How Salesforce Leverages Heroku
Code[ish]
Robbie Birbeck, VP of Digital Enterprise Technology at Salesforce, joins Julián Duque to talk about how Salesforce leverages Heroku. Filmed at the Palace Hotel in downtown San Francisco, the big star of this episode is Agentforce, which helps Salesforce employees with IT and HR questions, among others.
info_outline
Building Agentic Apps with RubyLLM
Code[ish]
Vestmark manages more than 1.7 trillion in assets, and its CTO, Freedom Dumlao, joins Julián Duque to discuss how AI is helping its advisors in their day-to-day work. Filmed at the Palace Hotel in downtown San Francisco, the pair discuss the role of AI in development and why all its new products are being built using Ruby.
info_outline
Engineering Excellence and AI Productivity
Code[ish]
In our second video special from the Palace Hotel, Julián Duque is joined by Shiva Nimmagadda, Vice President of Excellence, True AI and Analytics at Salesforce. Together, the pair discuss the various ways his team is using AI to improve developer efficiency, productivity, and output.
info_outline
AI Workflows for Support Ticket Integration
Code[ish]
Filmed at the Palace Hotel in downtown San Francisco, this week’s episode of Code[ish] is the first in a short series of video specials! To kick things off, Julián Duque is joined by Keegan Bakker, CEO of audience engagement platform Audata, to explore how Heroku helped the app grow from a hobby idea to a powerful tool for major organizations across the globe.
info_outline
AI Agents and Open Source
Code[ish]
This week on Code[ish], host Julián Duque connects with Rizel Scarlett from Block, Inc., to discuss how agentic AI is changing the FinTech landscape. Block, Inc. is the parent company behind popular services like Square, Cash App, and many more.
info_outline
Getting to the Heart of Twelve-Factor Apps
Code[ish]
On this week’s episode of Code[ish], Vish Abrams joins Jon Dodson to talk about the role of AI, the ways Twelve-Factor aids developers, and how science fiction shaped a little of their own history.
info_outline
Introducing Heroku Vibes
Code[ish]
This week’s episode is an exciting one because we’re talking about our brand-new release, Heroku Vibes! Mauricio Gomes joins Jon Dodson to go over what Heroku Vibes is, what it’s capable of, and how it could be a game-changer for developers and non-developers alike. Join the pilot by visiting
info_outline
Talking Traces and OpenTelemetry
Code[ish]
Jon Dodson has an 11-year Heroku veteran with him on the podcast this week, Principal Member of Technical Staff Alex Arnell. Together they talk through the native integration of OpenTelemetry in Heroku Fir, the benefits of traces over traditional logs, how they assist debugging, and what’s next for observability in modern development.
info_outline
Heroku in the Wild: Vanshiv on Using the Right Tools
Code[ish]
You won’t find too many developers with more experience in the Salesforce ecosystem than our guest this week! Not only is Gaurav Kheterpal a Salesforce MVP and Trailblazer, he also still uses his original Salesforce org from 2007. He joined Julián Duque to discuss how Vanshiv Technologies delivers client work with Heroku, the importance of embracing AI, and why it’s vital for developers to keep an open mind in choosing the right tool for the job.
info_outline
What’s Possible with Heroku AppLink
Code[ish]
This week we’re taking a deeply technical dive into our newest feature: Heroku AppLink! Jon Dodson is joined by Chris Wall, Salesforce Architect and creator of AppLink, to explore what AppLink offers developers and how it brings Heroku and Salesforce closer together.
info_outlineThis episode features a conversation between Robert Blumen, DevOps engineer at Salesforce, and Matthew Myers, principal public key interface (PKI) engineer at Salesforce. Matthew shares his experience running a certification authority (CA) within the Salesforce enterprise. He shares the rationale for the decision to take CA in-house, explaining that becoming a certificate authority means you can become the master of your universe by establishing internal trust. A private or in-house CA can act in ways not dissimilar to a PKU but can issue its own certificates, trusted only by internal users and systems.
Using a public certificate authority can be expensive at scale, particularly for enterprises with millions (or even billions) of certificates. However, an enterprise CA can be an important cost-saving measure. It adds a granular level of control in certificate issuing, such as naming conventions and the overall lifecycle. You can effectively have as many CAs as you can afford to maintain as well as the ability to separate them by use case and environment.
Further, having the ability to control access to data and to verify the identities of people, systems, and devices in-house removes the cybersecurity challenges such as the recent SolarWinds supply chain attack. Matthew notes that Information within a PKI is potentially insecure “as the information gets disclosed to the internet and printed on the actual certificates which leave them vulnerable to experienced hackers.” Matthews shares the importance of onboarding and people management and the need to ensure staff doesn’t buy SSL certificates externally.
Myerss offers some thoughts for businesses considering the DIY route discussing the advantages and limitations of open source resources such as OpenSSL and Let's Encrypt. Identity mapping and tracking are particularly important as you’re giving certificates to people, systems, and services that will eventually expire. Matthew shares the benefits of a central identity store, its core features, and how it works in tandem with PKI infrastructure. There’s also the need to know how many certificates you have in the wild at any given time.
As a manager, the revocation infrastructure for PKI implementation means that you're inserting yourself in the middle of every single deal, because if you’re doing it correctly everything needs to validate that the certificates are genuine. When you have a real possibility of slowing down others’ connections, you want to ensure that your supporting infrastructure is positioned in such a way that you are providing those responses as quickly as possible. Network latency becomes a very real thing.
Auditability and the ability to trust a certificate authority are paramount. The service that creates and maintains a PKI should provide records of its development and usage so that an auditor or third party can evaluate it.
Links from this episode
Salesforce
Wikipedia page on Public Key Infrastructure
Wikipedia page on Certificate Authorities
OpenSSL
Let’s Encrypt