Brian Vallelunga
๐ค PersonAppearances Over Time
Podcast Appearances
because it's so easy these days for like one dependency that nobody's cared about for 10 years to just get bought for like a couple hundred bucks and then someone pushes an update for it um and all the other dependencies haven't frozen on that older version and so now all these dependencies get that update which means you get the update and that update has malicious code in it and that's like a very common like paradigm for attack these days
because it's so easy these days for like one dependency that nobody's cared about for 10 years to just get bought for like a couple hundred bucks and then someone pushes an update for it um and all the other dependencies haven't frozen on that older version and so now all these dependencies get that update which means you get the update and that update has malicious code in it and that's like a very common like paradigm for attack these days
Uh, so a freeze your, um, uh, your, uh, your dependencies, meaning like I'm fixed at this version and no amount of them pushing a new update will, will change that I'm on this version. And this version has been like, uh, guaranteed good. No, uh, no vulnerabilities in it.
Uh, so a freeze your, um, uh, your, uh, your dependencies, meaning like I'm fixed at this version and no amount of them pushing a new update will, will change that I'm on this version. And this version has been like, uh, guaranteed good. No, uh, no vulnerabilities in it.
And that at least can help prevent any issues where like a vulnerable code gets pushed up and you guys immediately get attacked from it. What you really want is you want all your dependencies frozen. And then when a new exploit happens, you go, oh, that was kind of cool. We are using that package, but our version doesn't have that problem. So we're good.
And that at least can help prevent any issues where like a vulnerable code gets pushed up and you guys immediately get attacked from it. What you really want is you want all your dependencies frozen. And then when a new exploit happens, you go, oh, that was kind of cool. We are using that package, but our version doesn't have that problem. So we're good.
And then you just wait for the fix to come out and then you can do another refresher, another update.
And then you just wait for the fix to come out and then you can do another refresher, another update.
Yeah. So, uh, At the end of the day, Doppler makes your life better in a couple of ways. One, it's going to add two hours of productivity per developer per week. So in a way, it kind of pays for itself. On top of that, it's going to make you far more secure from an organization standpoint, managing your secrets. You can sign up today. by creating accounts for free.
Yeah. So, uh, At the end of the day, Doppler makes your life better in a couple of ways. One, it's going to add two hours of productivity per developer per week. So in a way, it kind of pays for itself. On top of that, it's going to make you far more secure from an organization standpoint, managing your secrets. You can sign up today. by creating accounts for free.
And then if you're a much, much larger org, you can talk to our solutions engineering team who can help figure out how this integrates into your complex infrastructure. We have a whole host of great companies that are using us. So you're not alone from Accenture, Crumble Cookies, Puma, Children's Cancer Institute, StockX. travel trip advisors. So there's a number of great companies.
And then if you're a much, much larger org, you can talk to our solutions engineering team who can help figure out how this integrates into your complex infrastructure. We have a whole host of great companies that are using us. So you're not alone from Accenture, Crumble Cookies, Puma, Children's Cancer Institute, StockX. travel trip advisors. So there's a number of great companies.
You won't be alone in this. And we manage about 30 billion secrets a month right now. So like at quite large scale. And I think the key thing here, if you decide not to use Doppler is at least manage your secrets. Like at the end day, I think we're all tired of data breaches happening because they keep impacting us and they impact your customers.
You won't be alone in this. And we manage about 30 billion secrets a month right now. So like at quite large scale. And I think the key thing here, if you decide not to use Doppler is at least manage your secrets. Like at the end day, I think we're all tired of data breaches happening because they keep impacting us and they impact your customers.
And so if you're not going to use Doppler, that's totally fine by me. You can even use a competitor, just use a secrets manager, protect those secrets.
And so if you're not going to use Doppler, that's totally fine by me. You can even use a competitor, just use a secrets manager, protect those secrets.
I think I'm a huge Star Wars fan, so I'll just shout out Star Wars Clone Wars. I feel like not a lot of people know about it, but it's between Episode 2 and 3, and it's so freaking good. I'm a guy that usually doesn't like animated stuff, and it's just blown me away. So if you're a big Star Wars fan, there's a lot of seasons, and it's insanely good, and it's basically like Dave Filoni at his best.
I think I'm a huge Star Wars fan, so I'll just shout out Star Wars Clone Wars. I feel like not a lot of people know about it, but it's between Episode 2 and 3, and it's so freaking good. I'm a guy that usually doesn't like animated stuff, and it's just blown me away. So if you're a big Star Wars fan, there's a lot of seasons, and it's insanely good, and it's basically like Dave Filoni at his best.
Outside of that, really big fan of the Perplexity app. It's basically replaced any Google searches I do now. For anyone who doesn't know what Perplexity is, it's Google search plus ChatGPT. So ask it a question, and it just gives you the knowledge back. It doesn't just give you a bunch of links. And just like a Google search, it's updated in real time.
Outside of that, really big fan of the Perplexity app. It's basically replaced any Google searches I do now. For anyone who doesn't know what Perplexity is, it's Google search plus ChatGPT. So ask it a question, and it just gives you the knowledge back. It doesn't just give you a bunch of links. And just like a Google search, it's updated in real time.