The Changelog: Software Development, Open Source - Yeeting stuff into public (Friends)
Episode Date: February 17, 2024Jamie Tanna (who has a website) joins us to discuss the indie web, living with ADHD, sharing his salary history with the world & building DMD – a _dynamite_ open source tool to help you better under...stand the use of dependencies across your org.
Transcript
Discussion (0)
Welcome to Changelog and Friends, a weekly talk show about Jamie Tana's website.
Thank you to our partners at Fly.io, the home of changelog.com.
Launch your app near your users all around the world.
Find out how at fly.io.
Okay, let's talk.
We are here with Jamie Tanna, long-time listener, community member, blogger.
I've been publishing your stuff in ChangeLog News
over the years, it seems like at this point.
And one of our voicemailers for last year's State of the Log.
Jamie, welcome to ChangeLog and Friends.
Thank you. It's great to be here.
Not that I'm saying he's not a friend, Jared,
but I was thinking maybe he wasn't really a friend.
It's more like this is ChangeLog and Friendly.
I don't know.
Because he'll become a friend during the show potentially, right? i was thinking about that on the way here what do you think
about that i feel like he's been uh like a community member right hanging out in the slack
we haven't held hands yet though so you know well he lives across the pond it's not easy
you hadn't with gerhardt for ages that's true it took us a long time to shake his hand and
give him a hug. True.
Change Logging Friendlies, it's got a ring to it.
Maybe we could have a sub show.
I guess you're looking for a new subtitle. Maybe it's turning friendlies into fronds.
There you go.
Oh, I like that. That's actually not that bad.
What I would like to hear, Jamie, is how it feels to get your very own Breakmaster Cylinder remix.
Because you are a recipient of a remix.
I've never got one for myself,
but it's got to feel good, doesn't it?
How did it feel hearing your voice all remixed?
It was very cool.
I mean, the fact that for the second year running,
I ended up submitting my voice note late
for State of the Log was just impressive.
Given, I think, I'd asked like a month before the deadline,
like, when is the deadline?
And I posted an update.
So yeah, I'm just still surprised that you managed to squeeze me in.
That was very cool.
And then, yeah, get my own remix was pretty cool.
I haven't yet said it as a ringtone, but maybe that's the next step.
You should.
Is Jamie's the sweet robot dance make-out music?
That's Jamie's, right?
That was the other Jamie.
That's Jamie Kernow.
Jamie's was the very last one because he Jamie. That's Jamie Kernow. Okay.
Jamie's was the very last one because he submitted late.
Remind me what it says.
Let's see if I can play it.
You want the remix or the message?
The remix.
I am a podcast addict.
I'd absolutely say that I often prioritize ChangeLog over cooking,
over my life.
I don't have time to walk the dog this year um so it is like a lot i've
listened to changelog for five days at a time in a room just laughing having a great time and
yeah really looking forward to what is happening over the next year. Thanks very much, everyone.
Thank you, Jamie.
That was amazing.
So I bet your dog's pretty sad.
I know my dog absolutely needs the atom tank filled up every single day.
The dog begs me to go to work with me because for now I go to a separate office and my dog could not not be walked.
And then at the same time, I need to cook.
And I've never sat in a room for five days straight laughing at Cheap Old Podcasts.
So you've got me beat, but I appreciate that.
I'm just that dedicated.
Wow.
Okay, I take it back.
You're a friend now.
There we go.
Just like that.
We already did it.
We haven't even gotten into the show yet,
and we've already turned a friendly into a friend.
So too easy and i was digging into my um site history and i found
at least the first recorded time i tracked a listen to changelog was 2016 so i've been
listening for a good chunk of time dang so you track your listens? Because I was only doing that from that point in time. I also had a load of history.
So I found a way to take Podcast Addicts, SQLite database,
reverse engineer some of the data out of it,
and backfill that to my site as well.
In fact, I'm just now trying to charge up some of my old phones to see if they've got any history on them.
I can also backfill.
Interesting. That's dedication.
I love it, but I also wonder why.
What drives you to want to do that, even so much so that you'll go into the history and
dig it out of a database?
Why?
So in 2018, I found out about the IndieWeb community.
The community is all around owning your data, not relying on other platforms.
So some of it is IndieWeb as a thing is quite
cool. But it's also just interesting for me to have that data. So for instance, coming up to today,
I was able to easily go back and say, the first time I definitely know I listened to a ChangeLog
podcast was the 27th of August, and it was Request for Commits number four. And that was actually the
first podcast of the changelog I listened to. It's also interesting because that gets syndicated
to the Fediverse. So if people are interested, they can see the sorts of things that I'm listening to,
they can find out about new podcasts, as I've listened to them, and stuff like that, which
I find quite cool as just a passive way of sharing it. And then also, because I've listened to them, and stuff like that, which I find quite cool. It's just a
passive way of sharing it. And then also, because I have all that data, I can go in and I can work
out like, actually, in the last year, I have listened to five days worth of changelog.
Yeah, exactly. And you can make sweet robot dance make up music with it with that information.
You know, it's amazing. So okay, that is cool. I admit it.
And it makes sense, the dedication, the syndication.
So IndieWeb, this is the idea of own your own data,
publish through your own website,
and syndicate elsewhere or blast out.
I guess there's a couple different ways of doing it,
but that seems to be the main one.
Yes.
So there's a really good article
titled One Year in the IndieWeb.
And this is the one that
I usually recommend people read
because there's a really good distinction there
between IndieWeb with a capital I and capital W
versus IndieWeb or lowercase
or with a space between Indie and web.
So there's a lot of people who think like IndieWeb is,
I need to do these particular things
to be part of the IndieWeb.
Whereas like at its base, it's just you own a URL and you publish content to it.
It could be that URL is in front of Substack or Medium, could be in front of WordPress.com,
or it could be infrastructure that you are hosting in your home lab and you've got a load of stuff for that.
But then as well as that, it has also morphed into things like owning data across different services.
So one of the things you reference is Posse.
Publish on your own site, syndicate everywhere else or elsewhere.
And so that is a lot of what I do or I try to do, which is in the before times before
Twitter's API got taken down, I would reply to people's tweets from my website. And so I would
actually go through a lot more pain and effort to reply to someone's post, which kind of showed that
I actually did care a little bit more because I would, by using,
so the Twitter app,
I would share with an IndieWeb app.
I would write my reply.
I'd then hit send.
That would go to my website.
In about 10 minutes,
my site would have rebuilt.
It would have sent a notification
to an app called Bridgie.
And Bridgie would then say,
oh, cool, this is a reply to something in Twitter.
So I'm now going to send an API request to Twitter
and I'm going to syndicate that post.
And that will then appear on twitter.com.
And in all that time,
someone's probably not bothered by my reply anyway.
I was going to say, it's a good way to lose an argument.
By the time your reply comes in,
they're like, they've moved on.
They don't know what you're talking about.
But I've also found it quite good because it means that a like those sorts of arguments do calm down
a little bit because yeah i'm going to be taking like hours to reply to you in fact there was a
time where a couple of friends of mine messaged me and was like why have you just replied to my tweet
from six months ago and i had a bug in my site software that it wasn't actually sending those
notifications called web mentions for a while so suddenly i was replying to posts from like six
months ago and yeah not great that's a good response though there's a bug in my software
this reminds me a little bit somewhat so go with me here of back when i was religious about
updating the song titles in iTunes.
Like, back whenever you used to manage your own MP3 library.
And it's not exactly a one-to-one,
but I wonder if, you know, this IndieWeb,
which I totally agree with.
I love the IndieWeb, you know.
Like, RSS feeds, like, that's what we do for a living.
We ship MP3s via RSS somehow to the world,
and we don't care about tracking.
I mean, like, we do to some degree, but just enough to know that there's signal, not noise.
But it kind of reminds me of, like, this world where you pay attention to the details so closely,
but others may not, and so the world doesn't really get populated with others like you
who care so deeply about all the layers.
Do you feel like that?
Like, do you feel like that the indie web is has a possibility of
being more thriving because there's more folks who are so purist like you are and am i wrong on my
itunes naming because i mean i used to be crazy about it before they would like do it for me
and now just there's spotify and other things so so yeah i do see it as a a bit of a parallel so i
definitely wouldn't say i'm one of the purists there are a number more in the
community who will do a lot more work some of their stuff and for me some of it is just like
the muscle memory of doing it and a lot better like well i've been doing it for this long so
sunk cost fallacy i have to keep doing it for sure yeah that's what i meant by it's you know
i've been doing this rename you for so long long. I am going to keep doing it.
So for instance, like on websites like Lobster and Hacker News
and even things like LinkedIn,
I don't have like posse set up.
So I will just reply.
And it is kind of nice to sometimes
just reply and it'd be done.
But also I find it's really useful
to look back on things. So instance i have adhd and as
part of that my memory isn't great i blame the adhd for that and so something in 2017 i started
doing what's called blogumentation so it's blogging as a form of documentation. And I very recently started my personal website.
And as part of this blogmentation,
it was a case of I've just learned a thing
or I've just done a thing.
And it was kind of awkward to like Google around for
and find a solution for.
So I'm going to be that person
who writes a blog post about it.
And even if it doesn't help anyone else,
it will have helped me
because I would have written about it. And next time I can go back to her and let partially,
or I, I definitely see this as like a really big positive for me as someone with ADHD is I now
don't have to try and remember how to do the thing. I can now just vaguely remember, have I
written about the thing? And then I can go and
find that in my website. Or I don't even need to do that far. I can just search through my site.
And I can say, I'm sure recently, I was like talking to someone about this, like how to do
contract testing with OpenAPI. And I can search through my site. And then I can find a reply
that I posted somewhere.
And I find that really useful because part of the blogmentation was triggered by a discussion with Scott Hanselman, who had a site called Keys Left, which counts down the number of
keystrokes you possibly have, based on stats, how many keystrokes you have left until you
die of natural causes
and in this podcast he was talking about like i don't want to waste those keystrokes on something
that like if he gets a dozen emails about how do i do this thing he wants to be able to write that
reply once and then save the keystrokes and put them towards something more useful and i very much have like internalized that of
let me try and reference things that i've already written so well in fact you can see behind me on
the video i have my url in the background because it's very much like my personal brand one of my
friends for my birthday year before last got me a t-shirt which says i have a website jvt.me
because i would just talk about it so much that it was like that sort of fun thing and another
friend of mine from previous company he built a website called did you know jamie has a website
dot co.uk because it was just so common that I would talk about my website and I would share links to things.
A lot of it was coming from the place of, I've written about this thing.
I have helped solve the thing, so here you go.
I have a lot of thoughts about that. I agree absolutely on the blogumentation front
and as a completionist, it appeals to me to have
everything always, but some pushback.
Well, actually I pushed back on you about the same thing, Adam, at that conference. And we
were talking about letting the LLMs know all of our thoughts, just write everything down.
And I think at that time I said, is there no value in that which is ephemeral? And I used to be like,
always be recording, always be recording,
always be publishing.
If it's not forever, it's not meaningful.
And I'm starting to just like change my perspective on that.
Maybe the kids are changing it for me
because the younger generations value ephemerality
more than we do because they've grown up
where like everything they do is documented
and tracked by themselves or by their parents
or by the NSA or whoever it is.
And I just feel like there's room in life for both things
where there are some conversations
that don't need to be documented.
There are things that a reply on LinkedIn
can just disappear into LinkedIn's database somewhere
and doesn't necessarily need to be cataloged for you
or for your language model to remind you of later.
And I think the picking and choosing what I should keep and what can just go away, I
think is part of the process.
But I'm just kind of like letting go a lot more than I used to.
I was like, does this conversation really need to be published?
Or was it just, you know, I ran into somebody in the street
and we talked for five minutes about our families
and we moved on with our lives.
And that was just a really nice human thing.
And maybe I said something there,
like I have a website or I wrote about this.
But beyond that,
I don't think it needs to have artifacts to be valuable.
Yeah.
Well, I'm with Jamie on one front
because I just had a conversation with somebody.
For the first time, we've been looking forward to meeting each other. We met each other at a mutual party for the Super Bowl. It's a very popular thing here in the U.S. You can go deep nerd on Linux and Unix and BSD and like ZFN, whatever.
Whatever the fun tinkering things are.
There's not many Homelabbers out that you can meet just like randomly in the street.
So that's the point.
And this person is a professional in IT around the Windows system primarily.
And through conversation, we're talking about our setups at Homelab and whatnot.
And I'm like, well, I really don't do this but i did podcast with matt aarons
one of the co-creators of zfs he named dropped a couple years back and a lot of people liked it so
you should go check it out if you're really wanting to go deep on it it helped me out a lot
yeah and then like a minute or two later we're talking about something else like well i also
talked to so you're the by the way i have a podcast we also talked to alan jude recently
about open you know free bsd and all the bsds and like
the whole history there and it was really cool so you probably enjoy that too so i kind of felt
myself like self-referencing things i've done because we do document a lot of things that are
we nerd out about right that's just natural for us but i get you on that point i think the point
you're trying to make jared is that there is value in just just humanity, not journalistic or must be recorded to then share later aspects.
And that's – I don't disagree with that.
Right.
I fully agree with that.
And having a filter.
I have lots of thoughts throughout the day, as you guys do, I'm sure.
Most of them aren't worth keeping.
And we make those choices.
Adam, I know you have lots of ideas.
Some of them you write down other ones you don't yeah you know and knowing where to draw those lines is just
something i'm more i guess cognizant of than i have been in the past where i was more like
if it doesn't live forever it's not of any value you know like you you have i didn't understand
snapchat i'm like why would you want to take a picture that just disappears like it doesn't
make any sense to me and now i get it i guess i've just evolved a little bit i don't get that either i just can't get it i get
it now i've never i was never there so i don't get it fair enough but yeah we should get adam
a t-shirt by the way i have a podcast you know similar to your i have a website yeah that would
be cool and i don't really i don't like doing that though necessarily when i meet people i'm
not like in this case it was proper it wasn't like boasting or self-promoting.
It was like literally, hey, we're talking about this and this happened.
So if you are curious at all about ZFS, this is a great resource of many.
You should check out.
And it enlightened me.
So you should check it out if you are so inclined.
It wasn't like, let me like slap you in the face with my podcast.
And I guess it is hard to like drive that balance of like,
you both have talked to loads of interesting people.
You've got loads of interesting thoughts and people can learn a lot from that.
But also does it feel like I'm just pushing you to consume all my content?
Yeah.
So I would say if Jared and I were in quotes influencers,
then when we did that, it would be disingenuous.
But because we are definitely not
in quotes influencers, we might be influencers with a lowercase i just because we tend to think
like we're also IndieWeb with a lowercase i. Right, precisely. So I think if we were the true
version of what people call influencers, then it would be icky. But because we're not, we're just
normal human beings who just happen to have done something so long and so consistent. And I suppose over time so well that more and more people have
joined our tribe. And right. That's like, I read Seth Godin's book way back in the day. And like
everything we've done has been a version of what he prescribed in that book is around tribes.
It's such a good book. Like I love Seth Godin. He's got such amazing writing. You know, the dip
is amazing. Trib Dip is amazing.
Tribes is amazing.
I think it's called Tribes, if I can recall correctly.
But it was around that.
It's like, hey, there's a subset of people out there who find what I think is interesting.
And over time, what I find interesting evolves.
And I bring more and more things into that, like my hat, Meat Church.
I love barbecue.
I geeked out with a sponsor the other day.
We were done with our conversation. We hung out for another 30 minutes talked about weber kettles we talked about how we tweaked our stuff
and like the conversation was totally over right but we were just there now talking about barbecue
and our favorite recipes and methods etc and that was what it was and that could have totally been
a podcast but it was just it was just which was cool. Yeah, there you go.
There's some value there.
I do like the IndieWeb thing.
I guess, I mean, Jamie, is IndieWeb, I know you said there's like a proper noun.
There's also like a lowercase version of it.
Is the proper noun a community?
Is it like a group of people that identify and self-identify?
Do they get together?
I feel like there was an IndieWeb conference of some sort.
Can you tell us about that?
Have you been part of any of those events and stuff?
So short answer, yes.
End of podcast.
Yeah, so short answer, yes.
So IndieWeb.org is the main page for the IndieWeb community.
So it's more along the lines of like capital IndieWeb.
But the idea is it's meant to be a community for people doing indie web related
things so there are indie web camps which are the conferences and in fact in just over a month or
just under a month there's one in Brighton in the UK but they have them all over the globe I've been
to a couple and they're quite good because you basically come in and you don't have to have
built your own website you don't have to know anything about it there's like a few sessions
at the beginning of the day where it's like what actually is the indie web why is it actually
important to even just like own your url and not constantly be on twitter.com slash whatever
or now x.com slash whatever then people go around and like share
their websites so you have like demos of like look this is what my website looks like and then
there are breakout sessions where you can talk about different things so some people are very
interested in like owning their location data so for instance instead of using something like
foursquare they will use their website and then there's also like interesting conversations around like privacy things like that because often a lot of people who are sharing
their location data in real time are cishet white men who are not generally affected by
oh someone knows my location they're now going to stalk me. So there's a lot of interesting things around that
and trying to make that data less invasive,
but also interesting because you may want to be able to know,
here are all the places I checked into in the last week,
because you may want to draw a map of all the places you've been,
stuff like that.
That's cool stuff.
I feel like I've always been,
I guess I identify with the IndieWeb.
It seems like that community, everyone that I've met so far, are very inclusive.
They're not drawing lines like you are or are not IndieWeb.
That's not the point.
The point is to promote the stuff that you're talking about.
And I'm a longtime believer in own your own domain, publish on your own website, syndicate, etc.
And like Adam said, that's what we've been doing for years uh here
on changelog.com we have a website as well jamie changelog.com and um yeah it's cool stuff how far
do you go in with so you got fediverse implementation or integration do you do web
mentions those are always something that any web people bring up. We have like,
we've been adopting some of the new podcasting standards, podcasting 2.0 spec, which integrates stuff that's kind of like web mentions, like cross app comments, which is very much using,
is it just Mastodon or is it the Fediverse? I don't know. It's using these kinds of things to
try to create for podcasting some of the stuff that I think ActivityPub is starting to create a little bit for
social and for syndication. What all does your website
do? So my website is a static
website. It's built with Hugo and as I mentioned it takes like 10 minutes to
deploy because I just have so much content
in it and I also
so for instance like if I've liked a post
I want to mark
that up with what that post
actually is so instead of just having like
I liked changelog.com
slash friends slash whatever
I want it to be like listen
to changelog and friends
the episode with James Hanna
sort of thing so as part of that i also need
to fetch like information around what that post is so in the back i'll be looking at does it support
micro formats which are an indie web markup around html which lets you in your html elements basically
say like this is the post's content this is the title of the post
so it'll look for things like that it will also look for things like open graph metadata and fall
back to that so it can do a few things to try and gauge what that is that then as I say like takes
a long time to build because there's a lot of content in it. It's, yeah, got a lot of files. And I'm also using GitLab CI's hosted runners
because I've gone through like pieces
of trying to host it myself and speed it up.
And then just being like, this is still costly
and like time costly as well.
So I've been playing around with lots of different options.
And then, yeah, so about web mentions.
So yes, I do support web mentions.
So once my site deploys, finally,
there's then a webhook that is sent to one of my services that I run.
And that then looks at the site map for the site
and says which things have changed recently.
And then it will go through each of those pages,
find any links and send out web mentions to the world,
which then on most of my posts will hit something called Bridgy Fed. So Bridgy is a service run by
Ryan Barrett in the IndieWeb, who tries to bridge lots of different social networks.
And so Bridgy Fed is the Fediverse version of that. And so I don't have to manage or understand
any of the Fediverse stuff. I can just
send a web mention. And Ryan does all the hard work with the community building Bridgifed to
understand what my website looks like using things like microformats. And it will then translate that
to an activity pub piece of content. And that will then get sent out to all the people who
follow me elsewhere. So people directly from their Mastodon, Acoma, wherever,
they can follow my site natively,
get the same content as if you were just browsing it in the web,
which is pretty cool.
Now when you're writing, do you have some sort of alternate setup
where you don't have to rebuild?
Like are you just rebuilding the current blog post?
Because I know that I used to use Jekyll quite a bit
and it was a minute or two to build the whole site,
and yet while I was writing,
there was times where I would just rebuild the same file.
Other times I'd want to see how that affected
some sort of aggregation page or tags page
or this other stuff,
and it got to be very annoying at one to two minutes
just to work on it.
But at 10 minutes, and with Hugo, which is a much faster generator, your site must be very, at one to two minutes just to work on it but at 10 minutes and with hugo which
is a much faster generator and your site must be very very large does it ever get annoying while
you're writing to have all those machinations or is that just not happening oh so um i also started
with jackal and i got to a couple of minutes and was like this is really painful move to hugo
and over time it's got worse and worse so my solution for writing is don't try and preview the post so i just do not
run my site locally is a pretty horrible solution to it but i'm fairly used to what markdown
rendering looks like for my site so if i'm doing like significant changes like on the theming I will then run it locally what I will
do is I will delete most of the site's content or get Hugo to exclude building most of the site's
content which then means that it is a lot quicker a lot easier to run yeah it's definitely not a
good experience most of the time and over like the last 18 months I keep going to rebuild my website from scratch and make it a dynamic site.
But that's a massive thing to do.
And I don't really have time.
Or I can't make time when I have so many other things I want to be doing
and need to be doing that that then makes it really tough.
I don't know how you can write without previewing it.
I just have to see what it looks like.
Even though I kind of know what it's going to look like,
I still want to see what it looks like, like the final version. There's satisfaction in
that. Yeah. And I'm, I'm an editor. I, I don't do like a draft and then edit it. I literally edit
as I write, which is one of the reasons why I despise writing. Cause that's just a painful way
of doing it. But I have never been able to just to write and not be like, well, that's a bad
sentence. I just can't do that. People can do that. I don't know if you can.
They'll just write their thoughts.
They'll spit all their thoughts out and they'll be like, draft one,
and then they'll go back and edit it.
I've never been able to do that
because I can't leave the crappy stuff in there.
So I'm editing the whole way.
I'm also previewing almost each step of the way.
So even knowing what Markdown's going to look like
on the website, I'm still like, nah, I just want to see it.
Which is kind of funny
because you just talked about the ephemeral idea, which crappy writing,
unedited stream of thought is kind of like embracing ephemeral in a way.
Sort of, yeah.
So I would encourage you to revisit that idea, considering your new change of thought.
I should try it.
I should try to write an entire blog post without stopping, you know, and just see if
I can actually get that done.
I think so too.
I mean, because I had to, while you were talking there there the audience couldn't see it but i was like shaking my
head yes and i was like no no maybe not because there's definitely times i throw things down and
i appreciate it going back later and i'm like wow this reads terribly but i get the idea and it's
not published but it it gives me new position because it's old adam's thoughts that i've
forgotten that i go back and revisit
that lead me to new thoughts. But I was bold enough to at least write it down, even though
it sucked in the moment, you know, so I can appreciate about my past writing when I've
written. So I know a number of people who write draft posts on their websites. So it's a publicly
visible, but it has a little banner that says this is a draft post it
may contain errors i may not have fleshed out ideas and that's quite a nice way because you
are very much saying like i have written this thing i know it's not great but i'm happy hit
and publish that takes on gut it does And like one of the problems with writing
and writing publicly
where lots of people are going to read it
is that, oh, is someone going to complain
about this comment?
Or how many people am I going to get
well-actualied by?
So I kind of have like two modes of writing.
So my first mode is like blogmentation style,
which is I'm just getting
the thoughts out of my brain so I can forget about it and in the future I can come back to it and
learn about it again or I have posts that I definitely do want or I'm planning on other
people reading and some of those posts take like weeks of going back and re-editing and everything. And yeah, I'm fortunate that I don't mind too much
about hit and publish and people's thoughts on it.
But it still does take a while
for some of the big posts that I write,
especially when I know it could be particularly spicy.
People are going to have big thoughts.
Sure.
What's up, friends? This episode of Change Logging Friends is brought to you by our friends over at Vercel.
And I'm here with Lee Robinson, VP of
product. Lee, I know you know the tagline for Vercel, develop, preview, ship, which has been
perfect, but now there's more after the ship process. You have to worry about security,
observability, and other parts of just running an application production. What's the story there?
What's beyond shipping for Vercel? Yeah. You I'm building my side projects or when I'm building my personal site,
it often looks like develop, preview, ship. I try out some new features. I try out a new framework.
I'm just hacking around with something on the weekends. Everything looks good. Great. I ship
it. I'm done. But as we talk to more customers, as we've grown as a company, as we've added new
products, there's a lot more to the product portfolio of Vercel nowadays to help pass that experience. So when you're building larger,
more complex products, and when you're working with larger teams, you want to have more features,
more functionality. So tangibly, what that means is features like our Vercel firewall product to
help you be safe and to have that layer of security. Features like our logging and observability
tools so that you can understand and observe your application in production,
understand if there's errors,
understand if things are running smoothly,
and get alerted on those.
And also then really an expansion of our integration suite as well too
because you might already be using a tool like a data dog
or you might already be using a tool
at the end of this software development lifecycle
that you want to integrate with to continue to scale and secure and observe your application. And
we try to fit into those as well too. So we've kind of continued to bolster and improve the
last mile of delivery. That sounds amazing. So who's using the Vercel platform like that?
Can you share some names? Yeah, I'm thrilled that we have some amazing
customers like Under Armour, Nintendo, Washington Post, Zapier, who use Vercel's running cloud to
not only help scale their infrastructure, scale their business and their product,
but then also enable their team of many developers to be able to iterate on their
products really quickly and take their ideas and build the next great thing.
Very cool. With zero configuration for over 35 frameworks,
Vercel's front-end cloud makes it easy for any team to deploy their apps.
Today, you can get started with a 14-day free trial of Vercel Pro or get a customized enterprise demo from their team.
Visit vercel.com slash changelogpod to get started.
That's V-E-R-C-E-L dot com slash changelogpod.
Well, we know you're not afraid of being in the public
because another thing that you've done famously
is publish your salary, right, over the years,
which has gotten a lot of attention.
It's helped some people.
Tell us a bit of that story,
and then we'll talk about it. Yeah, so I've been posting my salary publicly since 2021.
And part of it was, I was leaving a job. And I had just gone through the job hunt. And I've been
talking to a number of people privately about salary and what the job market was looking like. And it was
a particularly good time, not the most recent ridiculous job market, but it was a pretty good
set of roles out there. And I was very happy with the salary increase I was getting at the time.
And I very impulsively was like, you know what, I post about this and i did not check whether legally i
could do which thankfully i was fine but yeah i was like you know i'm talking to enough people
about this i'm back to like number of keys left and everything i want to make sure that this isn't
an ephemeral thing and this is something that people can refer to and people don't need to
come up and ask me about it because like in the uk people aren't
happy talking about money i think it's a fairly global phenomenon where people are just not going
to talk about it and therefore companies get away with like massively underpaying people being very
unfair or even just people not realizing that they're actually doing pretty well for themselves
and yeah so I posted my salary I went back through my history I had fortunately only had a couple of
jobs so I had all of this stuff available I was still in the job I was at that had been for five
years so I had five years of finances that I could just download and upload and yeah
it's been very good because it has helped a lot of people like I've directly had people I do and
do not know message me to say thanks for posting it but also in the last few years I've had at
least about 45 to 50,000 hits on that page.
I say at least because a lot of people strip things like analytics,
which is good.
So it's probably a lot more than that.
Yeah.
That's cool.
I can definitely see how it would benefit people.
And I,
I see absolutely the benefit like inside the same org,
like people talking about their salaries inside the same org.
Cause then you realize like, wait a second, you know, you're making that much. They're paying me half that.
We're doing the same job. Oh my, you know, let me go talk to the boss. You know, like that's an
obvious win. I still think it's takes a lot to put yourself out there. And I know that I personally
have always been just like how much money I make is nobody's business, but my own and how much
money you make is not my business
either that's just been my default stance on life and so it's it's interesting to see you willing
to do that and has anybody followed your lead yeah so since I posted mine I know at least five or six
people who've posted it directly off the back of me posting mine so that's been quite nice because
it's been a mix of different people of ranges levels um there's some people who work on like
consulting so have a slightly different income stream to just salaried employees and then even
since posting it i've found people who had already been posting theirs so for instance z yasso she's
been posting hers for some time.
So that's been quite good because it gives a little bit of difference. Whereas like the people
I know are all UK based and around the same sort of area. So things like cost of living,
everything's fairly standard, but for a lot of other people, it's interesting. The other thing
I found particularly interesting is, for instance,
my previous job, Deliveroo. So I joined with a salary of £90,000. And this was during the period
where companies were going wild for engineers. They were willing to throw out a lot of money.
And about a year or so later, there was a round of promotions and people who were promoted to the same level as I was when I joined were getting 10% less on salary.
And it's things like that that if you didn't have this data very publicly or people were talking about, you miss out on some of that context.
A lot of companies do have salary bands and that makes it at least a little bit better.
But I've also seen job adverts, which are this salary range is anywhere between 60 grand and
250 grand. And that's like, that's not a helpful range. That's wildly different. Yeah.
What do you think, Adam? Would you, uh, would you post your, let's say you and I went back to being
W2 employees and just had a, you know, that publicly, would that feel like something you'd be willing to do?
Would you hesitate?
No way?
What are your thoughts?
I guess it depends on how frequently I move jobs because I know that that's one thing when you move a lot.
Or even I suppose a lot is not always an accurate way to describe it because a lot could be every six
months to a year or so and that could be used against you in some ways like on your new way in
like one of the questions that's a meme on tiktok which is okay so what was your previous salary
and the person responds i signed an nda you know like it's just like it's a funny shtick they do
it's a it's a comedic thing in a way okay so i feel like i'm of your camp jerry where i don't i feel like what i make is my own business
and what you make is your own business and i think the reason why is obviously societal i think it
begins with that when people know certain details about your person they can begin to assume they
begin to not so much cash judgment but they begin to
to sort of determine who you are and what you can do based upon what they think they know about you
and then the biggest thing it really is your finances because that's like one of the number
one resources that we all leverage to progress in life in some way shape or form and so that's
the resource for which many people
are judged by. Like, how much money do you make? Oh, well, that's why you drive that car. Oh,
that's why you have that home. Or, oh, that's why you value these things. Or, oh, that's why X, Y,
or Z. So I'm like, maybe no. But then I also see the benefit in it. Like, I think if it was,
I just don't know if I could be in that camp. Like, I see the benefit, but I don't know if I
can participate in the camp that says, okay, let me do this.
I want to contrast this, though, because you mentioned this in the preparatory stuff, and this is something I knew about Oxide.
Brian Cantrell and Steve Tuck, when they founded the company, they were like, okay, we want to sort of pay ourselves a good enough salary where we don't have to stress so much about money. It's not so much that we're making, we're, you know, our company may be valued at X and
on paper we're worth more because over time Oxfide begins to have a higher and higher
valuation, but their salary is $175 a year USD.
And when I met some folks recently at All Things Open, I was surprised to learn, this
is when I first learned, I learned
face-to-face that everyone in the company makes the same amount of money as the two founders.
And so they said, we want to pay everyone the same. And so I think in that context, Jared,
that might be interesting for us, you and I as changelogs to say, this is how much money we make.
Now it would really be amazing if we paid everyone else the same thing we pay ourselves,
but that's not exactly true.
So that might be embarrassing to be like, okay, there's that divide there, so to speak.
At the same time, we're also the ones taking all the risk and riding the wave of down years,
up years, et cetera. So I get that, but we're not building an oxide company. In that light,
if I were building an oxide and I had similar possibilities, ambitions that Brian and his team do,
then I would probably do that.
That sounds like a good thing for the morale
and a good thing to market.
Like we're talking about it in this moment
because it's cool, right?
So there's a marketability to it.
I think as well, so Buffer in the last few days,
they've also announced that they're doing similar.
The way Buffer does it is they have everyone's salary as public,
which I think I'm less a fan of.
So I really like the way that Oxide does it,
where everyone gets the same, and it's very, very stable
and nice and equal, or equitable.
Yeah, equal, not equitable.
But at Buffer, you have the risk that you can go and
look someone else's salary up and like i have absolutely made the choice that i am happy with
for the rest of my life because i'm not planning on on doing this and for the rest of my life
people will see what i'm paid but to be able to know that one of your friends works a buffer and
just look up their name and look up how much they're getting I'm not as much of a fan and I believe there is a knocked out for employees
but it's the sort of thing that you know I don't recommend everyone try and post their salary
publicly because very few people are going to do it it is a very privileged thing to be able to do
and to be happy doing but if people are at least talking about it privately with their
friends and family that is really the important thing because companies get away with underpaying
people and you know just like layoffs and things are generally because people aren't talking about
things people are feeling that they're being like pitted against each other when really it's the
workers who do the work to make the company what it is
and it's really important for people to get fair pay fair share and yeah i absolutely think more
people should be talking about it at deliveroo we didn't really talk about things like this
so aside from me joining and sharing my salary and a few people talking to me after the fact,
we didn't really talk about salaries until redundancies happened.
And at that point, people were much more happy to talk about things, much more happy to talk
about, here's what I got on my performance management reviews, and things like, it's
a shame that we had to go through such a horrible position to feel that we could actually share
those things that make everyone more equal and
make it easier for us to be better people so two questions one did anybody at deliveroo
especially upper management take offense or were they upset that you did that so legally we're
protected in the uk so fortunately there's nothing they could officially
do however it's one of those things that i am probably not quite tarnished but i'm sure there
will be companies who will look at me and be like no not that guy so like there were comments from
tina fey over the last couple of days about not saying what you think about films because you never know
when you're going to work with that director stuff like that i am sure that there are going to be
impacts of that where people know that i will be willing to share my salary because i am protected
to do so and it is in my opinion the right thing to do for me. But also I think, yeah, I speak out a lot.
So in team meetings and stuff,
I was happy voicing the opinions
that I would be happy lending my voice
to asking a question that I knew other people
would be wanting to know.
And I know that not just at Deliveroo,
but at Capital One where I was when I posted my salary,
I know that did make things difficult for me
because I had handed in my notice.
I had then posted that.
I had miscategorized something as a counteroffer when it wasn't.
And I know that definitely did ruffle some feathers.
And that was on me misunderstanding the wording of something.
But there's things like that.
And as I say, I'm sure there will be companies who look at me
and are like, I don't think we want someone like that.
And that's fine.
I'm happy if that's what they want to do.
Hopefully it doesn't mean that I can work literally nowhere
because then I will definitely regret it.
Well, that was going to be my second question,
was if there are any regrets whatsoever.
And it sounds like there's some trepidation about potentially becoming persona non grata utterly,
at which point you're like, well, that wasn't very smart.
But beyond that, I mean, you're going to continue it for the rest of your life.
So you can't regret it very much, if at all.
Yeah, so I still absolutely plan on carrying on with it.
I did recently add on-call pay as well.
There's a separate page on my site just because it's interesting because
different organizations have different things.
And I feel it's something that I may regret it in 30 years,
holding myself to it for the rest of my career.
Yeah.
He has the blowback.
I think being,
being too open, you know, there's not so much
anonymity, but a certain privacy level of life has its benefits, especially like you don't know
what the future is going to be. So if you're open now, I know you're, you've sort of pre-committed
to this conversation and now here on the call, you're like for life, I'm going to share my,
my salary. Like you've, you've laid that And, you know, in two years from now, something you do could make you super famous.
Maybe that's cool.
And maybe that's part of like your brand at that point.
You'll just embrace it.
And that's cool.
But maybe somebody, like I'm actually, Jared knows this.
He makes fun of me.
I say absolute things because I feel so strongly in the moment.
And I make like a long-term forever commitment in a way
With something i'll say and then later on i'm like well
My idea around that change. So now what I said in the past is no longer accurate. So I try to
Not be so absolute about things my wife and I have a funny thing between us. We always say
always and every time
Because early in our relationship it would say you always say always and every time, because early in our
relationship, we would say you always do this or every time, you know, just these absolute things
that are just totally not true. It's just our irrational in the moment selves saying things
that are not accurate and true about the other person. And then that's like now become our love
language in a way, because we make fun of old selves essentially by saying you always do this
every time. We always say it back to each other just jokingly.
But this absolute idea that you've done it forever,
I wonder how it'll play out for you long-term, I suppose.
Because you're pretty young, right?
How old are you?
Are you willing to share your age?
29.
Wouldn't that be funny if he's like,
I don't want to share my age.
So you've got a lot of years left in your life, right?
Keys left for you is pretty big.
Probably in the, I would say, probably 400 million keys is my guess for you.
Oh, that's a lot.
Well, I just did my own keys left, and I knew my age,
and I just did some division there.
So I assume that his is probably double-ish mine,
or at least one-third-ish mine.
You've got a lot of typing to do.
Yeah, it's a lot of typing.
But I guess on the um topic of like regretting
things so i since 2020 i've been posting week notes so every week on sunday evening i write
a blog post about what has happened in the week and i started it just like before covid and it
was interesting because certain things changed
looking back at that but it wasn't
until maybe about six months
a year ago when
I started hearing about like
some of my extended family reading
my week notes that I was like oh
that's a bit weird. It's kind of like your
diary in a way. But then I was like why
am I finding this weird? I have been posting
publicly on the internet things about my life so why do i care that my extended family have been reading it
let alone like someone several countries away who i've never met and that was like an interesting
inflection point of rethinking what sort of things i have been sharing publicly and so there's
definitely some things that,
so I also have like a private journal that I do post a bit more stuff into that.
And I keep my week notes a little bit lighter
on some things because, yeah,
like I have a fair few readers.
I don't know exactly how many,
but there's definitely people who have like messaged me
like, ah, I've also watched that film recently.
And I was like, no, we're weird.
But yeah, also, I'm posting it publicly.
Right.
Yeah.
It should not be unexpected,
because you are literally publishing it for people to read.
But yet, sometimes it still is unexpected,
especially when you know them.
It's actually a weird disconnect when it comes to strangers and when it comes to people that you know them it's actually it's a weird disconnect when it comes to strangers and when it comes to
people that you know like i get more self-conscious about something that i make especially if it's
like my work when somebody that i know or that i care about is going to consume it or judge it or
whatever but i ship stuff out to thousands of people every day to do the exact same thing.
And to me, them judging it is fine.
It's like, okay, like it or not, hopefully you like it.
But if my wife thinks something sucks, I was like, well, I didn't make it for you specifically.
But if you don't like it, that hurts.
And so it's just weird.
It's like we disconnect strangers from people that we know.
Can we go a personal layer deeper on this one for whose person jamie's for you jamie yes for you our guest
our friend not our friendly our friend so you mentioned you have adhd and you mentioned that
you have the inattentive type and you mentioned that you have memory challenges i think it's
mostly in short term not your your actual long-term memory.
And what I know, because I was the host of a show called Brain Science for a bit, and I've studied
neuroscience to some degree, not at all a clinical psychologist nor a doctor of any sort,
but just a layman who's curious, and that this is common for someone that has your diagnosis. It's called memory breadcrumbs.
And so I think you do it one as a – I'm assuming this.
I want to hear your response.
I think you do it one for therapeutic reasons.
It's helpful for you to have this habit to do this.
It's part of your ritual and routine in life that gives you peace to sort of put this out there.
Then as a technologistologist you value the exhaust the
output of that for future because you can again i can vaguely remember i wrote about this x y or z
and then pull it up and don't have to leverage your memory anymore you can sort of leverage your
handicap in a way and then also the personal journal is probably super therapeutic for you
there's certain things you probably learned over time you can't involve in these weekly notes.
But that this is essentially like your response, kind of like a coping mechanism or a fight or flight kind of response in a way to your diagnosis that this is actually memory breadcrumbs for you.
This is a way for you and how it's helpful for someone like you to put down what they learn and remember.
And I'm just curious how you feel about that.
Like, is that pretty accurate?
Have I pegged that?
Yeah, so I've never heard the term memory breadcrumbs.
So thank you for that.
I'm going to go and search around on that.
And yeah, it absolutely sounds like what I'm doing.
So on the technical side, it is, yeah, leaving those breadcrumbs for myself to try and remember what I was doing for the week
notes it was more just a I've seen some friends doing this I want to see what it's like but it
has definitely become this therapeutic thing where every Sunday night is week notes night and it
gives me a chance to reflect on the week it's like a lot of the time it's it's interesting looking back and i don't often read my
old ones which is also kind of ephemeral like i'll read them while i'm writing them and then i won't
look at them for years but something interesting is like looking back and seeing okay so the things
that i was most bothered about that week was like a technical problem that who cares in the big scheme of things or i'll do things like i'll note the different media i've watched in the week and
that's interesting because i can see every so often oh i've actually only watched three things
this week so i've either not really watched a lot of tv or i've binged something a lot and that's
also interesting to like look back on.
But yes, to go back to your original question, because AHD is sidetracking me.
Yes, you did diagnose that fairly well.
Do you think it gives you a position of gratitude better? Because I feel like the reason why journaling is helpful is not just in the therapeutic process of espousing your own thoughts and putting and putting them down on paper and or digital
paper whatever the medium really is but it also maybe helps you reflect like you said reflect on
what happened this week and it's it's you may not go back and read the other ones but you're probably
taking track each week mentally okay this week's different than last week or you see progress in
the moment as you write it down does it give you a chance to sort of have a
deeper gratitude for what's going on? Or does it give you contempt? Like what does it help you
feel better or less about? So I guess when I said journaling, it's not like proper journaling.
So it's more just like talking about things that have happened in the week.
And there's not always like a lot of reflection.
Sometimes it is just, these are the things that happened
and that were of note for me to have remembered
during the week to write down.
But yeah, sometimes like there are definitely trends
and there's things like,
oh, I've been very busy with work this week.
I've been trying to deal with a complex problem.
And therefore, my personal life is maybe a little bit more chaotic.
I think it was last week, I was at the State of Open Con conference in London.
And in the lead up to the conference, I spent a lot of time mentally blocked to write my slides for the talk that I was presenting there.
And so a lot of my free time was kind of like, oh, I should really be doing my slides for the talk that I was presenting there. And so a lot of my free time was kind of
like, Oh, I should really be doing my slides, but I don't really have the brainpower to do it. So
I'm just going to do nothing. And I'm not going to do like a load of other life admin. I'm not
going to do a load of other personal projects. I'm just going to not do anything. Cause if I
had the brainpower, I would do that. And yeah, so it does give some reflection on things like that as well.
Are you a big movie fan?
You watch a lot of movies?
Yes.
Are you a Christopher Nolan fan by any chance?
The director, Christopher Nolan?
Yeah.
There's a movie he had done called Memento.
Does this ring a bell to you?
I haven't seen it.
I've heard of it.
Okay.
Well, I won't ruin it for you.
But it definitely involves memory.
And it kind of involves time because it really, it goes about the plot of the movie differently than any other movie you've ever seen before.
It's very groundbreaking in the way it tells the story.
But loosely, this person has memory challenges.
And loosely, this person uses their own notes to guide them through their next steps.
And sometimes these notes aren't really accurate because they have memory challenges. And so they
remember them one way when they write them down for the future selves, these memory breadcrumbs,
so to speak. But then in the moment, because they have short-term memory loss, they...
You're saying too much, man. You're saying too much.
Well, I'm just giving you some stuff. It's really challenging.
I'm over here like, dude, this is one of the best movies of all time. Did I give it saying too much man you're saying too much well I'm just giving you some stuff like it's really challenging I'm over here like dude
this is one of the best
movies of all time
did I give it away
too much
I may not remember it
that's pretty
true
that's pretty
that's very vague
I think
that was pretty vague
you should just go watch it
it's different than ADHD
for sure
but it's still the idea
of memory breadcrumbs
and like leveraging
the things you write down
to remember the things
in the future
we're gonna have to
blow the spoiler horn
before that whole section
though remember that you think so gosh whatever just in case didn't try to write down to remember the things in the future. We're going to have to blow the spoiler horn before that whole section, though. Remember that.
You think so? Gosh. Whatever.
Just in case. Didn't try to.
I know, you were trying not to, but you just kept going.
I'm like, uh-oh, he's starting to get more and more
out of the car. Pull him back!
Reel it in. Reel it in. It's a good
movie. I would definitely recommend watching
it, and I think given this conversation,
you will appreciate the movie even more.
And we'll know about it when we read your week
notes that's right
like Adam was wrong this movie is terrible
I hope he doesn't read this that's right
that's right What's up, friends?
This episode is brought to you by our friends at Cinedia.
Cinedia is helping teams take NAS to the next level via a global, multi-cloud, multi-geoo and extensible service fully managed by sinedia
they take care of all the infrastructure management monitoring and maintenance for you so you can
focus on building exceptional distributed applications and i'm here with vp of product
and engineering byron ruth so byron in the nats versus kafka conversation i hear a couple different
things one i hear out there i hate kafka with a passion that's quoted by the way on hacker news In the Nats versus Kafka conversation, I hear a couple of different things.
One I hear out there, I hate Kafka with a passion.
That's quoted, by the way, on Hacker News.
I hear Kafka is dead, long live Kafka.
And then I hear Kafka is the default, but I hate it.
So what's the deal with Nats versus Kafka?
Yeah, so Kafka is an interesting one.
I've personally followed Kafka for quite some time ever since the LinkedIn days. And I think what they've done in terms of transitioning the
landscape to event streaming has been wonderful. I think they definitely were the sort of first
market for persistent data streaming. However, over time, as people have adopted it, they were
the first to market, they provided a solution,
but you don't know what you don't know in terms of you need this solution, you need this capability, but inevitably there's also all this operational pain and overhead that people have come to
associate with Kafka deployments. Based on our experience and what users and customers have come
to us with, they would say, we are spending a ton of money on
spend on a team to maintain our Kafka clusters or manage services or something like that.
The paradigm of how they model topics and how you partition topics and how you scale them
is not really in line with what they fundamentally want to do. And that's where NATS can provide, as we refer to it, subject-based addressing,
which has a much more granular way of addressing messages, sending messages,
subscribing to messages and things like that, which is very different from what Kafka does.
And the second that we introduced persistence with our Jetstream subsystem, as we refer to it, a handful of years
ago, we literally had a flood of people saying, can I replace my Kafka deployments with this
NATS Jetstream alternative? And we've been getting constant inbounds, constant customers asking,
hey, can you enlighten us with what NATS can do? And oh, by the way, here's all these other
dependencies like Redis and other things and some of our services-based things that we could potentially
migrate and evolve over time by adopting NATS as a technology, as a core technology to people's
systems and platforms. So this has been largely organic. We never from day one, you know, with
our persistence layer Jetstream, the intention was never to say, we're going to go after Kafka. But because of how we layered the persistence on top of this
really nice pub sub Coronet's foundation, and then we promoted it and we say, hey, now we have the
same, you know, same semantics, same paradigm with these new primitives that introduce persistence
in terms of streams and consumers, the floodgate just opened and everyone was frankly coming to us
and wanting to simplify their architecture,
reduce costs, operational costs,
get all of these other advantages
that Nats has to offer
that Kafka does not whatsoever
or any of the other similar offerings out there.
And you get all these other advantages
that Nats has to offer.
So there's someone out there
listening to this right now.
They're the Kafka cluster admin,
the person in charge of this cluster going down or not.
They manage the team, they feel the pain,
all the things.
Give a prescription.
What should they do?
What we always recommend is that you can go
to the NATS website, download the server,
look at the client and model a stream.
There's some guides on doing that.
We also have Sanadia
provided basically a packet of resources to inform people because we get, again, so many inbound
requests about how do you compare Nats and Kafka? And we're like, let's actually just put a thing
together that can inform people how to compare and contrast them. So we have a link on the website
that we can share and you can basically go get those set
of resources. This includes a very lengthy white paper from an outside consultant that did
performance benchmarks and stuff like that and discuss basically the different trade-offs that
are made. And they also do a total cost of ownership assessment between people who are
organizations running Kafka versus running NATS for comparable workloads.
Well, there you go.
You have a prescription.
Check for a link in the show notes to those resources.
Yesterday's tech is not cutting it.
NATS powered by the global multi-cloud, multi-geo and extensible service that is fully managed by Synedia.
It's the way of the future.
Learn more at synedia.com slash changelog.
That's S-Y-N-A-D-I-A dot com
slash changelog.
Well, we would be remiss
to let you go
and not talk about DMD
because this is a tech podcast
after all.
Is this a tech podcast?
I don't know.
I mean,
in the category
in our RSS feed it says
tech or something. I can't remember what it actually
put. Ostensibly
it is.
DMD, dependencies, one of my
favorite things. Managing
dependencies, not one of my favorite things.
Dependency management data,
a set of tooling for
knowing all about your dependencies, right?
Like querying, researching.
Tell us more.
Tell us more.
Yeah, so dependency management data, DMD for short,
and very poorly named.
It's not the best name, I have to admit.
I now have like a t-shirt with it on.
So I'm kind of like bought into that now, yeah.
Right.
But I like it because it's kind of a reflection
of my inability to name things well
and think of catchy stuff.
But yeah, so dependency management data
is a project I was building while I was at Deliveroo.
And it was coming up to Hacktoberfest.
And I was a big proponent, and still am,
a big proponent of open source, of giving back.
And aside from issues that maintainers
have during hector first i'm still very pro let's get some more deliverer engineers contributing
because everyone should be trying to at least contribute to that and one of the questions
i was asked a number of times was well which project shall i contribute to because it's hard to know where to
start with open source and i was like instead of sending like go for a good first issues list i was
like you know let's look at the dependencies that deliveroo has and let's say of all of these these
are the ones we use the most so maybe have a look at these ones and deliveroo is like a very good
data-driven organization so i was like okay i going to get some data to actually show that. So I ended
up building some very horrible hacky scripts, which would take output from GitHub's Dependabot
graph, and it would then parse those and spit it out into an SQLite database. Over the next few months,
I realized that actually this is quite a useful thing. Being able to have a database of all your
dependencies and being able to query them, being able to add additional insight is actually really
powerful. So I started playing around with endoflife.date, which is an API for looking up common end of life or deprecation
dates. So for instance, how long is Node.js supported? When is, I don't think they have any
like physical hardware. There's lots of like programming languages. They are very open to
supporting new things. And so I was starting to add this data and realized that this actually
shouldn't be a thing that just sits
within Deliveroo. It's something that I can absolutely see other people getting benefit from.
And I was spending a lot of evenings and weekends on the idea anyway. So I started an open source
project for this called DMD and it has just passed its anniversary of its first birthday. So I've been spending just over a year,
I think one in three days of the last year,
I have been committing to the project.
So I've spent a lot of time working on it.
And as well as being able to just have a list of those dependencies,
being able to say things like,
where are we using Terraform in the organization?
Or which Go HTTP servers are we using?
And how many are different teams using?
You can also do things like looking up OpenSSF scorecard data to say things like,
of the dependencies, my most critical application in our business relies on,
how many of those
do zero code review and how many of them just yeeting things into prod and it turns out it's
quite a lot more than you would think so having a lot of that data is really useful and both my time
at Deliveroo and now at Elastic we've been spending a lot of time using that data to make some really
interesting decisions and interesting
understandings of our data.
You can find
some very interesting
things. And I've said interesting about a dozen
times there.
It's very interesting.
Yeeting things into prod.
I like that. Well, on the name,
so DMD.
DMD is cooler than what it stands for,
you know, dependency management data.
If somehow you could fit a recursive acronym in there,
then that would be really cool,
you know, if you could still maintain the DMD.
But free piece of marketing advice,
there is a excellent ACDC song called TNT.
Cause I'm TNT.
I'm dynamite.
TNT.
And I win the fight.
TNT.
I'm a power load.
TNT.
Watch me explode.
Which you could repurpose because they have this big, cause D-M-D-T-N-T.
You could attach yourself to that.
Don't change the name.
Just give it a little bit of excitement, a little bit of explosion,
a little bit of hard rock to round out the soft edges.
What do you think, Adam?
I think it's dynamite.
You know this song?
Yeah.
Thank you. Sorry about that. I had to bring it in. I loved it. I loved it's Dynamite. You know this song? Yeah. Thank you.
Sorry about that.
I had to bring it in.
I loved it.
I loved it.
Does it matter what stack you're using or anything?
Is it agnostic?
Yeah, so that's a really good question.
So first of all, the changelogs data is all in there.
Oh, no.
So you can actually go and have a look.
Oh, can I?
Yeah.
Okay, I like that.
So would you like to see which of your dependencies
are end-of-life deprecated,
have security issues?
Absolutely. Please, yes. It'd be very interesting.
We're shifting left here, don't you know?
Put the brakes on hard. I don't know why I'm shifting.
I'm going to brake hard left.
So, for instance, in this list, like you can see,
you've got a couple of non-standard licenses,
which just means that deps.dev, the API,
or one of the APIs that dependency management data users
couldn't understand the licensing.
We've got a few packages that have vulnerabilities.
And then you're also using Go 120,
which has been end of life for seven days.
Like, how are you not already on the
latest version? What's wrong with us? But yeah, so one of the good choices I made around dependency
management data was trying to do as little work as possible. So instead of me trying to understand
the different ecosystems and all the data that they use and how the different package managers work, I'm outsourcing that to someone else. So the original version used Dependabot,
but the data that I was getting from that didn't include a lot of things that we used at Deliveroo.
And we're just starting to roll out RenovateBot for dependency upgrades. And as part of that,
I noticed that Renovate had, A, just like a load of support for a load of
different things but it also spat out a big blob of json which contained all the packages it knows
of so what i've done is i've added a very small wrapper on top of renovate to basically dump out
that dependency tree so for instance you can so another link I've just dropped in the Google Doc. So yeah, one of the
reasons for using Renovate meant that I could support dozens and dozens of different things
out the box for very little work. So for instance, because Renovate understands Mix, the Alexa
dependency management tool, I actually have all the details of all the versions of tools that ChangeLog is
currently using. And from that data, you can then look up things like which version of the
OAuth libraries are we using? Do any of our dependencies have some pretty poor repository
health? Things like that. So out of the box, it supports a lot of things depending on which tools
you use to extract it. But then you can also plug it in with things like software bill of materials, S-bombs.
So if you're using a platform like Snyk, you can export the data from Snyk.
You can still leave Snyk managing that, and you can just import that data into DMD.
So you still get the visibility.
You just don't have to do the data collection part.
Super cool.
Using Simon Wilson's data set
underneath the hood huh i've seen that on the home page it is very useful and yeah user interfaces
user experience just like design in general is not my passion which a lot of people have seen
over the years so having the data set project as the database browse it was amazing because
didn't have to do anything. It's really
useful. And as you've seen, you
can share URLs with people and it
pre-fills the query. So this is like
really useful internally where you want to
send it to someone. You want to say, hey,
your service uses a load of insecure
dependencies. You can just send someone
a link and they can get that
instead of sending them like 300 lines
of SQL. And it it's like go to
this url then paste it in yeah yeah super cool man have you gotten much pickup have you gotten
people using it so i've definitely got three companies who are using it right now two of which
i've worked at so it's not as fun yeah it's grassroots marketing you know just one one job
at a time yeah there's definitely at least
one company who i have not been there to set it all up so that's been cool and i have talked with
a number of other people i've been doing some conference talks here and there so i know there
are people trying it out who maybe haven't told me they're using it yeah trying to just get more
people using that and understanding some interesting things. Because
in my opinion, this is better
than any of the other offerings
that other platforms have. But also, this
is coming from a very specific view, and
I don't have a lot of VC funding, so
I can't do as much as they can.
Do you have any VC funding? I do not.
Just to be clear.
Not a lot. He means none.
Well, now you have a grassroots marketing idea
that's free by the way I'm not going to charge you for that
the TNT
ACDC tie in is really going to I think take this
over the top
that's brute force actually
not grassroots
there's opportunity here right
I think so
could you turn this into a
product so it's
absolutely something i'm thinking of um for instance i was listening to um changelog 577
with nadia oh yeah and a lot of things i was like oh this is an interesting idea and oh
and so like recently i have been listening to a number of podcasts around building open source businesses.
So there's the business of open source with Emily O'Meara,
which is really interesting,
around different companies who've tried to do it.
And it's something I'm actively thinking about.
I haven't yet done anything on it,
aside from a bit of hacking around with things.
Because some of it, I think,
organizations probably want to be in control.
So saying, hey, attach this GitHub app
for this thing that some random developer
you've never met,
and just give them access to your source code
for everything.
A lot of organizations probably aren't
going to be up for that.
So I'm trying to look at making it easy
for self-hosting.
Yeah. For organizations to bring it in in and it kind of just to work.
And yeah, so there's a few options there that I'm looking at around how to make that easier.
Yeah. Well, to be clear, at one point, Sourcegraph was just
some random developers. And at one point, socket.dev was just some random
well-known developer, Frost and Bookadj.
And they both have GitHub apps that is part of the install process.
I know that that was one thing I talked to Quinn Slack about on Founders Talk was, how did you get these enterprises to trust you with their data?
He's like, that was the hard part.
That was like the biggest hurdle.
But, you know, once they did, it wasn't that challenging to prove the value. So I think if you can prove that value and prove the trust, then I think it gets a little easier. That's the true hurdle, the dip really for that one. Or a different way around it, really, you know. Well, good luck to you on that. I mean, I want to hear more for sure, but good luck to you on that.
It's a fun battle.
It's a worthwhile battle.
It is one of those things that
the sorts of use cases that's
unlocked have been
honestly game-changing for at least me.
At Deliveroo, one of our
platform teams kind of pivoted
what they were doing because they could
suddenly do so much more
with this data but they were able to understand say which terraform modules are teams using and
at what versions and they were able to easily see but they were able to run a fairly straightforward
sql query because not everyone's going to find sql straightforward but they were able to write
that query with the data set ui and just see across
the board which teams are doing different things yeah and then i'd also ingested things like
ownership information so it would actually say like oh and it's this team that owns that and
teams could break it down by different things i've over like the last month or so i've written
a number of case studies on the website around different use cases that it has been used for.
And it's things like we're in the middle of an incident at Deliveroo.
There wasn't any problems, but it was a proactive incident raised.
And we noticed that one of our docked sidecars for Kafka consumption was susceptible to a race condition.
And one option would be to try and just like grep through lots of different code bases and find what
was affected. Or it was like a seven line SQL statement that we could just do because we had
all the data there. And it's things like that, that until you have that data, you probably can't
see some of that benefit. But once you have it and you can start interrogating those sorts of things,
and as you say, like with source graphics,
being able to actually think up those sorts of questions
when you didn't have anything there before is difficult.
But then you get access to it and you're like,
oh, actually, yeah, I can now do a load of things that were never available.
That's why I think those examples you have
and just like the sample questions are a useful thing
because you help the person dream, realizing.
Because otherwise it's like, I'm kind of like,
yeah, I got data on lots of stuff.
It's like, I kind of know my dependencies
and there's tools built into Hex, for instance,
that will say what's outdated you know
it's like yeah it's probably good enough but it's like yeah but can you ask this question and you
answer this can you know this about your and i'll start to think oh okay you open you broaden the
imagination of the potential user and so i think the more of that you can do as well as the TNT tie-in, which is going to be just groundbreaking.
Jared, give it up, man.
It's becoming not Dynalink.
I don't know. That might have been my best.
Keep going, man. I'm just razzing you.
I think there's like a
version of
a subset of what Sourcegraph offers.
It's answering questions about your
code base. Yeah.
Right?
And you've got to have certain queryable knowledge
which isn't always
on everybody's purview.
And there's a version of this
that's like in the camp of Socket
which is kind of why I mentioned both of them
because they both require to have
the user's trust of their data
and their code base
which is obviously part of the battle.
But I think you're a version you're like a love child in a way, but like a smaller
love child.
And I don't even know the full tool, but it's a version of maybe a hate child.
Who knows, Jared?
I don't know, man.
I'm going with love.
Okay.
It's a version of what both of those tools do, but not to their full circumference because
Sourcegraph has obviously done some really cool stuff with insights and their dashboard
they do with that, which I think is pretty cool too, which is kind of what you've done here in a way.
But this is more of a hacker's version of it, which is command line and whatnot.
But I think there's something here.
I would encourage you to pursue what a good next step might be to productize this.
Maybe there's people who are like, you know what, Sourcegraph is just way too big.
I need something that's simpler.
And maybe there's people who are like, you know what, I don't need the security aspects of Socket, but I like some of the things
it does. Because Socket is all about dependencies, but
from a security lens. And even from a
is this repository active? And answering certain questions about the repository,
the dependency. Has the committers
or core team members changed recently?
Things like that. That's
sort of what Socket does in deeper
levels and more alerts and awareness.
But that installs as a GitHub app.
That's like one of the most popular ways. I know that because they're a
sponsor. They're not sponsoring this one here, but they've
sponsored us before. And we know for us,
that's how, like, one of the main ways people interface
with Socket is via the GitHub app.
Yeah, I guess I'm also trying to avoid
going after,
like, I don't want to try and compete with people
like Mend and Sneak and
the big companies doing
that sort of thing. Why not? Because
I think for some of it, it's
I believe they're still going to get
like business. That's always
true in competition.
But I guess, so I don't see it as able to compete
for some of the things,
and I don't want it to try and compete for some of the things.
So on the security aspect,
I think that's a fairly saturated market,
and there are lots of people who have a massive share,
but there aren't many people doing things like,
give me a list of dependencies
that haven't had code review recently.
In the last 90 days,
how many of those dependencies have yeeted stuff into prod
without any code review?
And there's things like that
that I can add some interesting views on that data
while also giving the ability to add your own
stuff into it while also being able to play nicely with things like s-bombs produced by other tools
and so you can use existing platforms yeah yeah keep doing it man don't stop even if you have to
overlap a little bit I think there are certain things that obviously like sneak is just a
goliath in the industry but at the same time and I'm not trying to poo talk by bit. I think there's certain things that obviously like sneak is just a Goliath in the industry, but at the same time, and I'm not trying to poo talk by any means,
I think what I've heard negatively about sneak is not that they're bad, but that they report on
CVEs. It's like known vulnerabilities. It's not a predictive, it's reactive.
So I think if you can get, you're kind of like teetering in the predictive realm because you're able to give insights that not, they're not
easily foreseen otherwise. Like, has there been PRs
in the last 90 days on X number of my dependencies? That may not say
that you have eight bad dependencies. It may just say, these may be ones
that you should question or look into personally or use other tools that give you more
insights beyond this.
Because it's like, it's a smell.
You're identifying code smell or dependency smell of sorts.
There's definitely something there.
Keep going.
I am definitely planning on.
I'm not putting it down anytime soon.
It's been, yeah, massive passion project.
I'm hoping to, yeah, go a lot further with it.
Yeah, I think maybe Jared might be onto something though with this tnt stuff you know yes because because you can like bring in uh more
iconography and stuff like that around you know like if you have bad dependencies that's a blow
up moment right that's a dynamite situation right it's a bad thing for your code base to have sad dependencies. So maybe, maybe you could pivot
to TNT versus
DMD. I don't know.
I'll have a look at the licensing fees
for using
TNT as a song.
Well, there's always BMC and renditions, you know that, right?
Great artist steel, Jamie. Great artist steel.
That's right. You can always do a rendition
of the song. It could be like
the song, not the actual song. It's an homage, you know? Itition of the song it's it could be like the song not the
actual it's an homage you know it's fair use it's an homage and uh ask for forgiveness not
permission i mean that's that's the indie web way isn't it i didn't just made that up
this message not vouched for by the indie web yeah well i'm glad we're friends now
versus friendlies this is so much cooler than the friendly aspect. Yeah. It's been cool because yeah, I've been listening to you both for years.
Although one thing that is interesting is listening to you at like one time speed.
So I usually listen on 1.7 times. So I have actually listened to a couple of podcasts at
one time to prepare. So we wouldn't disappoint you, you know, how slow we are in real life.
Oh, man. Wow.
There's so many people who listen to podcasts
at Beyond1X. I just,
I have honestly tried several times
to just taste
the sauce and see if I like it, which
I do not. Taste the sauce?
Because... You're talking about the
speed-up sauce? Yeah!
I just, I'm like, what am I, am I missing something? Is something wrong? yeah like I just I'm like what am I
am I missing something is something wrong
and maybe I was telling Nick this actually because we were
we were hanging out when he was here
for that conference
recently Nick Nisi by the way
and I was like maybe
maybe your brain operates
at a different frequency like a
higher frequency than mine does and so it
allows you to listen at a
higher speed because you comprehend slightly faster than I do. Not that we comprehend differently,
but that the frequency for which we comprehend is different because I'm a, I'm an artist myself,
and I like the pure nature of the art. So I can't change the way, like I'm not watching movies at
1.5, right? Like I'm just not going to do it. It just, it ruins the whole thing. So I can't change the way, like I'm not watching movies at 1.5, right? Like I'm just
not going to do it. It just, it ruins the whole thing. So I just can't do that with anything else,
whether it's a book or a podcast or anything, I'm going to listen to it at the director's
intended speed. And as close as I can get to what the director intended, cinematically,
even if it's a film, you know, like if someone says you've got to watch Oppenheimer in the theater for the
first time, and then you can watch it anywhere else you want to afterwards, I'm going to
do my best to get to an IMAX theater with the rock and sound system, or I'm just not
going to do it at all.
I'm a teetotaler in that respect.
So that's my mode.
So maybe that's, you just listen and comprehend at a higher frequency than I do. I've had both experiences because I listen to our stuff fast at sped up 1.75 to 2x
just because I'm listening to clip.
I'm not listening to enjoy the conversation necessarily.
And what's funny about that is that I clip out of Overcast.
And so I'm listening at 1.75x, but when I hit the clip button,
it opens up a brand new little clip widget thing
which does not have the speed
applied to it
and so I actually get the fast and the slow version
multiple times throughout a single episode
and that's when we sound really
dumb Adam because we'll be like talking
I'm like this is good and then I hit the button
and it's like yes
I know what I'm talking about I'm like oh man I'm really slow Oppenheimer that's a very
strange experience I would not I would not advise it yeah back-to-back speed is probably in wow
that's gonna be jarring it is jarring Jamie, sorry to disappoint you with our regular speeds of our brains.
It's how we operate.
Hopefully we didn't lose your attention too many times throughout this conversation.
We do appreciate you hanging out with us.
Yeah.
And the work that you're doing, your radical transparency with your salary,
definitely interesting and helpful for many people.
Very cool.
Your commitment to syndicating
and your website,
your commitment to your website that you have
is laudable.
And this is a cool project.
DMD, check it out.
Sounds like TNT.
So you know it's cool.
And what else?
Anything else before we say goodbye to our friends?
No, yeah.
Thanks very much for having me.
It's been really fun.
Been nice to speak.
Shout out to the multiple people
who have requested to have Jamie on the show
throughout the years.
Most recently, it was Dan Moore.
That's right, Dan Moore.
Who was a recent guest.
And you pointed us to Dan, didn't you?
I did.
Okay, did you guys cut a deal?
Did you cut a deal?
No, he messaged me after.
Yeah, he messaged me after being like,
I'll request you, you request me. He's not the me after being like i'll request you you request me he's
not the first one though somebody else uh used the request form and submitted you a little while
back and so it was percolating the timing was percolating i had multiple requests plus obviously
known your work for many years i thought yeah it's time it's time to get him on the show i think the
issue with that one request though was they were recommending the TNT project he was working on.
And it was incorrect, and we couldn't find it.
Right.
It was actually DMD.
Exactly.
So we couldn't find you.
You need to redirect on that sucker.
That's right.
TNT.dev.
Check it out.
Ooh, that'd be cool.
Can you get that?
Can you get that?
We're over here renaming this project.
He's like, I don't even like it. He's like, I got a T-shirt already, guys. I'm just being polite. I'm not renaming it project he's like I don't even like
he's like I got a t-shirt already guys
I'm not renaming it I got a t-shirt
I'm checking it for you real quick let's close this
loop at least and then we'll let everybody go
check domain tnt.dev is
already taken how about a different one
that was the only
chance we had that was it
now we can't do it
alright goodbye friends bye friends That was the only chance we had. That was it. That was it. Now we can't do it. All right.
Goodbye, friends.
Bye, friends.
Bye, friends.
It just so happens that Jamie is a Changelog++ member,
so he was super forward to stick around for a bonus 15 minutes
and chat with us about Vim, Zed,
his reluctance to use AI code tools, and more.
If you're not a Plus Plus subscriber,
now is a great time to directly support our work
with your hard-earned cash,
or even better,
your employer-sponsored education budget.
As a thanks, we make the ads disappear,
send you some free changelog stickers,
hook you up with bonus content like this and more.
It's better, but don't take our word for it.
Here's Jamie's.
It is better.
It's been better for years.
Join Jamie and hundreds of your fellow listeners who have already got in on the better
at changelog.com slash plus plus.
Make your dreams come true.
Just do it!
Thanks again to our friends at Fly2IO
and to Sentry.
Use code CHANGELOG when you sign up
to save $100 on their team plan.
And of course, to our mysterious friend,
Breakmaster Cylinder.
That's all for now, but let's talk again real soon.