Quality-Check of External Dependencies with Feross Aboukhadijeh

There are three groups of people around every legacy system - those who are stuck with it, those who don't want to be with it, and those who love it and see its value. How do we reconcile these three opinions and rewrite legacy code without completely replacing it? Today we talk with Dave Thomas. Dave is an all-around player in the software industry with vast experience as an executive, investor, board member, consultant, architect, and engineer. He is Chairman of Bedarra Corp, which provides consulting on technology and business strategy for emerging technology, products, and services. He tells us what the drivers of legacy innovations are, why he thinks refactoring is a "little lie" of the modern software industry, and how to approach modifications in less-than-ideal situations.  When you finish listening to the episode, connect with Dave on LinkedIn and visit his website at www.davethomas.net.  Mentioned in this episode: Dave Thomas on LinkedIn at https://www.linkedin.com/in/davidathomas/  Dave’s website at https://www.davethomas.net/index.html  Badera Corporation at https://www.bedarra.com/   

One of the reasons why it is difficult to work with legacy code is the lack of preserving the contextual reasons for past coding choices.  Today we talk with Chelsea Troy, a Machine Learning Team Lead at Mozilla and a computer science lecturer at the University of Chicago. She tells us about the value of code review in the software-building process and why code review should not be treated solely as a mechanism for approval.  When you finish listening to the episode, visit Chelsea's website at https://chelseatroy.com. Mentioned in this episode: Chelsea’s website at https://chelseatroy.com 

Mending code while it is running is risky. One wrong move and a small change can bring the entire system to a halt.  Today we talk with Edward Hieatt, Chief Customer Officer at Mechanical Orchard, a GenAI native company that modernizes critical legacy applications without disrupting what they are doing. He tells us how to use AI to identify system dependencies, why it is important to first understand data flow before diving into code, and how to maintain functionality during the modernization process.  When you finish listening to the episode, connect with Edward on LinkedIn.   Mentioned in this episode: Edward on LinkedIn at https://www.linkedin.com/in/edwardhieatt/  Mechanical Orchard at https://www.mechanical-orchard.com/

AI proves to be great at writing new code, but what are its capabilities when it comes to mending the old one? Today we talk with Ray Myers, a legacy code expert and sceptical enthusiast for AI. With 16 years of software engineering experience, he focuses on collective lessons learned to improve our existing systems and organizations. He tells us where is the place of AI in legacy code mending, whether AI can provide help when editing existing code, how to train AI with up-to-date coding skills, how to utilize AI when writing tests, and much more.  When you finish listening to the episode, make sure to connect with Ray on LinkedIn, visit his website at https://mender.ai, his YouTube channel Craft vs. Cruft, and take a listen to Empathy in Tech - a new podcast cohosted by Ray and Legacy Code Rocks former cohost, Andrea Goulet! Mentioned in this episode: Ray on LinkedIn at https://www.linkedin.com/in/cadrlife/  Craft vs. Cruft at https://www.youtube.com/@craftvscruft8060  Mender website at https://mender.ai  Nopilot.dev at https://nopilot.dev  Empathy in Tech at https://empathyintech.com  Untangler at https://github.com/craftvscruft/untangler   

Many of the largest companies rely on third-party code to run critical parts of their software. However, there's often little focus on ensuring the quality of these external dependencies. Today we speak with Feross Aboukhadijeh, CEO and founder of Socket, a developer-first security platform. Socket helps developers and security teams release software faster and reduce time spent on security busywork. Feross is also a lecturer at Stanford, where he teaches CS233 Web Security. We discuss why the quality of third-party dependencies matters, when to start addressing this issue, how to handle unmaintained dependencies, and what tools are available for managing third-party dependencies. After listening to the episode, be sure to visit the Socket website, connect with Feross on Twitter, and check out his personal website. Mentioned in this episode: Socket at https://socket.dev/  Feross on X at https://x.com/feross  Feross website at: https://feross.org/ 

How do the love for vintage computers and test automation come together? Can one inspire another and how? Today we talk with Sophia Mckeever, a software development engineer at Pokemon Company International, a test automation framework architect, and a computer historian. She tells us what led her to collect vintage computers, how they evolved into machines we work on today, and what is the connecting thread between computer history and test automation.  When you finish listening to the episode, connect with Sophia on LinkedIn. Mentioned in this episode: Sophia on LinkedIn at https://www.linkedin.com/in/sophiamckeever/ 

In Kubernetes, security is a joint effort between security engineers and DevOps. A perfect tool to bring these two together is Kubescape, an open-source Kubernetes security project.  Today, we talk with Shauli Rozen, the CEO of ARMO, the company behind Kubescape. Shauli has more than fifteen years of experience in technology, B2B management, and business development. He tells us about the advantages of Kubescape, what it does, and when would you want to use it.  When you finish listening to the episode, connect with Shauli via LinkedIn, visit the ARMO website, and check out Kubescape.  Mentioned in this episode: Shauli on LinkedIn at https://www.linkedin.com/in/shaulirozen/ ARMO at https://www.armosec.io Kubescape at https://www.armosec.io/kubescape/

Reviewing logs for security threats and operational functions can be a cumbersome task. Attention is a finite resource, and it is easy to miss something when faced with megabytes of data.  Today, we talk with Joe Gross, the Director of Solutions Engineering at Graylog, a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data. Joe guides us through SIEM (Security Information and Event Management), revealing the secrets of how the pros find the needles in the haystack.  When you finish listening to the episode, connect with Joe on LinkedIn, check out the Graylog platform, and visit Graylog Open - an online community dedicated to increasing and sharing IT knowledge to solve real-world problems.  Mentioned in this episode: Joe on LinkedIn at https://www.linkedin.com/in/joe-gross-se/ Graylog at https://graylog.org Graylog Open at https://graylog.org/products/source-available/   

Cyber security is not a core activity of most software development companies. It is an outsourced activity that simply has to be done so that we can deploy our core services.  Today, we talk with Scott McCrady, CEO of SolCyber Managed Security Services and an accomplished international executive with broad experience in sales, business development, and the operations side of a cloud-based and information security-based business. He tells us about the trends in the cybersecurity market and what he expects the future of cybersecurity services to be.  When you finish listening to the episode, connect with Scott on LinkedIn and visit the SolCyber website to check out their services and connect with Scott's team.  Mentioned in this episode: Scott on LinkedIn at https://www.linkedin.com/in/scottmccrady/ SolCyber at https://solcyber.com

How to set up developers for success? For the longest time, companies left developers to their own devices to figure out the workflows and tools they will be using. As the teams grew, so did their problems due to the lack of established procedures and good practices.  Today, we talk with Ramiro Berrelleza, the CEO and co-founder of Okteto, the leading platform for developer experience automation. Ramiro is a true visionary, continuously searching for new ways to improve the software development process and build a more inclusive tech industry. When you finish listening to the episode, connect with Ramiro on X and visit Okteto's website where you can get a free trial of their product.  Mentioned in this episode: Ramiro on X at https://twitter.com/rberrelleza Okteto at https://www.okteto.com