changesets should be used as "fire and forget" data structures Excitement about machine learning and AI with libraries like NX The possibility of distributed systems and actors in the future Verifying and solving issues in the Phoenix and LiveView issue trackers Why marketing plays a part in the adoption and mindshare of Phoenix How streams provide a primitive for arbitrarily large dynamic lists Elixir VM's ability to scale to millions of connections A creative use of form inputs for associations with dynamic children Links Mentioned in this Episode: Fly Site https://fly.io/ Keynote: The Road To LiveView 1.0 by Chris McCord | ElixirConf EU 2023 (https://youtu.be/FADQAnq0RpA) Keynote: I Was Wrong About LiveView by Jason Stiebs | ElixirConf 2022 (https://youtu.be/INgpJ3eIKZY) Phoenix Site https://www.phoenixframework.org/ Phoenix Github https://github.com/phoenixframework Two-Story, 10-Room Purple Martin House (https://suncatcherstudio.com/uploads/birds/birdhouses/purple-martin-house-plans/images-large/purple-martin-birdhouse-plans-labeled.png) Blog: The Road to 2 Million Websocket Connections in Phoenix (https://phoenixframework.org/blog/the-road-to-2-million-websocket-connections) Raxx Elixir Webserver Interface https://hexdocs.pm/raxx/0.4.1/readme.html Livebook Site https://livebook.dev/ Sundi's 6'x 6' Phoenix painting (https://twitter.com/sundikhin/status/1663930854928728064) Surface on Hex https://hex.pm/packages/surface Axon Deep Learning Framework https://hexdocs.pm/axon/Axon.html Nx Numerical Elixir https://hexdocs.pm/nx/intro-to-nx.html Phoenix PubSub https://hexdocs.pm/phoenix_pubsub/Phoenix.PubSub.html Jason Stiebs on Twitter https://twitter.com/peregrine Jason Stiebs on Mastodon https://merveilles.town/@peregrine Special Guests: Chris McCord and Jason Stiebs.

Liam Mayron from Fastly comes on the show to talk about his unique path into information security, the security implications of generative AI, advances in technologies to protect web applications, detecting bots, and enabling better MSP services! This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw786 

Django has some built in ways to test your application. There's also pytest-django and other plugins that help with testing. Carlton Gibson and Will Vincent from the Django Chat Podcast join the show to discuss how to get started testing your Django application. 00:00 Introduction 00:20 Thanks porkbun for sponsoring 01:41 Welcome and podcasting discussion 17:21 Django starter projects 21:35 Testing Django Should be chapters there also, if your podcast player supports them. Special Guests: Carlton Gibson and Will Vincent.

To continue our adventure in talking about security concepts on the net, we have decided it's time to talk through the top Web Application vulnerabilities. On top of that we decided to make it a mini-series! In this episode we cover the number one OWASP vulnerability - Broken Access Controls. Follow along as we explore all the fun of web application penetration testing. Links:  The Official BLS Discord  The Official BLS Website  The Official BLS Github  The Official APotN Twitter The OWASP Top 10 OWASP: Broken Access Control Burp Suite Wsdler Plugin

In today's episode, Sophie DeBenedetto emphasizes the importance of the Elixir community's commitment to education, documentation, and tools like liveBook, fostering an environment where people with varying skill levels can learn and contribute. The discussion highlights LiveView's capabilities and the role it plays in the future of Elixir, encouraging members to share knowledge and excitement for these tools through various channels. Sophie invites listeners to attend and submit their talks for the upcoming Empex conference, which aims to showcase the best in Elixir and LiveView technologies. Additionally, the group shares light-hearted moments, reminding everyone to contribute to all types of documentation and promoting an inclusive atmosphere. Key topics discussed in this episode: • Updates on the latest release of the Programming Phoenix LiveView book • The importance of community connection in Elixir conferences • The future of documentation in the Elixir ecosystem • The Elixir community's commitment to education and documentation • LiveBook as a valuable tool for learning and experimenting • Encouraging contributions across experience levels and skill sets • Importance of sharing knowledge through liveBooks, blog posts, and conference talks • Core Components in Phoenix LiveView, and modal implementation • Creating a custom component library for internal use • Reflecting on a Phoenix LiveView Project Experience • Ease of using Tailwind CSS and its benefits in web development • Advantages of LiveView in reducing complexity and speeding up project development • LiveView's potential to handle large datasets using Streams • The role of Elixir developers in the rapidly evolving AI landscape Links in this episode: Sophie DeBenedetto – https://www.linkedin.com/in/sophiedebenedetto Programming Phoenix LiveView Book – https://pragprog.com/titles/liveview/programming-phoenix-liveview Empex NYC - https://www.empex.co/new-york SmartLogic - https://smartlogic.io/jobs Phoenix LiveView documentation: https://hexdocs.pm/phoenixliveview/Phoenix.LiveView.html Live sessions and hooks: https://hexdocs.pm/phoenixliveview/Phoenix.LiveView.Router.html#livesession/1 LiveView: https://hexdocs.pm/phoenixlive_view/Phoenix.LiveView.html Tailwind CSS: https://tailwindcss.com/ Reuse Markup With Function Components and Slots (https://fly.io/phoenix-files/function-components/) LiveView Card Components With Bootstrap (https://fly.io/phoenix-files/liveview-bootstrap-card/) Building a Chat App With LiveView Streams (https://fly.io/phoenix-files/building-a-chat-app-with-liveview-streams/) Special Guest: Sophie DeBenedetto.

In this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

This episode reports on code in an online payment gateway modified to skim credit cards, a security problem with Windows' Snipping tool and more

Web Applications, like most everything in cyberspace can be prone to vulnerabilities. If (or when) those vulnerabilities within the applications get exposed that you use on a daily basis to a hacker or cybercriminal, it could be very bad news and dangerous to you and your organization. This week, the guys talk about how they handle Web Application Penetration Testing and go through a deep dive on how you can prepare for your Penetration Test, should the time come!Pick up your copy of Cyber Rants on Amazon.Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com. Be sure to rate the podcast, leave us a review, and subscribe!

A layer seven firewall designed to block threats at the application layer of the open system interconnection model, the OSI model.  CyberWire Glossary link: https://thecyberwire.com/glossary/web-application-firewall Audio reference link: “VCF East 9.1 - Ches' Computer Security Adventures - Bill Cheswick.” YouTube, 29 Dec. 2015, https://youtu.be/trR1cuBtcPs.