Coding Blocks - Ktor, Logging Ideas, and Plugin Safety
Episode Date: April 14, 2024Picture, if you will, a nondescript office space, where time seems to stand still as programmers gather around a water cooler. Here, in the twilight of the workday, they exchange eerie tales of progra...mming glitches, security breaches, and asynchronous calls. Welcome to the Programming Zone, where reality blurs and (silent) keystrokes echo in the depths […]
Transcript
Discussion (0)
Previously on Coding Box.
Mom! Meatloaf!
Mom! Meatloaf!
You're listening to FSTEM 232.
You know what? He's probably not even lying, man.
That dude loves some meatloaf.
Meatloaf. Okay, hold on.
Now we're talking about the food, not necessarily the music.
Oh, you didn't like the music?
Well, I'm trying to clarify.
There's nothing wrong with the artist, but specifically the food.
Yeah, like meatloafs are amazing.
Yeah, I agree.
Like what's wrong with, like you have this like, you know, tray of meat that's just amazing.
Why would you suggest that it's not that great?
You made it a big deal that I like meatloaf?
No, no, it's just funny because I really do think that he loves it enough
to be thinking about it to do a show of intros.
And JC, you're muted.
I don't know if you're trying to be.
I'm trying not to sneeze all this meatloaf
meatloaf talk is just wait you don't like meatloaf uh i mean it's okay oh man it's okay
you know what that's that's the interesting thing about this trio here i don't think the three of us have ever fully agreed on any one thing ever,
like never foods.
Um,
I don't know,
maybe even,
even commenting in code.
Like there's always like,
ah,
maybe.
There was one thing.
I'm trying to remember what it was.
I thought meatloaf was what brought us together though.
Like the love of meatloaf.
No, I live without it. Really? Is it brought us together, though. Like, the love of meatloaf. No, I can live without it.
Really?
Is it like you don't like any vegetables in it or something?
No, it's just not very good.
Okay, now there's a fight in words.
I'll be back.
The list of things I like is just not near the top.
He said, but I won't do that.
Yeah.
All right. I can't even go on with this show. So,. Yeah. All right.
Hey,
I can't even go on with this show.
Hold up.
Hold up.
Let's get this back on the rails.
So subscribe to us on iTunes.
It was ever on the rails and more.
Never was.
Never was.
Um,
we do have a website,
coding blocks.net.
Hmm.
Send your questions,
comments,
comments,
the code blocks.net.
We have an X at coding blocks and yeah,
that's good enough.
We got social links on top of our website.
Be honest, though.
When's the last time any of us logged into it?
You got to restart it every month or so.
Yeah, see, there you go.
I do it on occasion.
Every other month, something like that.
Right, yeah.
And we got to publish the shows, the wonderful show notes.
That's what I'm saying.
There's probably a better way to reach us, and that's not it.
Slack is the best way. Yeah yeah slack is probably the best way but if you add us on twitter i think
we do get notified of it but i don't think anybody ever does that so you know hey there are there are
a handful of people though that have been sharing some of our stuff up on linkedin so we greatly
appreciate that that's cool i got some notifications on that um i think on the spatial databases that particular episode so yeah appreciate it all right with that i'm alan underwood
there's there we go okay and i'm michael outlaw how about that there you go we got the names that
unite us so i was looking at x uh proper name. Did you hear about the thing where like, uh, I guess they,
they were a little too greedy with one of their changes where, um,
Musk wanted all the references to twitter.com to be replaced with X.com.
No, wait, how'd that go? Yeah. Yeah. Yeah. And there was like a,
there was like a Netflix Twitter or something like that or no.
How'd it go? Dang it. You don't, you know, clearly you don't know what I'm talking about
cause you're not saying it. So like a bad regex experience. It pretty much was. Yeah. Yeah. It
was like something that was supposed to be for Netflix got redirected. Oh, that's actually pretty
cool. Uh, yeah, I didn't hear about it because I don't pay any attention to 99.9 of social media stuff so
yeah i'll even use tiktok now yeah you know what's funny though like i i haven't had tiktok
in a long time after you know all the stuff went down with the spine and all that i was like all
right i'll get rid of it but i mean youtube kind of went that route with their youtube shorts and
all that so you almost get the same type they almost get the same type thing over there yeah
instagram too you can't tell them part even facebook now like they're all just kind of
act like tiktok yeah the facebook reels yeah yeah outlaw's still searching so no i found i found the
story and i'll include the link but it was an example of where this was reported by Brian Krebs, which is a security reporter.
I think we've talked about him in the past.
Krebs on security, yep.
But it was basically a bad regular expression kind of thing, because the idea was that Musk wanted all of the Twitter references to be gone.
He's already gotten rid of all the assets sold off to logos and all that kind of stuff right oh interesting and and he wanted like everything even like past references
to twitter to automatically be changed to x and in the example that they gave there was like a
a domain name like netfla twitter that would appear as netflix but clicking it would take you to the
other link the original okay yeah yeah so you're saying you can get you go by netflat twitter.com
you tweet about it it shows up as netflix.com people click netflix.com right they end up on
your website your site yeah okay so you're. Wow. Hijacking stuff. That's pretty cool.
That's hilarious.
What domain do we want to buy?
Yeah.
Coding blocks where it's like, you know, B-L-O-X.
Oh, right.
Yeah.
That doesn't help us much, does it?
Well, did you know that we already have that one though?
I did know.
Yes, I did.
So, hey, so that bit of news out of the way.
We do have a few reviews that came in after we were sadly saying that we had none.
So, Outlaw, with the proper nouns, here we go.
I've been practicing.
Yep, there you go.
Ivan Kuchin from iTunes. Thank you very much. From Spotify, we have Nick Brooker, Suzy Mon, JT, not to be confused with Jay-Z,
and from Audible, Scott Harden.
Look who's all grown up now.
Yeah.
That was very, very well done.
Hey, we got some repeats, though, so that helped make it a little bit easier.
Don't be giving away my secrets.
Thank you.
Yeah, Ivan's like on review number 83 or something like that. I don't know. He's doing a good job for us. make it a little bit easier to reason. Don't be giving away my secrets. Thank you.
Ivan's like on review number 83 or something like that.
I don't know.
He's doing a good job for us.
Yeah, very much appreciated.
Those are fun, so thank you.
All right, so the first thing I want to share on this particular episode is I came across this today because I was doing something in IntelliJ,
and I got this thing talking about KTOR, K-T-O-R.
I was like, what in the world is this?
And so I go looking at it, and it's, as far as I can tell, and this, you know Kotlin version of Node.js, meaning you can write a server-side app you can set up an API with endpoints and all that kind of stuff.
You can do the same thing with this.
You can set up a Ktor server and create HTTP endpoints and all that kind of stuff.
And then you can also do the same thing for client side applications.
And I have a couple of takes on this one.
I love Kotlin.
I really, I really do. Like if I,
if I were going to rank programming languages in terms of love and ecosystems, I'd say.net's
still my top. It's, it's still my first love and Kotlin's not far behind it. Like I really do like
it that much, but then I got to thinking about this and I was like why would i ever do this why would i ever use this ktor server
or in the in my i have one reason and i'm sure jay-z you might be able to argue with me outlaw
don't know but like while java gets on my nerves it'd be hard to walk away from spring boot
and all the stuff it provides you security filters all that kind of stuff um dependency
injection it just all of it like i would have a really hard time being like i'm just gonna do this
a ktor server yeah man spring i mean there's a lot to say about spring you know yeah like i don't
think anyone just purely loves it loves it it's definitely a love hate kind of thing it provides
so many levels of abstraction it's configurable it plugs into everything it's got depends the injection
like baked into the core yeah fantastic it's such a standard but man it could be really frustrating
to work in oh it's it's a magic box like when everything's working it truly is just magic
when it's not working oh man right. Right. Like a giddy up,
you're going to be sitting in that saddle for a while trying to figure out
what's going on.
But on the flip side,
like I just,
as much as I love just how easy it is to write Kotlin,
I don't,
I mean,
I never want to shoot anybody down for making an attempt at creating some
cool stuff,
but like, I just, I, want to shoot anybody down for making an attempt at creating some cool stuff, but I don't get the point of this so much.
Is it like a Blazor competitor?
I don't think it's quite that far.
It's not as integrated as what Blazor is.
Okay, so two things.
Favorite programming language?
YAML.
Ouch.
I'm sorry um but also is that i can't tell from like the documentation
is this thing just a small web server like a small tomcat or something or you know like
you know meant for java apps or but it keeps referring to itself as a framework
yeah so it's not just for java apps and that's what's that's why it reminds me
very much of express js for node um you can set up a middle tier or middleware for the server
using this thing right and it's fairly easy to spin up endpoints and stuff if you're looking at
the server documentation on that link that we'll share in the show notes holy now alan this is this has got you written all over it there you go to start
ktor.io you could add your auth plugin right there yeah it does look like a really nice user
experience if you imagine like starting over with a new framework without having any of the baggage
of like the last 30 years or whatever that spring has to carry along with it uh it's pretty nice
i mean it's cool it is cool i just i don't know man i don't know it's one of those things and i
think it's the part that drives me insane about the whole java world is like there's 25 million
ways to skin that same uh i guess that's probably not the nicest thing to say anymore but you know
to do the same thing like it's i don't know java doesn't really seem super container friendly the
way you have to to build it and caching and i don't know if it's anything necessarily specifically
specific about java but i was just thinking the other day like if i had to pick a a server app
or a server application programming you know like language type thing
like what i would go with if if i uh wanted to actually publish that thing and i don't know i
i don't know that would be java just java based because uh i don't want to deal with the overhead
and like spring taking 30 seconds to start up and etc etc so this is interesting i don't know
if you guys click through some of the links on here, but they've got.
So if you click on the Ktor client and you go to getting started with it, there's creating a cross platform mobile application.
They have an example on here for stuff that would show up on Android or iOS.
So I don't know maybe maybe this is something like those uh the the frameworks
that got super popular for a while for creating these cross-platform type things i'm not sure
maybe i need to dig into it a little bit more before i just completely shoot it down but when
i saw the server side thing i was like i just I just, I don't know, man. I mean, it looks pretty neat though from,
uh,
like that start.
K tour.io really does look pretty cool.
Like all the different options that you can do in the,
you know,
uh,
plugins that are,
I mean,
there's a bunch of plugins there.
Well,
that's,
I mean,
they're just like right out of the gate,
you know?
So yeah,
JetBrains does things so well,
right?
Like they really do a nice job on almost everything they put together.
But that's where I'm just like,
man,
what I,
what I really want to go this route versus going spring,
like spring,
you have,
I don't know,
thousands of developers,
um,
hitting that thing and potentially making it better all the time with
requests.
And,
but are they trying to solve the same problems though?
Cause I don't think they are right.
Yeah.
It's definitely a smaller subset here.
Like spring has got all the JPA,
like,
you know,
database,
I don't know,
like the data tier stuff.
I guess,
I guess one thing to call out about this,
that they,
that they actually say on their,
on their front page is this is asynchronous in nature right like so this whole thing is set up to be thinking about
you know things that it receives and then you know you get a response back later so it's it's more of
the uh it's not reactive i guess just an async programming type model right so i don't know i don't know i think the problem is spring does it
all and so when i think about it it's like man would i rather go spring or would i rather do
this sort of new newfangled stuff you want an interesting google search do ktor versus spring
there's a whole bunch of discussion and specifically like on reddit on dev 2 like
i mean it's so yeah i guess i was wrong that it is you know competing in a similar space as spring
but maybe on a smaller scale but then because of that smaller scale it makes it to jay-z's comment
you know maybe a little bit lighter weight and faster as a result yeah
they got some stuff for for docker and i was like oh this is probably like written you know in a
post or at least close to docker dockerized world let me see what they got and they do have tooling
built around it so that you don't directly like write uh the docker file that you kind of define
you know you define it and configure it via the plugins.
I'm sure you could write it, you know, your own too.
I'm not generally a fan of tools that kind of abstract you too far away from the other tools that you use.
Because I find that once you do need to break into that lower level, it can be kind of a pain.
But maybe it's just because I spend so much time with Docker.
Like I don't really, like I want to be able to see the raw Docker file and edit that. But you said something a minute ago that, Jay-Z,
that kind of sparked me when you were talking about
picking the server language that would be container-friendly
or something like that.
I forget exactly how you worded it, but you know what you said.
But I was thinking, I was like,
you know, if I were going to try to,
if I just randomly decided, hey, you know what? I'm going to try to if i were if i just randomly decided hey you know what i'm going
to pick up a new language then you know i think we've talked about like rust and go in the past
and i think rust has been like really high on the stack overflow surveys like i would probably want
to go with one of those if you know like i, you were coming at it from the point of view of it being container friendly.
And that wasn't something that would even,
you know,
hit my radar as like,
Oh yeah,
I guess I should probably think about that.
Yeah.
I guess it depends on what you're doing.
Like if I was,
I was assuming it was like a web app and if I'm doing a web app,
I just want it containerized.
Yeah.
Well,
you remember the rust thing though,
when we were
talking about that it had super high love very low adoption if i remember right i think that was the
one that was sort of sort of interesting everybody wanted to do it everybody loved it that did do it
but there was a very small portion of people that were actually working in it um whereas go i think
there's a ton of adoption but but yeah, I don't know.
This is interesting.
I mean, one of the summaries that popped up when I did a search also was, um, you know,
in summary, Ktor excels in performance and ease of learning, making an excellent choice
for lightweight, high performance apps.
On the other hand, spring suffer or offers suffers probably unparalleled flexibility
and mature ecosystem.
So it's exactly what, what my argument there was was
like i i love what jet brains does most of the time like they really do some cool stuff but it's
just like man if i was going to go create something would i do it on this relatively new
maybe not as battle-tested platform versus something like Spring. Maybe it was a side project. I don't know.
But we've always established that my side projects
get blocked fairly quickly. That's why I found it funny when they had
the OAuth as like, you know, oh, you want authentication? Sure. Oh, you want
OAuth authentication? Also sure. We got that. Yeah.
Their start thing is really good. That's another thing
that Spring also does well. I think
start.spring.io or something?
Start.spring.io?
There's no way we could ever find
that out. It is. Start.spring.io.
Same thing. They have a really
good setup for
generating
applications. I think
this is how I started most of mine when I
first did it. And they even have a link for Kotlin in there. So, and you can have it set it up in
Gradle or Maven or whatever. So anyways, so that should have been a tip of the week. You got one
for free. All right. So another thing just in this triggered me because you said something about Docker files. So I had given a tip a few episodes back on using Docker and net.
And I said at the time I hadn't really used it, but it was pretty cool, right?
Like it was their AI flavor on top of creating Docker files while I used it.
And it was a mixed bag for me.
So the, the gist of it is this, you have some sort of application you've created, whether
it be Java or, or.net or, or, or node or whatever.
Right.
And then you drop your Docker file in the root of wherever your folder is and you run Docker init and it'll sort of introspect and see what you have and try and set itself up in the best possible way for
the application you have.
Right.
And it mostly worked and it mostly did a really good job.
So there were a couple of things that I found that I thought were good and bad.
The good is it included so much stuff that if you were just going to go write a Docker
file from scratch that you probably wouldn't have thought about, like the users and the
permissions and the kind of things that it baked into the Docker file that a lot of people,
because when you go look at all those demos and examples and, you know, tutorials, they don't, they don't take you that far down. And so you've
got a bunch more in there than what you probably would have done starting off, which I thought was
excellent. However, on the flip side, there was so much of it that it generated that just straight
up didn't work because it looked like it was doing was creating things from templates
that weren't based off your code. So I found myself digging through that Docker file quite a
bit, fixing things that it put in there incorrectly. Right. And that's kind of what I found
even with some of the AI assistants like Google Duet or they just renamed it.
Right.
I don't remember what they called it now.
The same type thing.
Is it Gemini?
That sounds right.
But it was that same type thing where it's like, man, it got like 90% of it.
Right.
But then that other 10%, you're digging through it all like line by line.
Like, man, where's this jacked up?
What did it do?
You know, what am I missing?
There's something not super obvious.
I need to go find it.
So, you know, just an update on that.
It's very cool, but also very frustrating.
Do you know that that's been,
Docker and NIT has been our tip of the week?
Yeah, that's what I was, that's what it says.
Twice?
Yeah, I missed it.
We talked about it recently.
I did it when it first,
I actually did a little bit like a beta testing with it. I knew a guy who worked on it. Oh, really? Yeah, it missed it. We talked about it recently. I did it when it first, I actually did a little beta test thing with it.
I knew a guy who worked on it.
Oh, really?
Yeah, it's funny.
So what's your take on it?
Yeah, it was episode 208 was the first time, and then 228 was the second.
Oh, that would have been me on 228.
What did you think about it?
Yeah, I really liked it.
But at the time, the thing I liked most about it is I had learned a bunch of things I didn't know about Docker.
It was doing some interesting patterns uh that i hadn't seen before and so
it was really cool to kind of see like a like a uh you know a generated file that had uh had these
kind of um slick tricks and i forget the the trick specifically that i got from it um now i'll sure
i'll think of it in a minute but there was something that it had done that i hadn't known
about uh in particular.
And then there were a couple other things that were just kind of cool and how it created the Docker Compose file and did some other stuff.
It was nice.
And it's particularly nice if you picked a language you weren't as familiar with and you're just like, okay, just do it.
And it just did it.
Yeah, I think that's where I had landed on the stuff that I thought was cool.
It included things in the Docker file that I just wasn't even aware of or they did it in a different way. yeah i i think that's where i had landed on the stuff that i thought was cool is it included
things in the docker file that i just wasn't even aware of or they did it in a different way i was
like oh that's neat but but at the end when i ended up going back through it and having to
figure out things for the next hour to get it set up it was like oh come on really so yep yeah
yeah the problem with the scaffolding tools is they they kind of they do that yeah well and
at least the docker and it's trying to do it intelligently based off what you have there
right like yeah i don't know i i think they're gonna all get better which is only good for
everybody right yep so you know maybe maybe if i were to do it this week it would be even better
than it was the last time i did it i don't know maybe maybe i just maybe i'm coming at it from the wrong point of view
because i just look at it as like it's it's just another following you type of experience
in in my mind am i thinking of it wrong though because like if you were in visual studio for
example you do file new project, whatever,
and you could select what type of project you wanted to do, command line, web app, whatever, blah, blah, blah.
And it's going to stub out a bunch of stuff for you, too.
And you might pick up something like, oh, hey, look at that.
I didn't think I needed to do that, but it did it for me.
It's similar.
I guess the biggest difference is when you do a file new from Visual Studio, right, a good example, is it knows that it's doing a.NET project, so it sets everything up for you, right?
If you do it from IntelliJ, right, and you say that you're going to do Kotlin, then it's going to set everything up for you.
What's interesting about the Docker and it is it kind of goes and sees what do you have there and then tries to do it based off what you already did which is an interesting take
right so maybe you're you're not far off though but i mean like like i i while we were talking i
was like okay let me experiment with this thing so i went into like a folder where i had some python
and it immediately was defaulted to other it didn't even recognize that i that you know the
python that was there and i was like oh that's an interesting choice that's what i'm saying and then it's like you
know then i'm like okay fine python and it's like okay well tell me about your python project i'm
like well aren't you supposed to do this for me right there yeah look at it yeah yeah again i
think that hopefully there's enough interest in it to where it'll just get better and better over time.
Right. Like that'd be amazing.
But who knows?
All right. And so my next one, I have one more here.
And then I think, well, I guess before I get into Boomer Hour.
Oh, wow. Boomer Hour early.
So logging is an interesting topic to me.
And we've talked about this in various episodes about the right levels to use and all
that kind of stuff, but how much is too much? And I asked this question, I'm curious what you guys
take on this or, because I remember years ago when I was working at an Amazon subsidiary,
I'd gone to an Amazon conference and I think it was a security team that was like log everything right like log absolutely everything
because it's the only way to be able to reverse engineer whatever kind of attacks or any kind of
things are going on right and it's it's easy to say that when you're Amazon right you own all the
infrastructure you own all the storage like you don't care if somebody's
logging a gig's worth of data every hour, right? Because it's kind of all your stuff. It's almost
like play money to a certain degree. When you are a customer of a cloud service or a customer that's
doing, you know, bare metal type stuff or on VM type stuff,
logging is now a bigger thing, right? Like you don't, if you're going to do it in the cloud,
there's expenses that come with that, right? And they can be really high expenses depending on how
much, how much information you're logging. And if you're doing it on a bare metal system or a VM,
now you got to worry about how much storage you have available. So, so this whole
log everything when you're Amazon or Microsoft, sure, that probably makes sense. But when you
are a consuming customer of a cloud or running on hardware, like, what do you guys think?
Well, I mean, first of all, I would take issue with you saying that like, you know, for like an
Amazon or a Google or whatever, that they don't care that it's play money you saying that like you know for like an amazon or google or
whatever that they don't care that it's play money because like you know they still have a finite
amount of hardware and storage to use too so like they you know they need to be cognizant of that
so i think that i think the idea is log everything and And then there's the question of, well, retention is one part of that puzzle.
And like how long you need to retain that log is going to vary by use case.
Like, you know,
I think of like a banking application might have more stringent requirements
than, you know, a dev to like website.
Right.
But then also, you know, uh, a, a dev to like website. Right. But then also,
uh,
you know,
make it configurable so that you can log everything,
but you could also like not have that as the default option until you,
you know,
until those places where you need it and that you're just,
you know,
logging enough,
but not like debug level or trace level until you need to turn that on.
Yeah, I think configurable logging is really the key there.
And yeah, we've talked about how expensive logging can be.
So it stinks.
It's like you want it when you want it and you really don't want it any other time.
But, you know, there's no going back in time.
So, well, I think that's the part. Yeah think that's the part that hurts the most, right,
is when something doesn't go the way you expect it to.
You're like, oh, well, I have no way of looking at it now, right?
Yeah.
Well, maybe you could do like with that retention,
you could do like staggered sorts of, you know,
depending on the logging level like maybe you
keep like debug level calls uh for a shorter duration than you would keep like fatal or
errors or warnings you know i'm saying like you might have you might age out certain types of
logs different if you really wanted to like truly not configure it and you truly wanted to
log everything out but also try to be cost conscious of uh you know what what you're
logging i think i just had a maybe a really bad but cool idea for for a logging library
is what if i mean most of the time you just want info level type logs,
right? Most of the time you just want things like, Hey, this happened. Cool. Moving on.
That's why I just make all my logs info.
Every one of them.
Log got info.
Yeah. What if, what if there was some sort of stack that it kept to where, you know,
you have, you have a request coming, it's going to flow through, I don't know, 50 methods, right? Like whatever, what if any one of those methods generates an error,
then you can tell it to fall back to some level of logging for that entire stack. You know what
I mean? So let's say that in every one of your methods, you had a debug log in there just for
instance. Um,
but you know,
you only have one info output at the end and that last method that runs,
if something failed along the way, then it could,
it could know about those debug level logs and then be like,
Hey,
you said that on errors dump out the debug logs.
And then that way you can see the trace of it,
right?
Like that would be interesting.
Like in your catch statement, you just log in your catch statements and then like keep it
all the way up yeah some sort of buffer now the problem is that could get really expensive right
like that i mean some debug output is massive so but that would be really interesting it's like
you know debug level on errors um you know info every other time and then that way that would almost
like sanitize your logs for you so you never lose anything i think it's gonna be cool to be like a
uh debug on error last five minutes or you know last 50 seconds or who knows yeah it like that
would be really cool and maybe i i think it could be done If we think about some of the things like the,
uh,
oh man,
what not telepresence?
What was the thing that we were just looking at recently?
The,
uh,
Ktor.
No,
not Ktor.
The,
uh,
the library,
the library that uses Jaeger or sucked up Jaeger and all that.
Oh,
uh,
the,
uh,
open telemetry,
telemetry,
telemetry.
Yeah. Telemetry. I, or whatever. Wasn't it open telemetry? Telemetry. Yeah, telemetry.io or whatever.
Wasn't it open telemetry?
There you go.
Thank you.
Yes.
So they do similar things, right?
Like on a request, it sort of has this notion of what the request is,
and it sort of builds up that object as it goes through that request.
I think you could probably do something like that.
And then maybe just discard the debug things that aren't ever used or
something.
Again,
it would probably get pretty expensive on the heap or whatever kind of
memory management you're doing,
but man,
what a beautiful thing for developers so that you're not always jacking
with log levels.
Right.
And you get the information you need when something does go wrong.
I don't know.
Sort of interesting, but I mean like maybe I'm not following along. and you get the information you need when something does go wrong. I don't know.
Sort of interesting.
But, I mean, like, maybe I'm not following along.
Because I was saying it like, you know, half serious, half not.
But you could accomplish that same kind of thing, right, with the exception.
Right?
Like, you know, in your try- you, your catch would log that error. And then you could just keep throwing that up, bubbling that exception up. You're always catching it and
rethrowing it. Well, not if you're like, if you're the 30th in line. So, right. Let's say that it's
going through 30 methods and your first 29 right now, you just don't ever get the debug logs,
right? And you hit number 30. Right, because they're all waiting and then and then you would you would that 30th one throws the exception so it catches it
and log something and then throws the exception the next one catches it throws it throws it
rethrows it so you're rethrowing the same exception all the way up but every time up the
chain like you're like in a catch.
So you're like, oh, hey, let me log out my debug stuff here.
You could do that.
That would be really ugly.
Yes, exactly.
Yeah.
I mean, you try catching every single method.
Yeah.
Then I was thinking like, oh, well,
this is where like aspect oriented programming could come into play for you
where you could just like automatically annotate it with a, you know,
catch this type of exception or whatever and, you know, log.
It's interesting.
I think there's got to be some cool ways to do it.
You know, now that I've said it, I'll forget it and it'll never happen.
But it was, it was interesting.
All right.
All right.
So now last thing for me, boomer hour.
And I seriously, man, this weekend boomer hour. I, and I seriously,
man,
this weekend,
boomer hour.
Hey,
and somebody actually said that they loved it.
I don't remember who it was.
It was on one review somewhere.
Um,
dude,
G chat,
like seriously,
man,
like seriously.
Okay.
The functionality doesn't bother me.
The,
the threaded conversations,
all that the Giphy implementation or Giphy Giphy implementation is awful, but let's get past all
that. Why, why in 2024, could you not resize the left-hand pane where it shows all your rooms or people or whatever like seriously why well also
worse than that like why on a giant monitor do you only use like the middle 10 percent
that was my second conversation that was part two of the boomer hour complaint oh i got ahead like seriously man yeah that and i had a
couple i have a little list that i've been keeping um just being able to turn on and off word wrap
like if you're sending someone logs like oh it's such a pain if you try to send a stack trace and
it starts wrapping and and because of the said aforementioned uh problem with not taking up the
whole width it's's really narrow.
So it's basically unreadable.
And then I think the last one I have that we didn't talk about is the grouping and sorting of channels. You can't group chats.
They don't sort alphabetically, and you can't change the sort.
It sorts kind of by recency unless you pin it, and then it appears to be alphabetical.
But it's just really tough to use compared to something like slack and man uh the
the the pain the window pain like the tray is such a it's such a difficult thing if you have a lot of
channels and they're prefixed with like team names or whatever like right that's all you see yeah
yeah and hovering or click yeah hovering it somehow makes it worse it actually shows less
you're like why wouldn't you show the whole name when i hover that's dude outlaw actually said that the other day how is it when you hover it's worse and i and so i was like
wait what's he talking about and i bounced over it and sure enough like another third of it
disappeared and another icon showed up over it i was like are are you serious like it's crazy is the worst uh u ux ever i don't for a company that you know uh prides themselves on taking like
data-driven approaches you know like well based on like you know users seem to like this better
blah blah blah that ui needs to have some serious surveys done because it's awful
like in all seriousness i mean it is it's 2024 reactive or not reactive what is the css
styling with it is it's reactive right or the thing where you resize a browser and it
shrinks down and all that i can't think of the name of it right now
like how responsive i think what responsive that's it responsive how have they not embraced that
and made a usable ui like seriously we have the wides. I think all of us have ultra wide 34 inch
monitors and the chat window, the actual content of it. I outlaw said 10%. I don't think he's
exaggerating that much. It maybe takes up 20% of the, of the window and you just have white space
everywhere. I like, it's so bad that both Jay-Z and I separately have gone in
and hacked the HTML behind the client so that we can expand the left bar with the, the client or
the, uh, the chat room names. And I even tried to figure out how to make the middle one wider.
And I failed at that one. Like I spent maybe 15 minutes on it and I was like,
okay,
I don't know what combination of these different divs they have that will do
it.
Did you try also?
Oh yeah,
I did.
And I gave up.
Yeah.
Okay.
What's going on?
Yeah.
It was frustrating.
And it's,
everything's minimized,
you know,
in the browser.
Like,
so all the class names and stuff are wacky,
you know,
wacky class names.
And so you can't really rely on them.
You know, it's going to change on the next build or whatever.
Unfortunately, the, you know, like the accessibility stuff, like the roles, there's other things that you can use the key on.
But often the thing that you need to resize is like the nth sibling of it, you know, like the seventh sibling, not the last one, you know.
So it's just really awkward to try and do it.
All that stuff's going to change too. So it's like,
geez.
I mean,
there has been very few
pieces of software
that I've used in the past
that rub me as wrong as Gchat.
The only
one I can think of that I disliked
almost as much, and I think that Gchat's
worse, is iTunes on windows.
I hated iTunes on windows and G chat just takes the cake,
man.
It is.
If there,
anybody listening that works on G chat,
please,
please fix those things.
Like,
and if not,
I'm going to write a freaking browser plugin to to somehow go hijack that stuff
and add um dividers and stuff that can be drug around i didn't realize there's no way to pin
messages maybe they added it in last year i don't think so but uh that's that's not great either
hey bummer i'll give them a little bit of credit where credits
do their threading is actually pretty good like you can choose to follow threads pretty easily
um be notified same as slack oh is it pretty good or are they just like keeping up with the joneses
i mean they're not even close to Slack, right?
But I mean, with those two features that you mentioned, that was my point.
Yeah, that's fair.
I mean, you're just keeping up with, you're behind,
but you're trying to keep up with the rest of the industry in regards to chat.
I mean, honestly, if it weren't for the UI things,
I wouldn't hate it near as much as I do.
I would be okay with it just being a chat engine that we can... I wouldn't hate it if it was good,
is what you just said, in other words.
Something like that.
You know, if it didn't suck, I'd like
it. Golly.
I just don't
understand how you have a UI that's
that non-functional in this
day and age. I just don't get it.
It's been put up in pasture it's
it's clearly not given been given updates to like most basic things that people would want you find
people complaining about the same things and they've been complaining about it for years and
i can't think of any other new features that they've added in those years so it just seems
like another google product that's going to get killed i can't imagine it does though because i
think enterprises are paying for it right yeah i don't think they're going to kill it.
That's the worst of it.
If they kill it, we could use something better.
Yeah, I wish they would kill it.
Where can I submit my request for that?
I've been looking in the background while you were talking, and I was like, I wonder if there's a place.
If it was in GitHub, for example, you could create an issue for it in github that like hopefully they would eventually answer or whatever and i know that
microsoft used to have like requests like that where you could like look for you could add
feature requests for some of their products so i was looking like okay where do i make a
feature request for gchat and i just wanted to say like don't make it suck anymore so that's interesting that's a good boomer hour though man it's it's really bad it's
been super frustrating yeah i don't like it yeah all right well um so we'll just go to tiktok then
for all of our oh wait this is boomer hour that would be a great way to communicate wouldn't it
i'm gonna tick tock you something hold on let me let me send you let me send you a uh you know
short video of this uh this stack uh yeah overflow error but you got to do that what's the uh the
walking man dance thing that was oh man all the tick tock videos for a while. Yeah.
You have to do everything to that challenge.
Accept it.
Uh,
I have a challenge for you.
Uh,
dear listener.
Oh,
I challenge you to consider giving us a five star review because we need it.
We love it.
We got a bunch this time and it's really helpful and it's really awesome.
So,
and you only have to consider it to consider it yeah yeah it's easy enough just consider it and then you know do it don't do it whatever hey and scott was pretty awesome his review on audible
was hilarious it's like hey i'm gonna give you one star in hopes that it turns into like 250,000. No, it was a negative one. Oh, it was a, yeah.
Stack overflow air.
Yeah.
That'd have been beautiful.
Yeah.
For your, uh,
sign unsigned.
All right.
So then I guess we're on,
we're,
we're,
we're past boomer hour.
It must leave us with only one thing left, and that's mental blocks.
Yes.
I think those go together.
Hey, wait, wait.
I have a question for you.
Do you ever want to be a participant in mental blocks,
or do you like being the host of the show, Mr. Michael Trebek?
That's a fair question.
I don't know that I've ever really given any consideration.
The only reason why I've ever been the one doing it is just because, I don't know, it was ever really given any consideration. The only reason why I've ever been the one doing is just because I don't know.
It was kind of like from the early days when we were doing the survey,
I just kind of liked being the, you know,
coming up with the questions or whatnot to ask.
And so it just kind of carried on.
So would I like that?
Yeah, you contemplate.
I would absolutely sure.
But I mean, I don't want to take away from your winning streaks.
Of one.
Also, since Tateko already laid out the rules of engagement for us
with your two names, and my M is way further in the alphabet,
there's no way we would ever be able to know what letter of the alphabet that is.
So we wouldn't be able to know, like, does it line up or not maybe we do you with prime numbers or something we'll figure something out i don't know
uh all right so i mean if you ever if you ever wanted to like you know uh uh a pitch hitter
you know yeah baseball yeah you know you know how about that you know the funny part what's
what's going to be upsetting is when you choose your competitor
and it's always going to be me.
That's going to hurt my feelings a little bit.
Wait, I would have to be the one to choose?
I would be like, Jay-Z, I'm subbing in for you?
Right, yeah, that's what would happen.
Yep.
Wow.
I assumed that it would be like, hey, you're saying like, hey, Michael,
I don't want to do it tonight.
How about I be, you know, the questionnaire guy?
That would be better.
And then I'd be like, oh, okay, I'll fill in for you.
And then that way it would be like round robin.
Yeah, then it wouldn't be the trivia weakest link.
Like everybody's always trying to beat Alan.
It would be a little hurtful.
But it would probably work out to where Jay-Z would be like,
hey, I don't feel like doing it this week every week in a row hey i think i won last time right yeah i thought so too yeah
like he said winning streak of one but i think he was incorrect uh all right all right let's do it
so what is this 232 so according to to tuck coach trademark rules of engagement that we absolutely cannot break. Jay-Z, you are first.
And your categories are historical markers, repetitive song titles.
I wish you would pick that one, but I know you're going to pick this one.
Board games.
This would also be another good one.
Respond like a pirate.
Oh, I should have said this too.
The repetitive song titles,
it's probably pretty obvious,
but these are songs with repeated words in the title.
And respond like a pirate.
Every response begins with the R sound.
And we would appreciate you responding in that spirit. So
right. Uh, next category, popular baby names of the 2010s, according to the social security
administration and pop quiz, hot shot where pop is in quotes. All right.
First of all, can you even name the movie reference for that?
Not the first one, but part duh.
Hot shot's part duh.
No.
Alan, do you care?
Pop quiz, hot shot, like Speed.
You don't remember Speed?
God, Lord, man.
I don't know how you memorize all this stuff it was like a thing though it was like it came out in like 2003
yeah and it was like an early kind of you know meme thing where you don't remember that no no
boomer hour still is boomer hour over all right all right go ahead and tell us how you're going to like it.
I thought I'd pick some category, but I'm going to pick board games.
Go ahead.
Tell us.
Yep.
Board games.
Dude, hold up a second.
Is that really what you're going to pick?
Yeah.
Hold up a second.
Speed.
What year do you think it actually came out in?
I think it's 90s.
Yeah.
1994.
How are you going to remember something from 30 years ago
and be like, you guys really don't remember that?
It was like a main theme of the movie.
They were like, you know, pop quiz.
Because in the beginning, they're like, who is it?
Keanu Reeves and who is the other actor in it?
Sandra Bullock.
No, no, no.
Dennis Hopper. Dennis Hopper.
Dennis Hopper, but who was Keanu Reeves'
partner in it, though?
Nobody knows.
Daniel, Jeff, 1994.
I don't remember.
I didn't remember him having a partner.
I don't even remember the movie.
I remember it was a bus.
How did you look up it?
Bruce Willis and Donald Glover?
IMDB had typed in speed. and then they said it's so
old they couldn't even remember yeah jeff daniels was the was his partner harry and they they are
like in the beginning of the movie they're like going you know doing cop super cop stuff you know
and they're quizzing each other jeff daniels character asks keanu reeves
questions like okay pop quiz you know the hostage has or the terrorist has a hostage at gunpoint
what do you do and the whole time like dennis hopper is listening to to him he's able to hear
what the conversation and keanu reeves says you shoot the hostage, like wound the hostage to take the hostage out of the equation.
You don't remember any of this.
No, dude.
And then later on, like Dennis Hopper, you know,
says pop quiz, hot shot, you know,
because he was a callback to their, okay, never mind.
I think Outlaw Watch was like last night or something.
Spoilers.
I don't know the last time I've seen that movie.
I don't know the last time I've seen that movie.
Spoiler from 30 years ago.
Sorry about that.
Yeah.
By the way.
All right.
Something.
You should be ashamed.
Okay.
So board games and level.
Let's go five.
All right.
I like it.
In Monopoly boardwalk.
Come on.
This is your category,
man.
This doesn't even count,
right?
This is a meme boardwalk.
No,
it's a McDonald's game.
Boardwalk is the same color group as this alternative property.
What is park place?
Are you sure you want to think about that?
Do you want to phone a friend? I think it's park place. No, you want to think about that do you want to phone a friend
i think it's park place no you're right of course you're right yeah it's park place it's the only
two on the board the expensive one how's it going to be monopoly that's mean yeah that's really like
i really wish that you would have picked the the repetitive song titles though that would have been
i'm so bad about this one okay it's so bad about what
i was gonna say i'm so bad about like knowing uh like if it was like song titles from like the
years 93 to 97 and like green day and rancid albums yeah sure but outside of that no fairly
narrow i mean there's some ariana grande in there. Sync. I mean, like all your favorites right there. Yeah.
I was,
I was going to say this one caught my eye.
Questions by run DMC in this song include why you bugging and why you out
there stunting.
Nothing.
No,
really nothing.
Okay.
You got it.
What is it?
Mary,
Mary.
No, no, Mary, Mary. Why? Okay. I mean, okay you got it what is it mary mary no no mary mary why okay i mean i only know that song because
i saw it like you know it was it that was on after he got done watching speed last night whatever don't be hating on me
and also yeah i had did not watch that movie i haven't seen that movie i could tell you i just
i i'm i'm shocked and baffled that you guys don't remember that because it was like such a
thing in the movie such a big deal in the movie whatever can't have nice things
all right well alan it's your stupid turn so here's the stupid categories thank you thank you Such a big deal in the movie. Whatever. Can't have nice things. All right.
Well, Alan, it's your stupid turn.
So here's your stupid categories.
Thank you.
Thank you.
On another planet.
Denzel Washington.
Historic quotes rephrased.
Ooh, I like that one. Pick that one.
No, sir.
Nope.
But you got to pick this one.
Podcasts. Ooh. But you got to pick this one. Podcasts.
Other words for.
I don't know if this one's going to end up safe. We'll see.
Other words for doing it.
Middle man where man is in quotes because man M.A.N.
will appear exactly in the center of each
correct response okay those them it's either denzel or man which one do you do man let's go 500
or five level five level five level five level 500. Five level. Five level.
Alright, well, prepare to hate yourself.
This could be bad.
Ernest Hemingway wrote about the snows of this
highest peak in Africa.
I did a book report on it.
Oh, come on. Really?
The highest peak in Africa is... I did a book report on it. Oh, come on. Really?
The highest peak in Africa is Kilimanjaro.
Very nice.
Very nice. That is correct.
I started to say, like, man, you're going to kill yourself
if you don't get this.
Golly, man.
Yeah, very good.
Man, you're going to kill yourself.
That was pretty good. All right you're going to kill yourself. I thought it was pretty good.
All right, tough crowd.
All right.
Jay-Z.
All right.
Artistic children's books.
Not, why is that word?
Non-Agerians.
What?
Yeah, for real.
Not that category.
Yeah, more like not that category.
A non-Agerian is a person who is from 90 to 99 years old.
Okay.
Okay.
Medical mnemonics.
The Quran. Okay. Medical mnemonics,
the Quran car models in other words.
Oh man.
And quote,
I can go either way.
And a fun fact about what he says,
Oh no,
that doesn't make sense.
Cause the announcer dude put in some other stuff there that didn't make sense so yeah pick your category wow good luck yeah that's uh that's tough um
that's all that's all the choices yes that is that is they i i guess i'll try all our artistic kids books for one
wait i ought to pick the car one big ball no way yeah jay-z knows he has car yeah okay
i hope i'm pronouncing this right.
Lupito in the painter from Spain tells the story of a dash hound featured in several of this cubist works.
I can't even think it was cubist.
I don't know if I spoke English in some of that.
I, I, I don't know. I mean, i mean uh i'm just gonna go with um uh one of the ninja turtles i guess no uh cubist i mean i i'm all right let's go with uh let's go with Ernest Hemingway.
Let's go with Kilimanjaro.
Why?
Okay, I got English is my first, not language.
Cubism is an early 20th century avant-garde art movement that revolutionized the European painting and sculpture
and inspired related artistic movements, blah,
blah,
blah,
blah,
blah.
I never heard of that before.
I guess I didn't study art history and that's what that's,
that's on me.
That's on me,
Jay Z.
No,
I mean, I've heard of it,
but I couldn't name a single one,
like not in a million years.
That's a level one question.
Yeah.
That's some BS.
Do you,
do you care to give an answer?
Um,
Alan Raphael, I'm going to go with the Ninja Turtle.
Well, you're both wrong, so I docked you both a point.
I like it.
It's Picasso.
I almost said that, but I was like, he wasn't a cubist.
I guess, man, that stinks.
You're like my 15-year-old son.
Every time the correct answer comes up, I was going to say that.
No, you weren't.
Well, it's like one of the three artists I know.
That's not a turtle.
See, this is where Alan and I would have dominated that car category.
Car models in other words.
For example, Dodge Boxer who wants a shot at beating the champ.
Rocky.
Okay, you're out of this.
Mike Tyson.
Man, I don't know.
What is that?
Challenger.
Oh, I see.
Toyota Arctic
Plane Void of Trees.
Yeah.
See?
Yeah. Yeah. See? Yeah.
Wow.
Yeah.
So it would have been a fun one.
All right,
let's go.
Let's go into final mental blocks.
All right.
You're,
you're going to,
you're going to text me.
Each of you text me your answer with your point value that you're going to
gamble on this.
All right.
Here we go.
The category is famous women.
And the answer is she joined the sisters of Loretto at age 18,
then took her good works to Calcutta where she was.
Yeah,
that's what I said.
Calcutta where she was called this.
Well, I was still twisted, twisted up what I said. Calcutta, where she was called this. Well, I was still twisted up by her name.
The Sisters of Loretto?
Loretto?
L-O-R-E-T-O.
However, we'll never know.
But that's...
She joined that.
You know what?
If you get this one right, that's just good on you.
That just says something good on you like they just that just says
something good about you we can interpret and decipher outlaw speak yeah don't forget to send
your money amount before the question i did that i did that oh yeah me too
like somebody reading some of these answers definitely makes me feel like a moron because
i'm like wait wait, what?
I can't,
is that English?
What language am I speaking?
How am I supposed to answer this?
Yeah.
I texted you.
I actually texted you,
texted you.
Oh,
text that kind of,
that's what you said.
You said text.
Well,
yeah,
I didn't know that meant that,
but yeah,
that's what I did.
Okay.
So,
um,
this is going to be weird um and i'm going to go ahead and write down
let's see i don't want to do this i don't want to do this so oh you guys took away my math that
i had in here somebody i didn't touch it yeah you did you know what you did maybe i did all right so let's do
this just so we can see right now that we are in a tie game four to four and um somehow i don't
know how this math works out okay but jay-z gambled more than he had.
And Allen exampled.
Oh, I went down one.
You did. You lost one.
So you should get Doc some points just for doing an incorrect wager, I think.
And Allen gambled exactly what he had.
Everything that he had.
So he probably won anyway.
So Allen got it wrong.
What?
But Jay-Z got it right.
Did you for real? What was the answer?
Hold on. Before you say that,
there's only three nuns that I know.
Right? Okay.
So now you know the answer.
Mother Teresa. That's who I did.
You did Sister Teresa.
Oh, I did Mother.
Oh, freaking.
Oh, man, that works. Come on, man.
That's Mother Teresa. you can't take that away
steve from father of darling you remember those father darling mystery hour and then there's
whoopi goldberg from sister act so i was like which one of these three i'm guessing it's the
one that's real come on did i really write sister you did and that's why i was like i thought about
this i'm like what am i supposed to do here and i'm like well there's this other popular show where they do questions you know they do answers
and then questions and they're very particular about like what you say the answer is you have
to get it right and i'm like well i think if we were to follow that show's rules then i think
alan got it wrong i think i did this i spelled it wrong does that count did you spell it well
i don't guess you usually spell it on air so yeah i don't i don't know that it mattered but yeah you you did
spell it all right i'll take the loss on that on the technicality so you know jay-z has a two
winning streak here you know beautiful all right a bunch of hot garbage i was there
so somebody is just now learning about browser extensions.
Is that what I'm to gather?
Yeah.
So this is related to a G chat being not so great.
I was looking at basically browser extensions.
I used to use the extension grease monkey like a million years ago on Firefox.
If you remember that and what it was is a plugin that would basically allow you to kind of say like this is the domain i want to use or when i use this domain this is the code that i want you
to drop in it could be like style sheets it could be javascript so of course you can insert html
whatever and you could use it to to uh you know make websites modifications websites and they
would kind of persist and load whenever your browser went there and people would share it so
like for example if um people wanted like a dark mode for facebook or
something there's surely somebody who would have published grease monkey scripts and files for
making a facebook dark mode and would account for all the various little things that need to be you
know done to make that work well fast forward you know 10 15 years whatever and i recently googled to see you know
like what kind of modern equivalents are and uh around you know kind of history because at the
time grease monkey had been firefox and i did find that there is a kind of a modern day equivalent
called violent monkey that works in chrome and then there's one called tamper monkey that is
kind of a modern remake that works in like firefox ecosystem and i think
work in chrome too both of which uh the names scared scared me like violent and tampering is
not something i really want to be installing to my browser so i you know like that's it was enough
to scare me off right there but it kind of got me thinking i was like you know these browser
extensions that you can install like they really can do a ton of things like kind of by definition like them kind of mucking around with the stuff you're you're doing like
they can act as key loggers they can insert malicious content into you know your your
web page like just browser extensions in general are are really scary you have to be really careful
with the ones that you use and like that they can be really powerful like we've talked about
like the last pass plugin and bit wardens have uh has one to the
or the extension rather super useful right like i use those because it's you know it's it's worth it
in my opinion because of the usability but uh that's about it now because of all the scary
stuff that they can do and so even though i really want to use this for uh fixing gchat i just don't trust any plugin that i wouldn't make myself to
to not phone something home or not to to kind of insert affiliate links or something
i thought boomer hour is over i know i know i don't know if this is boomer hour as much as just
cautious right like i think that's i i felt the same way like you guys remember um
there were screen capture plugins or extensions that you could get for browsers that were
extremely useful for like really long pages right because it would sort of scroll it and stitch all
the things together but it actually told you like hey if, if you enable this thing, it can see and interact with every single web page you ever visit.
So if you do any banking in your browser, if you do, you know, even if you're chatting with somebody, right, like everything is exposed.
And unless you've examined the source code and seen what it's actually doing, you can't know that it's not sending stuff
back home.
Like Jay-Z said, right?
Like he could be firing off async calls behind the scenes and you just wouldn't know unless
you were looking for it.
Yeah.
I wasn't clear on the update story too.
It's like, is this stuff auto updating in the background?
Can I pin versions?
Like what level of control do I have around that?
So even if I did take the time to go inspect this library, yeah, right.
Then, uh, you know it's it's it's just
going to be outdated with the next uh with the next update and if i don't update that around
the risk of some other security hole that i wasn't even aware of and we um i guess we didn't talk
about this but there was that um the issue with it was the xz tools um recently with um where
somebody had been slipping in the back door in little pieces over the years.
It finally got to where they were enabling that and it was a big scandal.
They were able to do that because they did it
in little pieces and they badgered some
people and there's some social engineering. It's a really interesting
story. XY tools.
XY tools, yeah.
We should find a link to that story
because it really is interesting and
pretty scary from a developer standpoint.
Actually, I said tools, but I think it was utils, right?
X, Y, utils?
Yeah, I think that's right.
Or XZ utils, sorry.
Oh, yeah, XZ utils.
Okay, that's it.
There we go.
I'll throw this link in here.
Yeah, and it's been something that's been going on for years.
Like this person in quotes that it was all done in open source and uh you know just the kind of fast
version of it is someone had been submitting pull requests and then uh other people have been kind
of supporting the pull requests and encouraging open source uh maintainers to merge them quicker
you know basically to get the updates out quicker and
also to make this person who was submitting these pull requests a maintainer. So they had more access
to the repositories for these common Linux tools. And then this account, you know, person or persons
behind this account ended up spinning a ton of PRs to popular tools, like all over, you know,
the internet and kind of the Linux tool chain. And it's really scary because now people are going to be going over this
with a fine-tooth comb.
And it's just kind of a reminder that just because something's open source
doesn't mean that it's been vetted,
that there hasn't been something sneaky slipped in,
that the original maintainers haven't passed this off
to somebody who's doing something malicious with it.
There really is no guarantees.
So it's like unless you really trust your browser extensions,
you shouldn't install them.
Well, okay, so browser extensions,
I try to have as few as possible for reasons like that.
But I think going to your last point there,
I think it was Steve Gibson from SecurityNow
that kind of made the point of similar to what you said about
just because it's open source doesn't mean that it's necessarily more secure.
It means you have the ability to audit it.
But if you never have that third party independent audit done by professionals
that know what they're actually looking for,
then you can't make those kinds of claims.
And I say that that third-party professional
that knows what they're doing
because you and I looking over that code
doesn't necessarily mean that,
yep, it's secure, we looked it over
because there could be things
that we wouldn't know to look for
or that we would miss.
Yeah, totally.
And the same thing applies
for all sorts of different tools. I love talking about can talking about canines is it to be a terminal user interface that
i love and install everywhere and i have looked at the source code to see how how it does uh what
it does but i certainly don't do it every release and uh you know i don't know if anybody is it you
know i assume they aren't so it's just kind of scary but uh it's unfortunate because i really
want it so maybe i will try to write something custom i've never tried to write a which called a plugin before or
an extension for the browser but it doesn't seem like it'd be that bad right so how well uh yeah i
think it would be that bad but because i mean it really is going to depend on what you wanted to do i guess but um
i was wondering like if if if if this is just a the swing of a pendulum right
and it on one extreme we used to be everything was closed source and provided only by
you know a company that you would buy from and you, you hope you trusted them, but you had no access to the source.
Right.
And then the,
the other arm,
the other direction for that pendulum is the other extreme where everything is
open source and you can get to all code and you know,
whatever.
Right.
Did the power just flicker for all of us around here?
Is that what just happened?
I think so.
That's funny.
Cause I heard, I heard, I heard mine flicker and then I saw the two of you look around like, what just?
Yeah, this is the downside of living close down.
Right.
But so, you know, and we've been kind of swinging the pendulum towards more of the open source path for years now.
But maybe we're seeing like, oh maybe that maybe that isn't maybe
open source all the things isn't necessarily and we might swing back a little towards the
other direction oh i don't know i think it's different right like open source like let's say
that it's a company held thing like yeah let's let's take a trusted company let's say it's microsoft apple one of those right
not google because we've seen gchat right yeah not going there again no but if if you were to
take one of those like microsoft is open source the dot net um you know runtime and all that kind
of stuff so if you have a company like that, that is sort of managing and, and monitoring that
stuff, then maybe it's fine, right? Like just because it's open source doesn't necessarily
mean that it can go sideways because they're controlling the PRs and stuff that go in there.
However, if you're using a piece of software that anybody can just pr into you know maybe that's bad so i i think i'm all in
on i like the open source idea but i do feel like like with the browser extensions i'm with both you
guys like i don't really install them because i don't trust them so and and i i wouldn't even know
how to go about trusting them for the same reason that Jay-Z brought up.
Like, okay, when an update comes out, do I need to go re-look at everything again?
Like, all that's just, it's too much.
So, I think open source is better than closed because at least there's some auditability.
But I think you almost need some sort of policing system like what, what Apple does with apps that go into their app store.
Or I even heard I,
on the dark net diaries podcast that the outlaw turned us on to a while back,
there was somebody that was trying to bypass steam on,
on how to go through their process because steam also vets all games that get
put into their store.
Right. And somebody figured out a way to sort of cheat that system so so even when you
have a police system it's not it's not perfect you know so i don't know man like i just don't
trust much of it well i don't i don't know that i i think that the apple or steam approaches are
the right but i do think that you're onto something about having like the sponsored
projects where you have like a,
a large company sponsor behind it where they're kind of like taking ownership
of it.
The trust,
right?
The trust in nobody.
Then yeah,
that,
that makes it a little bit easier to,
you know,
um,
like anything in like anything like the
what's the certification for it? There's cloud native
but then isn't there a certification for the open source ones?
Open source foundation maybe or something? Whatever.
The Apache foundation does it for sure.
But I don't know that they check everything. but only for things they take under their umbrella there.
Right.
Right.
But yeah,
the point being is that like,
if you had,
um,
if it's part of a major project that's open source that,
you know,
is being well,
um,
maintained and cared and fed for,
then maybe you're, maybe you have less to worry about
but that's not necessarily a guarantee right i mean the linux kernel is still
where well cared for as well but that's not to say there couldn't be bad actors trying to sneak
stuff in there too yeah so. So I don't know.
It's hard when you got so many people putting things into software that folks use.
It's really difficult.
You know,
on one hand you want to focus on your core competencies as a developer.
On the other hand,
it's hard to trust everything.
So it's like,
where does it begin?
I'm almost have the opinion that when I look at repos in GitHub,
if it's not like a well-known thing, like, for example,
I'll go poke around at like Scaffold, the Scaffold repo that Google has,
to see like some of the under-the-covers stuff of how it's working, right?
And that's fine
but then if i go to like you know john doe's repo on some other tool like i only ever look at that
and consider like oh you know this like he's just keeping his stuff you know projects that he's
working on like learning and experimenting whatever but i would never look at that repo and be like that look you know what i'm gonna do let me let me clone that bad boy compile it and i'm gonna
use that uh for myself that kind of thing would just never dawn on me you know it's hard and
modern software it's just so big and it includes a lot of third parties and like you know there's
the trust chain is just kind of insane.
It's unfortunate, but, you know, ain't nobody got time for that.
So the biggest problem that I run into, though, with that sort of thing is like you rely on,
you find some library out there that seems well maintained and you start relying on it and it becomes just such a, you know, part of your, your ecosystem.
You don't even like think about it anymore. And then you go to realize,
Oh my gosh, it's been deprecated. It's not even being maintained anymore.
Like we're, we've still been using this version. That's, you know,
still been there, but I don't know.
That's not necessarily bad as long as there's not security vulnerabilities and stuff in it, right?
Like if something does what you need it to do and it's fairly small, then hey, that's fine.
Well, yeah, so there's goods and're using a, not a latest tag,
but you're using a specific version tag,
then there's some protection that you have there that that's not going to change.
And that's not to say that the tag couldn't be deleted and repushed because
it absolutely could. Right. But, but that's the hope at least. Right.
And, and at least if you're using like your own,
I think we've talked about using like your own cash in front of something like
that,
like an artifact or whatever,
then you'd have a little bit even more protection against if someone did
delete that tag.
But then that's where you're now beholden to whatever version of the OS that
that tag was based off of,
which could have its own vulnerabilities,
let alone anything of the utility that,
you know, or platform that you're, you're using that was let alone anything of the utility that, you know,
or platform that you're,
you're using that was built on top of that.
Our system could have its own vulnerabilities too.
So yeah,
double-edged sword.
You know what?
I give up.
This is hard.
Let's just,
let's call it a night.
Let's we're done.
We're no more software.
And then all this goes away.
AI is going to take it over anyways.
That's right.
One can hope.
One can hope.
Well, I did, you know, so what I did end up doing is writing a bookmarklet.
And I think I've talked about this before because I've used them before.
But basically, there's a thing in HTML.
It's like old, old, old school, been around forever HTML.
And I'm sure you've done this before, although it's probably been a minute,
where you can run arbitrary JavaScript in the href of a tag.
So a href equals JavaScript colon blah.
You can do alert or you can do whatever you want in there, right?
It's just part of the HTML spec that's been around forever.
Well, that also works
for bookmarks. So you can have a bookmark that says like JavaScript colon alert, blah. And when
you click that bookmark link in your browser, it's going to run that alert and it's going to run as
if it's on that page. So you can do some of the stuff you want to do by creating a bookmark and
putting your JavaScript in the URLl field and it feels super
hacky and they definitely you know browsers kind of almost like hide it from you but it works
and so i just kind of wanted to mention that somebody will have a link to something on bookmark
that's there because it's something that people forget about because it's really like the browsers
don't seem to want to let you do it, but it works great.
And for a few lines of code, it's not a big deal,
but if you want to start injecting CSS and stuff,
it's going to be a pain.
I'm sure there's some sort of limit on the URL field.
Yeah, it's going to get ugly.
Yeah, so I had to throw that out there.
All right, and last thing I wanted to mention just real quickly is that I mentioned the new keyboard that I pre-ordered, the Commodore 64 kind of mock keyboard from 8BitDo.
And it's not shipping until sometime in May.
But, of course, I got to get my switches ready because, you know, I got to get my silence on there. there so since i had some time this time instead of just watching a bunch of youtube videos until
i was like making myself sick you know with the decision over which switches to get i did find
somewhere that would uh send me a tester you know one of those little things you can kind of pop the
switches into and the keys and actually see how it feels uh and you can find those anywhere but
because i want silent switches i also had to find somewhere that was willing to send me the switches because I didn't want to go buy one switch here, one switch there, one switch there from like all these different places I wanted to test.
And so I found this website, Thock King, like thock, thock, thock.
When you hit the keys, T-H-O-C-K. I'll have a link in the show notes. And they had a little tester you could buy,
and they would just give you any of their switches
that they sell on the website for free.
As part of the cost,
you would basically just tell them which ones you wanted.
And so I went on their website
and found every silent key they had and did it.
I did a little test, and I have my results.
Of course, your mileage may vary,
but the ones that i thought
were the best uh are also very common that people recommend all the time but how is that different
than the keyboard testers that we talked about before so like if you get one from amazon or
something then uh you can't like a lot of times the switches you can get are really limited but
this was the first website i found that had like a good chunk of the switches that i was already interested in
it didn't have all of them uh so like for example it didn't have that like the switch that i had put
in this the keyboard i'm using now but it did have several of the brands that were most popular so
it was this was the best one i could find for testing uh for being able to ship you switches for that were silent
they don't have all of them but it looks like they've got like 50 of them they have a lot yeah
they had a really nice variety and yeah by far like other ones i could find just like you could
get one from you know cherry and it will send you all the cherry ones and i'll have the two cherries
which you know silent switches they have and you get one from collie or however you said kale and it would have their two silent switches but for this one i got i think it was like 10
no it was not i got nine and it was from bands like collies in there i got cherry in there i
got duo rock i got uh gazu i don't know how to say all these um but welcome to my world yeah i know
exactly so i'll just tell you the ones that uh i i thought
one uh were the duo rock shrimp silent uh which is very popular choice and also uh probably the
one that you'll see come up the most if you like search for reddit is the uh gazoo boba u4 silent
people love the switch it was kind of a number two for me uh just because i don't know
i don't really have it it didn't feel as good and it was just uh not it didn't like fit as well
like the switch kind of kept coming loose even when i moved it in different spots on my tester
which is you know i'm sure it would probably be fine inside the keyboard but you know if like two
things are all you know basically the same anyway and one of them's loose you know then you're gonna go with the other one yeah
and then there were a bunch that were pretty good there were two that like did not compare at all
to the other two and those were the tactile kali silent pink and the linear cherry mx silent red
you know i could have just got a bad one like the cherry the cherry mx silent red in
particular you could hear the spring noise so i don't know if it didn't have enough lube maybe i
just got kind of a dud but you know again if you've got nine things that are all pretty good
and one of them isn't you know you're not going to try again you know like i'm looking for any
reason to kind of disqualify these so that's what i ended up with uh so i ended up ordering some duo rock shrimp silence
you're saying duo is it do you i can't even find no do you rock do rock do rock do rock
yeah okay you guys in proper nouns yeah i can't do it
there's there's got to be some sort of
linguistic skill
out there to where you could see
proper
nouns that you've never
heard before and be able to figure
that out. And that's just not a skill that I
have. I don't know.
Pretty funny.
People go nuts. They tear it apart.
They do all these crazy graphs and everything
on the pressure my wife had been picking on me
because I was kind of obsessing about this
before and then here I am obsessing about it again
and she's like what does it even matter
you know whatever
I showed her the tester and I was like well which one do you like better
and she's instantly like
these two
so you still think it doesn't matter
no it matters
yeah because you would have driven her crazy if it doesn't matter? She's like, no, it matters.
Yeah. Cause you'd have driven her crazy if it hadn't been a good one.
Yeah.
Yeah.
Durock shrimp,
silent T1.
Interesting.
They have a dolphin silent.
Did you try that one too?
Nope.
I guess not.
Okay.
Did not.
That was not an option.
That's pretty cool.
So you're not going to make a video on this and make everybody's day then?
No,
I should,
I should.
But the people that already make
videos for keyboards they do such a good job and they're like they'll have it in like i don't know
they'll they'll have like a professional recording studio like in their closet whatever like they'll
deal they'll take the whole thing apart they'll like lube up all the switches they'll add the
extra foam in the stabilizers and yeah stabilizers. I've watched a lot of
keyboard YouTube now.
I think you could do it, man. You do an ASMR
version, a take on it, and you'd be like,
okay, over here.
Jesus, I like it.
There's probably a lot of crossover there between
Did you ever
get that
Kinesis Advantage
360 split keyboard, Alan? No no i have not gotten that because
dude i've i've been on the fence but it's like 460 dollars like like i felt like the kinesis
advantage 2 was stretching what i was willing to pay for a keyboard right and then they said
watch this yeah and it was 320 bucks right like, don't get me wrong, it's still my favorite keyboard I've ever used.
Period, hands down, it's my favorite.
But $460 is like, really?
You went ahead and just added 50% to this thing?
That seems a little obscene.
And there are things about it that I don't love,
but I definitely want to try it.
I just don't know if I'm $500 worth of wanting to try it.
You know what I mean?
So I don't know.
All right.
Well,
with that,
we don't have a bunch of links,
resources that we learned with that.
We head into Alan's favorite portion of the show.
It's the tip of the week. right my tip might be cheating i think i've mentioned this before but i tried searching and i couldn't find a reference to it so uh i'm gonna go ahead and
give it again and i just realized i did not use the search on the website which we have
that's pretty good so let me go ahead and do that real quick i couldn't figure out how to search for it tell me i just tried using google and uh yeah okay all right it looks
legit so it looks like i've never mentioned this before somehow so there is a tool a free open
source tool called gb. And what it is,
is it's an integrated development environment and IDE for making game boy and
game boy color games.
It's a basically a wrapper and a set of UI tools on top of another game boy
library called GBDK that can be used to basically compile code that will run on
a game boy.
And it's
got all the various limitations and
whatnot around like the
actual hardware and
this particular studio has
a really nice user interface for like
doing your graphics, doing the music
doing any sort of
coding and working with objects
and doing that all in an IDE
and what's really nice about
that is that the game boy in particular is so limited on the hardware there's only like
you know maybe it's got like 16 addresses for sprites and so if you need to do any more of that
you need to do some fancy stuff to swap them in and around so there's like these real strict
limitations on uh number of things moving on the screen or number of layers you can have for images.
And the IDE makes it really easy
to kind of internalize those rules
because there's only, you know,
16 slots you can drag stuff into.
So it's just pretty cool.
And you can get something going really quickly
and they have some really cool like starter materials.
So I'd done this a couple months ago
and that's why I'm surprised that I didn't talk about it
because I had a lot of fun with it.
And the coolest thing is because you're working
with the real limitations and the real, you know,
code and adhering to the hardware restrictions
of the Game Boy, you can run the ROMs
that you make directly in emulators and drum roll.
You can produce actual cartridges that will run in Game Boys and Game Boy Colors.
There are people that do this.
People make Game Boy games.
There was actually, there's been a kind of a few popular ones recently.
They call them demakes.
Instead of like a remake, it's kind of like they'll take a popular game and pull it back a few decades.
And so the one I saw was The Mummy, actually.
It was kind of based on The Mummy movie from a few years ago.
And someone did a really good job making an old Game Boy game,
but with kind of chiptune music and everything.
And it was just really cool.
The Brendan Fraser Mummy movies?
I believe so.
That's a few years ago ago we're okay to remember one
from 20 years ago but go back another 10 for speed and like oh you're the weirdo that remembers that
that's right that's right yeah okay i just want to make sure we're on the same page yeah we are
i'm surprised i'm surprised though that you weren't talking about the emulators that are now allowed on iOS. Oh, interesting.
Oh, I did hear about that.
That's right.
So you want to rethink your life and maybe your tip of the week?
No, I'm still good with this.
It's actually on Steam now for $20.
Wow, wait.
GB Studio, you're saying?
You know, I think, no, GB Studio is free.
I think that the mummy demastered
that i was thinking is was not actually one of these d makes i was confused but i do like the
d the mummy demastered soundtrack which is how i know this game but there are other games like
if you go to itch.io.io you can filter for game boy games and you'll see a ton of games that were
made with this tool that's so cool so i swear there was another like
um hardware device like this uh-huh that you did talk about and it was yellow if i remember right
yeah oh that's the play date i believe it's called yeah and it's got this like weird dial thing
like it's almost like a fishing rod on the side yeah it's called the play date
i remember we looked at the website for it yeah and they have a weird subscription model where
it's like you get new games kind of delivered every couple months and uh people do make uh
basically game boy games with this thing but i think they use different tools for it because
it's got this special that special cut rotary dial thing like i don't even know how to explain
it but it's like a fishing rod built on to a game boy like a what do you call
it a reel a fishing reel real yeah we'll never know i don't know yeah we live in the south you
have to know what a fishing reel is i just i love the idea that people are making like stupid fun
things just for you know just just to make you smile like these these are not gonna you know
these games that people are begging for this it's not gonna like change your life it's not gonna you know suck all oh whoa whoa whoa wait a
minute but it's fun fun it's fun yeah fun like super mario's type fun right like when was the
last time you just had that much joy playing a game to rescue the princess and then be done yeah yeah it's just fun all righty uh well gee that's a
hard act to follow alan you're up next okay mine's mine's not super great i was joking because
well technically in the notes i was next a year more than welcome to go but i was trying to make
a joke you go ahead my joke backfired, we had a joke today from Greg at lunch.
What was, what was his wedding cake?
Wedding cake.
You want, you want to do it there?
Oh, I remember the punchline, but not the setup.
Yeah.
What was the set?
We were just talking about like wedding cakes.
It was something about being sad and why?
Cause they're in tears.
Right.
It was an emotional event. It was an emotional event. Even the they're in tears right it was an emotional event it was an emotion even the cake was in tears he just slipped in there deadpan yeah it was it was great and we all kind of sat
there for a second oh yeah very good uh all right so this isn't gonna be as good a tip and i warned
you but um it comes from the heart and i think that's what matters the most so take that joe so yeah no but seriously so do you ever so let me see where i
start so you get a ticket to work on something to do something right and like you put a lot of
effort in that ticket and some of those sometimes those tickets might include like scripts that you like ran or
commands that you ran or whatever.
Right.
So one thing that I like to do is I will,
if it's particularly like a nasty,
you know,
command with a bunch of like,
you know,
pipes and whatnot of,
you know,
from one command to the next command to the next command,
why not just save myself the trouble
and save that command in the ticket
as a comment on the ticket
so that next time if I ever have to go back to that ticket
for any reason
or if I ever have to do a similar thing,
then like, oh, here's what I did last time.
And it's there in the ticket.
So yeah.
Right place for it, yep.
But also like script all the things too,
like while you're at it, you know.
But yeah, so in this case,
what I wanted to do was
I wanted to inspect every one of our Docker images.
Think about how many Docker images we have, right?
I'm sorry?
Three.
Three?
Three. Three hundred. have right i'm sorry three three three hundred all right this is why this is why jay-z has been dominating mental blocks because he's closer so yeah so like i i wanted, I wanted to inspect every one of our Docker images to find out what, um,
I didn't want to, I didn't want to not the Docker file, but the actual image I wanted to like
spin up a container and see the OS versions that it was running and stuff like that and build up,
you know, see like, okay, what things are out of date need to be upgraded, stuff like that. And so I'd crafted together this nasty, you know, script that would go through and find all
the Docker files from the, from the root of our application and then start, you know, inspecting
the containers to see it. So, but yeah, the idea is just like, you know, why you have to create
that command a second time, even if you are good with creating the commands i mean i i don't think i'm bad at it but i'm not going to like take the
time if i've already written it once then i don't want to write it a second time yeah agreed so
just save it i like the approach i do it save a little it's a little breadcrumb in your in your
jira or whatever your ticketing system is is i i also take it a step
further though because of jz and obsidian i'll put it in there but i'll also go into obsidian
put the jira the jira number in and then also tag it with something like you know useful script or
something and then that way i can find it again in the future quicker because sometimes it's hard
for me to go through jira and find the tickets that I worked on or whatever.
Right.
But yeah, I love that tip.
All right.
So I have one and this one's not a coding one so much as just a YouTube channel that I've come across that I absolutely love.
This guy is called Dave's Garage.
And this is an ex Microsoft employee.
I think he retired from Microsoft. Like he was there
for a long, long time. And this dude just has tons of useful tips. So like one, a couple of the ones
that he's done recently is he talks about how to secure your network using of it. Yeah, OPN sense. So it's it's like three,
three episodes back or three videos back. But he shows you how to go in and create this device
that you can plug into your network that sort of like a through device from your router
to your network switches or devices or whatever, and it will help protect your network, right?
Without actually making any other changes to your network. So that's a good one. He also has done
like tons, tons of useful things on just various things with computing. And I find him super
entertaining to watch because he's, he's sort of like a, he's kind of like jay-z he's sort of
laid back and just just sort of a chill guy but he'll say things in fun ways and he does a good
job on his videos so if if you like the techie stuff i highly recommend going and checking this
guy out he has oh another one that i thought was super useful especially for people that travel
if you've got more than one person traveling with
you, there was one where you take portable, I think they were portable routers with you,
but what it allows you to do is when you get to a hotel, a lot of times a hotel room will give you
one connection and then you got to pay for more or whatever. Well, if you pay for the faster internet
in a hotel or something, usually it's per device.
Well, if you take one of these things, you connect that to the network, you pay for the speed of your thing, and now you can connect all your devices, phones, iPads, whoever's in, you know, if all your kids are with you or whatever, they all connect to your router, which is probably a little bit more secure as well.
And you get the benefit of the, you know know the upgraded hotel bandwidth and all that kind of
stuff so he just has tons of neat little things that that are just great useful tips so um we'll
have a link of the show notes for it but highly recommend them i think that's supposed to be
pronounced open sense is it open sense oh yeah it would not opn sense so and i'm questioning i'm
i'm guessing that it's probably like a play
on pf sense yes so he actually talks about pf sense as well so i think open sense is the
is the free or you know open version of that same type thing so but pf sense is open source
so i don't know then why it's different i think he starts talking about it at the beginning but
i was half listening whenever it was on because i'm not one of those people that can listen to
things and do things at the same time and retain anything so like i like you you um
oh man i can't i can't think of his name right now, but there are some people that can listen and do things at the same time.
They're like, yeah, it's fine. Like I, I got it all. And Jay-Z you're muted.
I think you said not me, but correct. Yeah.
Also as a, I guess I have another tip of the week.
Don't use the hotel network. Like what you're going to use huh what are you going
to use just use your phone well if you have a good connection yeah if you got a good connection sure
but there's some places that don't at all i just feel like if you're on a hotel network then
you're trusting everybody in the hotel that's also on that network and i just don't and so because i don't trust them i'm
not going to connect to it yeah i definitely hot spot my phone when i can but there are some times
like i've been to some places where you get nothing and it's like okay so yeah i do like
how he has one video that's like a 10 second test but yet the video is over 10 minutes right yeah
so how is it how is your
10 second test 10 and a half minutes long
I mean you gotta do it like
a thousand times
all right well all right later
no
if you're listening like the show you can subscribe on itunes spotify or
using your favorite podcast app thank you all right bye