The great escape room

Welcome to changelog and friends a weekly talk show about beverly hills 90210 Thanks, as always to our partners at fly.io Over 3 million apps have launched on fly and so can you in five minutes learn how at fly.io

Okay, let's talk

Okay, friends. Here are the top 10 launches from super bases launch week number 12 read all the details about this launch at superbase.com Slash launch week. Okay, here we go number 10 snap lit is now open source the company snap lit is Shutting down, but there are source code is open They're releasing three tools under the MIT license for copying data seeding databases and taking database snapshots Number nine, you can use PG replicate to copy data full table copies and CDC from Postgres to any other data system Today it supports BigQuery duck DB and mother duck with more sinks to be added in the future number 8 back to PG a new CLI utility for migrating data for vector databases to sub base or any Postgres instance with PG vector you can use it today with pine cone and Q drink more will be added in the future number 7 the official sub base extension for vs code and get up copilot is here and it's here to make your Development with soup base and vs code even more delightful Number six official Python support is here as soup base has grown the AI and mo community have just blown up So base and many of these folks are pythonistas. So python support expands number five They released log drains so you can export logs generated by your soup base products to external destinations like data dog or custom endpoints number four Authorization for real-time broadcast and presence is now public beta You can now convert a real-time channel into an authorized channel using RLS policies in two steps Number three bring your own off zero cognito or firebase This is actually a few different announcements support for third-party off providers phone based multi-factor authentication that's SMS and whatsapp and new auth hooks for SMS and email Number two build postgres wrappers with wasm. They released support for wasm webassembly Foreign data wrapper with this feature. Anyone can create an fdw and share with the soup base community You can build postgres interfaces to anything on the internet And number one postgres dot new Yes postgres dot new is an in browser postgres with an AI interface With postgres dot new you can instantly spin up an unlimited number of postgres databases that run directly in your browser And soon deploy them to s3 Okay, one more thing There is now an entire book written about super base David Lorenz spent a year working on this book and it's awesome Level up your super base skills and support David and purchase the book links are in the show notes That's it super base launch week number 12 was massive so much to cover I hope you enjoyed it go to super base comm slash launch week. That's sup, ba se comm Slash launch week we can listen Well, it's good to catch up with Suze again, absolutely, you know, it's been Years That's no fun couple years to be years It's fun to catch up. Of course, though, right? That's that's the that's the fun part. Yeah, that's what kind of makes it. All right again Yeah, I am noticing some familiar background items for you. I think a while back on Twitter. You got some maybe in the last year, I don't know some requests or Questions about your pegboard back there and your desk set up and what you're doing on it I don't know. It seems familiar to me that I am I catching that wrong. You're not on Twitter anymore, though Right or X whatever you call the platform these days. Yeah, I'm not really on there anymore

I did do I did chat with Quincy from Freeko camp and I promised him I would actually send him like a picture for his Instagram or whatever of the background and then I bloody forgot so I Just remind you I'll have to get around to it. So yeah, no you were correct

How far back was that this is every call like it didn't seem Maybe a year or two ago I don't know. It seems familiar to me and in terms of like in my memory But it doesn't seem like it was yesterday

I might have actually so the Quincy with Quincy and I chatted a couple of months ago But maybe I shared a photo of kind of the initial setup on Twitter and it was probably one of the last Tweets I did so yeah, that's probably it. Yeah

So how long ago do you think that might have been a year year and a half two years something like that?

Yeah, yeah, it was one of the first things I set up when I got into this space so that would add up It's very important to me

It's very important I do recall questions being asked popular in terms of what you've done and I think it was like you made it yourself

I don't know. What's the situation the background? Yeah the pegboard. Oh, yeah, I didn't make the pegboard myself. That's just from Ikea It's there like scaddis range. Oh, that's right Okay, a dis I took inspiration from just some other pictures that I'd seen online Including someone I know called Thea her setup was really cool She had the shelves with the pegboard underneath and I just thought that was such a cool look so I decided to sort of do my own take on it and then Sort of put it into a corner to make kind of look like you're surrounded by your lab And so that was the look that I was after and so it I mean don't get me wrong Even though I didn't make the pegboard myself It took a really long time and a lot of swearing to get everything up and like stable and like, you know Not actually pulling the walls out while I went along. So yeah, it was great. It was a great experience and it's actually a really Versatile space I've already rearranged it so many times. So I think actually when I saw this from you

I was like, what is that now? I'm remembering you did not make it So thank you for closing the loop on that and that it was IKEA and that on Etsy It's very hackable. Like a lot of people are making 3d printed things for it Have you begun to like explore the vast world of scattis? Yes. Yeah. Yeah

I have like a I have like a thingy verse like collection where I've just got them all saved and I definitely want to design my own there's a few things that I want to put on the wall that just They're obviously like a specific product that I have right that's someone might not have also Owned and wanted to put on a scattis pegboard. So yeah, it's a work in progress as usual but it's kind of that thing where like it sort of feels like tweaking your You know your IDE set up your code editor It's like there's only a certain amount of stuff You should really be doing for it before you just move on and actually use the space to make something, you know And so I see it like that too not to obsess too much about it

Now do you 3d print yourself or do you save these for later date when you get the printer? What's your what's your?

Experience with 3d printing. Yeah, so that's a 3d printer right behind me the one with all the stuff stuck on it It's also like my post-it note board Because it's just a big sheet of Perspex it's got an enclosure on it because it's also a laser cutter and a CNC machine in one so it kind of needs that Enclosure around it. I mean I've been in the 3d printing scene since I think 2009 2010 Forever basically. Yeah kind of when I got started as like a consumer at home sort of thing and You know I released my own jewelry line 3d printed jewelry line and all of that and then since then it's become much more sort of utilitarian for me Like I use the 3d printer to solve my problems or to print like enclosures for my electronics projects and stuff like that That's sort of why I also got it because they're being able to custom make parts It's just very satisfying especially if you're interested in certain hobbies that require it. What kind of problems are you solving? What kind of problems do you have? Well right now I'm working on a silly project as usual and so I want to be able to mount that project to the wall actually and Have sort of you know a little screen on it and some buttons and things like that And so I can kind of 3d print this sort of plastic interface to hold the rest of the project and to mount it onto the wall So that would be an example but then I also do boring stuff like I have a set of drawers on my desk and they sort of had little like holes drilled in the drawers and you just put your finger in and pull it out and it just got really annoying because If you've got stuff in the drawer, like your finger hits it and things like that So I just ended up printing Some drawer knobs that work really well for that set of drawers And so you wouldn't even know that it was 3d printed I color matched it exactly and things like that But there's a lot of invisible things around here that it's just really satisfying as well outside

Yeah, the more exciting stuff always with the funny weird offbeat Projects going on so for our listeners sake who may not know that we've known you sues for many years now I think we met at

OSCON perhaps. We did. Yeah, serve the selfie that we all took together. Oh nice. Yeah, it was really exciting

That had to be like 2017 2018 something like that 2018. Yeah, July. Yeah. There you go Was it in Austin? No, it was in Portland, Portland. Okay. Yeah, and we had you on the show

Was I on the show like in the expo with you guys? You did a quick recording there because I think we'd done a show before but then that was the first time we'd met in person

Yeah, that sounds about right like we did we had you on the show just like cold email style and then met in Person there and then did another show maybe just like part of a we call my anthologies where we just put together a bunch of interviews from a show Mmm, and I do recall that and then after that I was like we got to get we had a hound sees more often So I invited you as a jazz party panelist, right? You did something like 40 or so episodes on jazz party for a couple of years Yeah, and we were so we got to know each other and we were friends through a couple of transitions in your life And then I mean it was Microsoft and then it was stripe It was New York and then Seattle or whatever the other way around you can you can remind me. No, you got it, right?

Okay, I do

Yeah, that's right. I guess Microsoft would be Seattle. So yeah, New York Seattle I remember stripe and then Visa issues. I'm not sure how much you want to go into any of that, but you're obviously from Australia Anyways, we didn't talk for a couple of years, dude Yeah, and then I emailed you like let's catch up and then I realized you haven't talked like publicly online very much in the last couple of years like not Twitter your twitch stream, which was One of the things that made you most well-known Doesn't look like you stream for a while unless you have a new twitch account and now you're back in Australia So as much as you're willing like tell us the story what? What's the last couple of years been like for you?

It's interesting you say that because like it's sort of like someone else narrating their interpretation of it. It's actually really interesting

It's not inaccurate. It's just um, it's just like me putting it together from what I can gather but have no idea I have no idea what happened. So yeah, I know and it almost feels like

My goal the goal I set out to achieve was actually successful based on what you said. Yeah Um, I don't know so, you know, we all went through something pretty big which was the pandemic, right? And I think I stopped doing J's party around then like 2020 and I actually really miss it a lot But yeah, we talked about sort of why I stepped away for a little bit off the record. And so since then Honestly, it's been kind of hectic um I was just having you know running into so many immigration issues and with the pandemic and the previous administration everything just got really difficult to stay in the US and I Found myself with fewer and fewer reasons to stay in the US and More and more reasons to just come back like home, which is where I consider my cultural home to be which is Australia, right? and Yeah there were just a bunch of goals that I wanted to achieve that I couldn't unless I had some kind of permanent residency or Citizenship in where I was living, right? It was really just a paperwork thing as well as obviously a cultural decision And so yeah, there were just things I wanted to do I couldn't do them I got sick of putting my life on boards. So I started taking a step back very gradually. So I stopped streaming around the time I decided that I was going to spend the next year sort of trying to find my way back to Australia but sort of establish myself in a smart growing up way where I'm you know, obviously Being able to do things properly and you know in the least stressful way possible So I started pulling back more and more I was going through College at the time too and that was taking up a lot of my time and it was actually something that I was really interested In and having a great time is so I also wanted to step away from Twitch just to give myself a bit more time to study and things like that. So yeah, so over that next year, which would be from 2021 to 2022 because I think I gave up streaming in 2021 like May I Bought a house I graduated with a my first ever degree in my life. I'm a bachelor degree in cybersecurity. I Found myself a job that I could work remotely Here that was based in the United States You know sort of like just planned everything planned my exit because once you've lived in a country for more than a decade You do have a lot of roots, right? there's a lot of bank accounts and all these other things that you have to deal with right and taxes and planning and That kind of thing And so I just did a lot of administrative stuff behind the scenes and packed all my stuff up put it on a boat And all of that so it was just a very tumultuous year But I managed to move back here in the middle of 2022 and since then honestly I've just been so busy re-establishing myself that I haven't really wanted to be in the public eye while doing that public eye so to speak so Just been taking some time for myself and to reflect because this is a pretty big life change for me, too Right, so I just wanted to be able to do it in reasonable privacy and have some space to do it. So yeah Sounds like you did it though. It succeeded. Yeah, it's been two years now. So I think I've been able to reflect back I think it was a really tough two years But I'm sort of settling into a good place and feel like it was a good decision in the end But yeah, just you sort of have to trust the process I guess so yeah. Mmm trust the system

Well the hardest part to step away from It seems like maybe your twitch stream because there was a lot of people that just love to hang out with you every week And it was very that stream which I watched it a few times over the years was very intimate and seemed like there's a lot Of friends there. They probably missed you when you decided to stop. It was really nice actually that was hard to step away

It was an easy decision for me to make just because I'd been doing it for five years I didn't start the stream to become famous or to make lots of money or to get attention or anything like that it really I really did start the stream because I wanted to connect with people and Sort of show them what it's like to work on open source and show them that JavaScript hardware is really not that difficult. You're still you know writing JavaScript. It's just a slightly different context and so it wasn't I have struck up some really lovely friendships with my mods and with a lot of the people that were contributing to the repos that I was sort of reviewing on on stream and Everyone I just had such an amazing experience with it over five years But it just felt like it was time to step away So it was an easy decision, but obviously I missed that weekly community, right? It was just really fun to have everyone in the chat But it sort of wasn't something that I was relying on as a an outlet, you know to Like seek approval or you know compliments or anything like that So it just felt like it got to a point where it was too popular for me to be honest It's not as if I was like the people that get millions of viewers, you know in eSports But 300 people on a Sunday morning is a lot to handle especially for my mods, too And I would say that that was just too successful for me it's just it broke outside of the tiny community that I would have been happier with and We were getting less and less productive as a result, too And I don't know it just it bothered me a lot I was starting to lose a lot of privacy and I was just starting to feel that it wasn't Really, I wasn't really streaming for myself anymore. I was streaming because there was an expectation too That got really serious really quickly. I'm sorry, but like it just I had such a nice time But it after five years it really just felt like You know, I just I think that I go through a lot of change as a person and I think I was just ready to You know pull back a little bit

Yeah It's hard to show up whenever you feel like you have to show up Not when you want to show up for the right reasons or even if you want to but you get to perform versus just Create and explore. It's We're seeing that on YouTube over time There's lots of cycles where a long time youtubers will step away because they feel like they have to serve the algorithm not their creative selves or their audiences sort of like have an expectation and they will publish something or Put something out that is like off from center from what their normal content is like Hey, can you get back to talking about this thing that I expect you to come on monkey dance? you know kind of put the quartering kind of thing and that's kind of bad when it comes to Because you kind of it's kind of a double-edged sword, right? You you get out there and you do your thing and then it's like well you're kind of popular or you have some version of popularity and that just kind of like Compounds and morphs and grows and some people like us Jared and I Grow it into a business and we're fortunate and we show up and we like doing it and I think There's a part of our job. You've enjoyed that is Chore and also very much love and that kind of comes with anything at some point. It becomes toil, right? how do you stay in the game and love the game and kind of keep that privacy that you want to when you're famous or at least Internet famous

yeah, I know like famous is kind of this very highly contextual thing and like what we're talking about is we're all nerds and there's like we have X amount of nerds who Want to interact right or like watch your stuff or listen to your stuff so I think you two are very well poised to talk about this again and like because you do so many of these recordings to I can imagine there are days where you just like I just don't want to show up I just don't want to do this at all But it is really rude when you have people expecting you to conform in a certain way, you know, it's like that That monkey dance sort of thing and I think that where I was really fortunate Was that because it I didn't rely on it for my livelihood and again, like I wasn't doing it for you know To feel like I was worthy or that I was like cool or anything It was just so easy for me to step away because you know as soon as it's not fulfilling in the intrinsic way for me It was just way easier for me to walk away. And so I think I'm thankful for that but I think people didn't really understand at the time why I did it because I think a lot of people aspire to Be popular or famous or have people say really nice things about them and and Follow them online and I've never given a I've just never cared about Twitter followers or amount of followers or amount of this blah blah blah and so and I think that some people project those values on you because they have them and they they look up to you and see you as having achieved something they want to Achieve and that also made me feel uncomfortable too. And so it is a lot easier to walk away when You know you compare it to Youtubers who are doing it full-time and they need people to watch to make the money You know from the advertising and things like that And so I think that's a really hard place to be in but you know It's not something that I super relate to just because yeah, like I can kind of do what I want if that makes sense

Why didn't you start it? What was your internal intrinsic motivation to begin with?

It's only said before which was like I saw my friend Nolan Lawson to do a stream of him maintaining patch DB Remember when the other offline sort of stuff started coming. Yeah coming up in local first and all of that and like I Have open source libraries that I maintain but like really small, you know Like just very small activity on them because they're very nice Whereas, you know patch DB was something that was being used by a lot of large companies but also small startups and individuals and so watching Nolan it just You know maintain open source in his way and go through the issues and triage them and like bug squash and stuff Just thought it was so interesting. So it was a totally different open source Experience that you know to me and I was like, that's so cool and I remember thinking maybe this would take a lot of the fear out of Like I just I was already doing public speaking and I was already finding that people were putting around a pedestal and I absolutely cannot Stand that because I think that it's very self-defeating and if you want to do things You should just do them and you shouldn't let Others you look up to make you feel like you're not good enough to do it and things like that And so I already didn't like the reaction and the way I was being treated by others just because I was up there at certain Conferences giving talks and so I thought I'm just gonna show people that I'm just literally like everyone else I sit in my code editor and I stumble and I do typos and also again It's you know, the JavaScript hardware stuff seems intimidating But at the end of the day, it's writing in the same language that you know You write in for your job if you're a front-end developer or full stack, you know sort of No JS web developer. So yeah, it was really just Demystifying stuff because I I benefited so much from Nolan's Stream that one time I was like jeez This is fascinating and I just really wanted to help dispel a lot of that and then ironically I ended up even more on a pedestal for my stream Which you can see now why it was so frustrating for me where I was like cool that just made everything worse And I don't I can't control how people are going to treat me right and that was a lesson that I learned you can't control The narrative in that way. You're just not going to be able to do so. Yeah, there's a weird

Psychological thing maybe Adam, you know more about this than I do from your brain science studies But there's something about confidence that comes from not caring that actually like re feeds the same loop, you know Like even with attraction or it's like the person who's not desperate it ends up being more attracted Attractive to other people because of that mere fact that they aren't and so there's something about that with I think Confidence as well where it's like the fact that you weren't there for These ulterior motives is actually even cooler Than if you were and it's like that feeds back into the coolness factor

Yeah, I understand what I'm saying here. I don't know how to describe it very well, but there's something to that isn't there Adam

I'm just not sure if confidence is the right word. I'm not either. I'm just talking Well, not very confident about this. So this might blow your mind, but I learned this recently the confidence is memory of past success so you have confidence and you move with Confidence I suppose to use the word in the description or the you can't do that definition. It's illegal, right? It's illegal Confidence essentially is memory of past success. And so I'm not sure that translates if that's true if that translates like that But maybe self-assurance. I think that when you're secure as a person securing who you are Securing who you want to be your identity is intact. You're not wayward with who am I? What am I? Why am I? Right a little bit easier to be more steadfast and strong in those regards and that is an attractive trait Yeah, obviously or traits, right?

I think self-assurance is a good way of describing it and I think that It does take that in order to go live on the internet and code in front of strangers

I mean you have to have some self-assurance because they're gonna be watching near every move right says I mean the fact that you're okay Which is making mistakes in front of people requires a certain level of self-confidence Confidence, ah, not confidence. I guess. Okay. I'm still gonna stick with it. I think it's self-confidence. It works

It's just challenging is all yeah, it's a podcast that a lot of people don't have

I mean and we have to build it, you know Even your what about your keynote speaking like speaking in public and stuff or those things that were require

Practice nerves like all that kind of stuff or do you do you had have similar lack of fear in that area?

I call it a story Susan. Did you tell us a story about a speaking engagement? Was it private that you told us the story is I'm remembering the wrong person I feel like you told us a story you're nervous when speaking Does this ring a bell to you? No, I mean

I just don't think I told you this story. I'm not being I'm not just like no, I don't care

Like no, I don't get nervous No

Maybe I mean so I was really nervous when I gave that keynote at OSCON the same OSCON Because they were they said you have eight minutes and then I came up with something that's super ambitious as usual Because to me that was a pretty big opportunity to give one of the opening keynotes that I was caught and I wanted to and You know, somebody had recommended me. So I also was like, oh my god their refutation is at stake, you know, and so I took it Extra seriously, I take all my talk seriously But I took that one extra seriously and you can see in the video like my hands are just like this

Because you know, they had to zoom in. It was like was it live coding or was it scripted?

I remember there was a demo was it live coding? It was live coding and I it was semi scripted so I had like almost like a dice roll thing where I rolled the dice and it chose like a sensor and then like some kind of output like a motor or a screen or something and then I had to come up with an idea in between and To be honest, I it wasn't super planned I just knew that I'd be able to remember how to interface with every single device that I brought along with me Right, and so it really was actually unplanned and the the two things that I ended up rolling were actually random I remember rerolling just because the first one I was like, I just I'm not feeling that one But you know the second one I ended up choosing so it was semi scripted in that there was some constraints there Right, but I really had to do it on the spot But the point was I was trying to prove that again in eight minutes if you know a little bit of JavaScript It's really not that hard to take some a sense of value and then like, you know Do something fun with it on the other side of it, but I think I ended up accidentally Intimidating people more because they focus more on the fact that I was able to achieve it But I was really nervous actually for that particular talk because it at eight minutes and there were you know A thousand people in the audience there for the keynote. That was my audience as well. I put this up my camera Check this out. Yeah, that was it. Oh my god You can hear it in my voice and everything. It's only because I was there with a camera

I was really into photography there. Oh, you took that picture at him, huh? Take this photo. Yeah I can include this as chapter day if you like Jerry. I think we actually talked to you like shortly after that Yeah, I think you had just come off the keynote You're like decompressing live in front of us. It was awesome It was a lot because you're so like wound up for it Then it was there's something about that moment when you're done where it's like Everything's better, you know

That's how I think cuz I always go into I always go into a hole afterwards actually I I think that when the adrenaline washes off some people feel that kind of relaxation and euphoria that they're done and for me I sort of go into a hole and I think I'm not great at compliments And so I got a lot of compliments and accolades as soon as I walked off the stage people were sending me crypto as well like Payments and stuff. It was just so weird. And so see stopping me on the floor

Put some money in the in the coin slot. It's all it's all works. I

Was getting tipped on some platform where you can tip people and like a lot of it was crypto so it was really nice for people but I was getting this thing like great talk at OSCO and I'm like Where is this coming from? And So again when I got off the stage and people were like I could never do that That's when again I was like I failed, you know, I ended up just being a show-off instead of being accessible Mm-hmm, and so I fell into a hole about it because I felt that the attention that I got was unwarranted for the message Yeah, so I just I just never learned that lesson apparently, but I also just cared so much about creating You know how when you go to the keynotes and a lot of them are sponsored and they're just like oh my god Like you're just waiting for them to finish and I just didn't want to be that keynote even though technically I did have to mention the sponsor which was you know, the company I was working for and everything But I was like, I just don't want it to feel like one of those really Sterile very clean, you know keynotes that are just very constrained and what people are allowed to say It's just doing the audience a disservice, right? I wanted to write them pumped up for the conference. Yeah

How did you end up mentioning the sponsor the the brand you worked for at the time? Yeah

So, I think I had the easy setting working at Microsoft because you can basically choose almost anything as long as it's a Microsoft product And so I was using VS code which at the time was almost like a cheat code for being able to get it in there, but I also think that I was Mentioning something else that I was using one of the the workbench tool sets or something That was particularly good for Arduino that Microsoft put out at the time And I think I also recommended another platform they have called make code which was this really cool in browser IDE for interacting with some of their hardware pieces, too So I think I made mention of that at the end if people are feeling intimidated. That's actually a really good way to get started

So and hate it when a successful keynote backfires, you know, it sounds so ungrateful. All you get is compliments and crypto

It sounds so ungrateful But this I think that it's good to talk about this because it does explain why I Sort of seemingly disappeared. Yeah, I just don't think it's for me again. I never really sought the attention side of it and it just bothers me a lot because I Am quite introverted and also I want people to focus on my work and not me Sure, and I think that's where I also struggled to I was like no So I'm trying to show you this thing and you keep putting the attention back on me and It just I wasn't having the conversations with people afterwards that I wanted to be having and so I felt kind of lonely and frustrated as well And again, I think it's a huge privilege to be a public figure and you don't sort of feed off the attention And I didn't do it because I was sort of trying to fill that sort of void for myself But at the same time, yeah it sort of made me feel very ungrateful for it because I know a lot of people would kill to be my position and I Just sort of in their opinion. I might have thrown everything away. So yeah, it's interesting Yeah, I'm very grateful obviously for a lot of the doors that open as a result of me doing this I want to make that very clear and I'm like that just the fact that I talked on change log like years ago That was because of the public work I was doing so it's open a lot of doors. It's it's Yeah, it's really helped me in my career But I think they were just kind of surprising side effects for me at the time. So it's sort of hard to Sometimes it's hard to really reflect on that as much as I should be

yeah, so given that what is your If you don't care for the attention put on you and you put yourself out there in your ideas What is your perfect world in terms of when you show up to the world and you do what you do? What would the better or more preferred reaction be? I think people coming up to engage about the technical

Parts of what I talked about more just technical discourse I don't know. I'm such a nerd. I just want to talk about that. And so Like I I caught up with someone recently who I hadn't seen in like 16 years. We used to teach together at the community college and I Met up with him and we went for lunch and he was just like what are you working on? and I told him about you know, one of the projects I was doing and I also told him about another hobby. I've picked up which tends to get a lot of questions very quickly And people going that's so awesome. You're amazing, you know, and they focus on me again But he was focusing on the tech stuff and he immediately started asking me technical questions about the project I was working on and I wanted that because I wanted somebody to sort of like ask questions from their perspective which will help me either improve the project or just Talk things out, you know almost like a rubber duck kind of way and just like nerd out with each other and so I think my idea would be just Me having a just going back to the early 2000s like having a blog like I used to have back then to you and Publishing a project and like ninety nine point nine percent of the online population does not care about it But you get like, you know two or three people that are like this is awesome and like can I send you this link to this other person who's on this Thing that reminds me of your project and like I have some questions or I think you could improve it with this That's the only discourse I really want I want it to be about the works and about people Helping each other change and improve and push things a bit further and not be about the personalities I think that's just what I want. What's up friends? I'm here with a new friend

I made over at speakeasy founding engineer George Hadar Speakeasy is the complete platform for great API developer experience They have to produce SDKs terraform providers docs and more George take me on a journey through this process Help me understand exactly what it takes to generate an SDK For an API at the quality level required for good user experience good dev experience

The reality is the larger your API becomes the more you want to support users that want to use your API and to do that your instinct will be to Ship a library a package and what we've been calling an SDK there's a lot of effort involved in taking an API that lives in the world and Creating a piece of software that can talk to that API building SDKs by hand is a significant investment and a lot of large companies Might pour a lot of money into that effort to create something that's like approaches good developer experience and then another group of a more growing groups of companies will rely on tooling like code generators And so they're very interested in like once you make the decision to use a code generator You're kind of forfeiting some of your own opinions and what you think a good developer Experience is because you're gonna delegate that to a code generator to give you an SDK that's but you think users will enjoy using

Okay, go to speakeasy.com build APIs your users love robust SDKs Enterprise grade APIs Crafted in minutes go to speakeasy.com. Once again speakeasy.com Have you ever considered? Going anonymous. Yeah

Yeah, I I'm actually I'm not close to my bookshelf I think I should have talked about weird stuff like dead man switches and things like oh, yeah, I was calm I'm not near my bookshelf right now in my living room But I have um, I forget the title of the book, but it's quite well-known It's something like how to completely disappear or something like that. Yeah what it's actually called. I've thought about it a lot I do have an anonymous pseudonym online and I do have the domain name for it and I do have like I got an artist to actually draw sort of Like the character and everything. So yes It's it is a thing and it's something that I've thought about for a long time And I think that's what I'd like to do with certain projects just so that you know It's kind of like, you know when famous authors do like a pen name or whatever They have like a different name because they want to release the book but not have it be received with their infamy

I think it's very similar right for me. So we were talking with Chris Wanstroth a couple weeks ago Founder of github one of the founders and obviously after github sold to Microsoft, you know He took his money went home and took some some well-earned rest time and during that time He got eventually bored of playing video games and stuff and he got back into coding But he didn't want anybody to know that it was him because everyone's gonna treat him differently on especially on github.com being defunct right, like you're not gonna just Treat him like a regular person there's and so he went and just created an anonymous handle and he was like contributing to people's projects for a long time as this just rando person that Likes open source and I think he had a lot of success with that eventually He said he pulled the mask off to a few folks who like he became friends with eventually that he was like longtime contributors to their project they became friends and then he would tell them who he actually is, but he had a lot of success with that and I think that that's one way that you can get what you want if what you Want is like focus on the work focus on the technical focus on Maybe my thoughts my words and not so much on my person, you know, yeah

I hundred percent agree with that and yeah, I feel like I I'm on a very similar wavelength to him Oh the book by the way is called extreme privacy Okay, and then the byline is something like how to disappear or whatever. Sorry. Mmm. You could be like the Banksy of the programming scene But that's the thing but now he has him for me right and like people are gonna find out who he is

Right. You just can't ever pull the mask off. That's all I just have to do really lackluster projects Yeah, you just have to suck more, you know, just don't be good

Sorry for my spit take that was so good

It's wild to hear this because so many people I don't really know why I suppose or what is drawing Folks to this desire but a lot of young kids like I have young kids and so I'm seeing them grow up and I'm seeing the friends That they are making and friends that I'd like them to make less friends with and I just see their influences and they're younger They're not like in their teens. They're younger than teens And I have an older daughter too and so she she's in her 20s and I'm seeing this You know shift between different folks for a while there people want to be youtubers. They want to be Instagramers or whatever this thing is they want For some reason this spotlight even at a young age and I'm not really sure What exactly it is that attracts them there? I suppose it's the opportunity of Various influence, but I think even at a young age I couldn't imagine Having influence in in my 20s I guess if I was influential my 20s Like wow, the world would suck a whole lot more or less or more It was more than it already does It's not a it would not be have been a positive thing for me to have Any sort of primary influence on the world in my 20s, right? It's so strange that people seem to chase some version of fame or influence and

That's wild. I don't find it strange. I mean, I I think it's pretty common, right? I mean strangely common the desire for fame and fortune is like deep down inside of us, isn't it?

I suppose but it seems like it's a cultural norm where it's dramatically more than there was like I Let me think of when I was a kid. Let me show some of my cards I desperately wanted to be a ninja when I was growing up as a kid, right? Like and I think that's maybe a character. I wasn't seeking fame now I can also say that for a long time there I said I wanted to be a corporate lawyer and the only reason was because I could be rich and I didn't know any better. I was young because you're a really good storyteller, right something like that

I was not interested in like

Being famous. Did you have were there any were there any heartthrobs Adam when you were growing up? I would love to be like him. For instance, I can say when I was young I have an older sister three years older and she had friends, right? Okay, and so of course younger boy older sister sister's friends very stereotypical, right? And they were very much into new kids on the block. This was like 1990 for sure. So I was eight nine ten years old and Specifically, was it Donnie Wahlberg? I don't know. I can't remember who the new kids on the block were But there were heartthrobs, you know They'd walk into a room and all the women would scream and then they'd have all this money in these cars and everything And it's like I want to be that guy. I don't think that's abnormal Did you have anything like that? You just want to be a corporate lawyer ninja? Yeah I Think I'll answer your question, but I think what I'm driving towards is a little different Okay, and I don't disagree with what you're saying. This is here, but I'll share the story because this is fun This is fun stuff. This is fun Susie having fun over there

I'm very excited about this story actually

So I have five five numbers for you now, I'll say it

Nine oh two one. Oh, okay. So you want to be Jason Matthew Perry? No, not Matthew Perry. That's it friends

Well either I guess I guess so much either but Jason Priestley. I was like if I could be the reason priestly

That's his name. Yeah, I could be him. My life is solved because of the sideburns Sure

The wavy hair, I don't know all of it, California all of it

Yeah, you know pick a very cool that were extremely cool. They were very cool

They were cool and what an interesting TV show what an interesting premise to even reflect on mentally right now But I think what I'm talking about is different than that and maybe it's maybe it's different but kind of the same And I think what I mean by that is that it seems like kids are really into Jordans There's like shows about Jordans like, you know pawn shops getting them people trying to shoot Yeah, like, you know, that's always been a thing nor Jordans have been a thing But I think there's a lot of people trying to show off the things they do on the internet primarily on YouTube everything from Really cool Lego building which is like super admirable very engineering focus a lot of opportunity if you chase it to Lego cooking who watches Leo cooking Lego cooking Lego cooking Never even heard of it. So just tell me you're with me on this Oh gosh, okay. So do you cook Legos? No when you go and you find out Lego cooking you're gonna be like, oh, yeah, this is the coolest it is stop-motion film the person Cooks, it's just stop-motion film. It's very artist Okay, and they make everything so they take a hatchet and cut something and it's Lego inside like it's all Lego everything's Lego

Everything's Lego. Okay, so that's cool stop-motion video. I love it

I just feel like all this stuff like in this media is is getting people to want to they see the people they look up To be famous through platforms, right? And so it's obvious like 90210 Jason Priestley Although I didn't want to drive a Corvette and I didn't want to be any of those people I was like if I could do that, I'd be I would have arrived

Soos, who did you want to be when you're a little kid? Did you have any yes a really good question? I don't really remember. I'm sure I had them. Yeah Mostly so I was very unpopular in high school so any female pop so I just wanted to be as attractive as them more than anything because you know, I think that Everyone I think latches on when they're young to what their model of power is, right? And so, you know I think these days having a YouTube channel making lots of money and then being able to have the freedom to do what you want Without money that's power, right? Um, and so for me you know when you grow up as Cisgender woman you are told that your power is in your looks. So I don't know if I looked up to Anyone specifically and wanted to be them but I remember just thinking like I would probably not be treated as poorly as I was if You know if I looked more like Britney Spears or something like that, right? Um, yeah, sorry Sorry, that was a very disappointing answer. But I just honestly I don't remember if I

Was anyone who I wanted to be that's fair. What did you say something of power remind me the phrase you said?

I just think that um, everyone has their own idea of what would give them power and How to actually get there and I think power is a lot of different things, right? It's the ability to influence and so yeah like I just think that people latch on to a certain form of power that they Want and they think that they have a chance of sort of being able to acquire But yeah, I think you know when you're a teenager you you're not quite moved out You're not quite, you know a kid anymore and you're trying to have more control over your life And you're trying to establish your identity and things like that. And I think that's a very influential time Informative time and I think that's where you sort of really start thinking about power in a grown-up way as well and how to acquire that power

So I'm glad you mentioned that because I think that's spot-on because I think you may have answered my question Which is what is the reason why? I don't really think it's super strange behavior Jared to want to be famous But I think it's kind of strange that it's so it's so pervasive. It's so out there for everyone It seems at least and I could be just being hyperbole, but I think you're right So is that when you're especially when you're younger teens 10 to 16 You're trying to assert yourself. You're trying to assert your any version of dominance regardless of gender You're trying to showcase that you can control situations or be in control of your own life in your own destiny and you're trying to direct things and I think that that probably is a reason is like well if I have this then I have I have power to assert my beliefs my ideas Control over my future, etc

I think we just see it more now because everybody it's so easy to put yourself out there

Mmm, whereas, you know you go back to when we were children and those people who wanted to be famous Well, they had to go move to Los Angeles Wait tables while they did while they did all these tryouts and stuff and like their failures Weren't public like they were just they happen, but we didn't see them or their desires to be that thing nobody knew That I wanted to be Donnie Wahlberg or whatever. His name was I actually More than that that was just I remember being like man girls like the new kids on the block I wish I was one of them like that was a fleeting moment, but my Desire was more to be a professional athlete, which is another route to all the exact same things, right? And so I wanted to be either Michael Jordan or Ken Griffey jr So like baseball or basketball like those are actually guys that I really wanted to be Sam with King Griffey as I just like a passing fancy was like, oh, I love to be famous singer But I actually was like if I could be King Griffey jr. And do what he did That would be a great life. And so I actually like put effort into that kind of stuff for a while, but I Don't know. I just feel like we see it more. I think it's more tangible to how easy it is I mean, it's hard, but it's also easier now. I mean, there's more accessible. I think and it's yeah

I think it feels more achievable Like you cannot be what you cannot see and I think if you see regular people even Justin Bieber Billy Eilish, right? Oh, they had a SoundCloud or whatever Right how they blew up. I think that that story now is just feels much more accessible than the moving to LA thing

I think you've got something there. Should I close the loop for you Jared on the names of all the

Enki otb's of all the yes, please do Jordan Knight Jonathan Knight, yes brothers Joey McIntyre. Okay, the the baby face. Yes, right. There's always a baby face in these boy bands

There's the bad guy Donnie Wahlberg may have been the bad guy. Yeah, I think Donnie was and then Danny would now when I say What does that make you think of hanging tough right hanging tough you go yeah

Suze do you remember new kids on the block where you're around I do but I'm a tiny bit younger than you So I do It was more and sink. Yeah, backstreet boys and sink. Yeah. What is it? 98 degrees 90 something degrees? Oh, yeah

98 degrees

Do you remember blue the UK? I'm blue dada dada die. No, no, no, no, I feel 65 There was a UK group called blue But anyway, but I do remember like wham as well and like so I'm an 80s girl So I do remember a lot of that stuff. It's just by the time I was sort of at that impressionable sort of you know You're like tween stage. It was battery rice and things like that. That was actually more my timing as well

It was my older sister that was new kids on the block So I just I think I was more I had them at a younger age But yes in my formative years it was in sync and backstreet boys And by then I didn't want to I didn't look up to those guys. I was just kind of annoyed by them Although there is some talent there But thanks for closing the loop Adam now, please move us to a new loop Before we start singing again. Yeah, I'm not gonna sing again. I just had this I hummed basically it was not a thing Hey friends, I'm here with Todd Kaufman CEO of test double You may know test double from friend of the show Justin circles So Todd on the home page for test double you say great software is made by great teams. We build both That's a bold statement

Yes We often are brought in to help clients by adding capacity to their teams or maybe solving a technical problem that they were

You know didn't have the experience to solve But we feel like we want to set up our clients for future success and the computers just do what we tell them So well at least for now We try to work with our client teams to make sure that they're in a great state that they have clarity and expectations healthy development practices lean processes that that allow them to Really deliver value into production really quickly

So we started a lot of our engagements by just adding capacity or technical know-how We end a lot of our engagements by really setting up client teams for success. Very cool Todd. I love it

So listeners, this is why Edward Kim co-founder and head of technology at gusto says quote give test double your hardest problems to solve End-quote find out more about test doubles software investment problem solvers at test double dot-com That's test double comm t est do you be le? Com and I'm here with Farah Sabu Gidee J founder and CEO socket socket dot dev So Farash you put out this fire post recently on X and I'm a paraphrase you say the XZ package Backdoor was just the tip of the iceberg Give me just a peek behind the scenes of this incident and what you mean by it's just the tip of the iceberg

Yes, I think the XZ utils backdoor was really eye-opening to a lot of developers It showed the vulnerability of the open-source ecosystem You had this maintainer who had been tirelessly maintaining this package for 15 years who was targeted by nation-state

Actors who created like literally it's like a spy movie, right? They had multiple personas fake personas that were contacting this poor maintainer and you know working on him

Psychologically to convince him over the course of two years to add them to the repository and give them publish Permissions and they did this through us through a bunch of kind of negative messages But also by being helpful and by sending good positive pull requests and what they were able to do is get access to

This package this is built into pretty much every Linux server out there and what this would have let them do is it will let? Them SSH into any server and run any command without knowing the password without being authenticated to the server So this would have been like a world ending potentially kind of an attack, right? It would have it would have been probably the worst attack we've ever seen I'm not exaggerating it could have been that bad, but we were lucky through a total accident This backdoor dependency had made it into the beta builds of some popular Linux distros and a developer who is testing out the beta versions of these Linux distros noticed Some some weird weird behavior. He noticed that his SSH connection was taking half a second too long and so he he pulled the thread and traced it back to This this backdoor dependency and we were we were all saved because of this total accident It's mind-blowing to me in a couple for a couple reasons like one obviously like wow There's so there's there's literally states out there countries that are that are trying to target open source now clearly There's like a team behind this they probably didn't just work on this one dependency They were probably working on getting access to many other ones in parallel If you just look at the time between the emails they sent to the maintainer They were about a month between some of these emails So they were probably working on other maintainers and trying to get access during that time. So that's really scary I also think it's pretty scary to see kind of the fact that it took an accident to find the attack It makes me think like how many have we not caught as a community? How many have we missed if this one was caught by a total accident? It was eye-opening to a lot of people and it made people realize that there really is a threat in the open source ecosystem And it's not because most people are bad. It's the opposite Most people are good, but there are few bad actors out there taking advantage of the trust in the system

That's really where we come in We're trying to give every company the tools to protect themselves from those types of attacks And and that's what we do at socket

Okay Friends go to socket that dev security dependencies socket is on the front lines of securing the open source ecosystem their developer first security platform that protects your code from both vulnerable and malicious dependencies install the github app or book a demo again socket dev that's SOC k ET dot dev What is on your minds is like what is it that's got your attention in terms of like technical prowess Exploratory are you playing with hardware still yet? I did not catch your conversation with Quincy yet but I'm understanding that you're now a white hat hacker and the NSA sent you a fidget spinner like without sharing it the whole time now, that's cool. Hold on

Yeah, let's stop right there and talk about that

Well without sharing I mean you can go probably listen to the conversation with Quincy but like without like literally copying

What was there? What are you into? Yeah, so so I was a little bit just like That was such a tongue-in-cheek moment in the podcast that I didn't realize it was going to become like this big thing Oh, yeah title and everything. No, I honestly I I went through the bachelor degree to get my cyber security diploma and mostly because I just wanted like a Curated curriculum right because I tried to learn cyber security before that and it was just it's so broad and so deep, you know It felt like Yeah, it just felt like sort of starting again. And so I went through that degree program Just really really enjoyed it to be honest and through that, you know through the cyber security club at the college I was that you know, I got exposed to the capture the flag competitions, which are like hackathons But instead you're actually hacking, right? so they're giving you puzzles to solve and boxes to hack into and you know across all the different disciplines of Cyber security and So I was just really enjoying that right? I've always been very interested in not just front-end development, which is how we met but like just everything to do with tech I just love learning new things and I love being able to sort of like I have the breadth now over the years But I love being able to choose something and go I'm gonna go super deep for a bit and then sort of come out and then look for something else and Cyber security was sort of the most recent deep dive for me and just I just still really really enjoy it And then I landed a job at a cyber security company right as I was graduating which was just dumb luck and you know, because I was putting a lot of my Certifications and CTF results and stuff on LinkedIn and I think that got a recruiters attention. So Yeah, that's sort of how that Conversation with Quincy came about it was just something that I've been into and I'm still actually Pursuing that in my spare time pursuing cyber security projects and learnings and deep dives and stuff like that. Hmm

How do you cyber security? What do you mean? Exactly, how do you cyber security like what exactly is cyber security if it's so broad? I'm also sort of mesmerized and also in amber by the you know, the idea of hacking things were Being aware there's a box over there and there's some sort of vulnerability I've got to find it and I there is a way in but it's up to me to find the Ten or fifteen or hundreds of ways you could get in that to me is interesting I'm not pursuing a person but it's it's very there's a lure there for me

Yeah, I think that's what the lure is for almost everyone getting in cyber security It's that intrigue and it's kind of getting to feel like the bad guy without being Arrested and put in prison I Mean honestly a lot a lot of people just say the same thing as what you'd tell to somebody who wants to learn to code Right, just jump in just get going like find some resources. There's you know, so many resources on my Linux

Right spin up a VM of kind of Linux or install that. Yeah, Kali Linux spin up a bunch of VMs blah blah blah

Yeah, exactly. It's not difficult to get started. It's just that it's the same thing when you start anything You don't know what you don't know and you can just feel lost. You're just like there's all these different directions I could go in it's exactly the same as someone learning how to code. It's just a slightly different technical discipline, I guess But yeah, there's a lot of appeal in just having a go at these CTFs because it is really it is a really fun puzzle It's like an escape room essentially kind of vibe like if you really enjoy escape rooms, obviously, you'll really enjoy

Cyber security as well. Did you enjoy the movie escape room? I haven't actually seen it

I've seen panic room, but I haven't seen escape room Oh Jodie Foster. It might not see escape room either. It might get you What about mr. Robot that's too intense for me I like occasionally I come around to the idea of I'm gonna watch it But I'm very sensitive as a person And so I actually get my friends to pre vet most of the shows that I watch because they're like is this is this something? Sees can watch or not Because if it's a bit too full on I either can't sleep or it's just like I'm not relaxing while I'm watching it You know, like I'm I'm not sort of there for the tension thrillers and things I don't get a sort of thrill out of it Like a lot of people do but I love the idea of mr. Robot because I've heard it's quite technically accurate So it could be really satisfying to watch I can concur with that

It's very from what I understand of how do you cyber security? I was a joke to ask you how do you cyber security was not even that it was not meant to be Yeah, sorry about that I can attest that mr. Robot was an amazing Series it doesn't go where you think it should you may enjoy it, but it's very technically accurate and quite scary in terms of Maybe how fragile the world is, you know, you probably see that now that you're deeper into it how fragile the world can be With cyber security. We just had you know, a major outage a BS OD across the world and it's that's crazy Like we're it it's now sort of front and center to everyday citizens globally because it was a global Scenario, you know, yeah 100%

Full disclosure. I just left that company Okay, so it was very close to home when it happened because I left CrowdStrike in March Oh, wow, and so the fact that I was on the inside. I know a lot about how the software's developed I know how careful the company is about rolling that stuff out like and I do respect the company a lot really enjoyed working for Them and did enjoy Learning about how a company does modern antivirus software, right? Um, and so Even seeing a company that's doing so well. Just make one small mistake I think that what you're saying is a really good point and considering I have even more context. I was actually quite Surprised that it happened just given how cautious I've seen them You know having worked for the company that yet even the good guys can take everyone down, right? all right, and so it is incredibly vulnerable and It grounded flights, you know, it was very much like that diehard movie with like Justin long where they figured out how to you know, Manipulate all the traffic lights and all the things around the city, right? you'd be surprised at how few of these systems are actually well secured and You know my time at crowd strike I did a little bit of work on industrial control systems as well and just knowing there's like this What is it called there? Seven bullet rule or something. It's like with just seven bullets. You can do a lot to take down most of the you know Important energy infrastructure in the United States like I'm talking off the top of my head So I'm getting a lot of the details probably Messed up, but there's this kind of like saying and industrial control systems the seven bullet theory like if you had them like could you take down the entire grids and Yeah, like a lot of those systems are running on old software like you see ATMs running Windows XP Right when you see it crash and it's just horrifying how fragile those systems are and when you work for a cybersecurity company and you're watching customers get hacked and you're seeing how it happened a Lot of the CTFs aren't necessarily very contrived as far as the vulnerabilities that they're leaving on the machines. They're quite realistic vulnerabilities They're just a contrived storyline and narrative But it's really not that different from everybody every day rams and wear attacks and things like that, right?

So CTFs are fun. I did those back in college. I really loved it and I think working on a red team would be super cool. I don't like the fact that at the end of it You just have to write this long report. I don't know maybe yeah Maybe the LM's write that for you now less cumbersome, but I hated that part It's like oh now we gotta write a hundred page report and it's like well I'd rather just do the hacking and you write the report. Thank you very much But is that what you're actually doing was red teaming and stuff or what's your day-to-day?

I'm off the same opinion as you I think it would be very tedious as well because yeah It's not like you're sitting there having fun on a Saturday night with a whiskey Like you're having to be very methodical as well about how you write about things You have to be very careful not to take down their systems. Like it's not a sort of a realistic hacking scenario, right? There's like there are the rules of engagement which is literally a document you have to cover with them first and then You have to make sure that they're not going to call the cops on you if you physically get into the building But then they catch you and they're like it sounds thrilling, but it's actually quite Methodical and I think it takes a lot of the fun out of it. Um So I was working on a research and development team for threat hunting technology essentially, so the human side of Cyber security where you're constantly looking ahead and trying to find heuristics and Like, you know, what's what are the latest sort of nation-state hacker groups? Like what are the tools that they're using? What are the technologies? Like, how can we get ahead of them? How can we design tools that are sort of always ahead of the curve and not necessarily just trying to be sort of whack-a-mole? And and things like that. So it was more I worked with data scientists Researchers, you know really smart people with PhDs and I'm like this code monkey, you know helping them prototype their ideas and things like that So that was I was definitely more on the blue team side and not the Red Hat hacking

Yeah, that sounds better. Actually, that sounds pretty sweet. It's still a game right like we were still playing the game

We're just yeah on the other side of the game. And so it can be really satisfying if you design a tool that Helps track down something that hasn't been tracked down before, you know or just helps Threat hunters do their job much more efficiently so that they can you know, just kind of look like these supernatural Hunters it there's just something really that was really interesting about that problem that I really enjoyed working on

What are the various tools in the tool belt of a threat hunter?

I don't know if I can talk about the specific ones at that company Yeah, but in general Working with Intel groups so that they can you know, there are a lot of Intel groups that around the world that including You know Governments who are embedded in these groups and operating under pseudonyms online and are actually interacting with these groups and finding out information so a lot of it is Intel but also threat feeds like being able to see new signatures And things like that But the actual tools themselves tend to be tools that allow these threat hunters to look at an intrusion after it's happened Be able to kind of look at the chronological events that took place You know and just get a holistic view of it, you know it gets to the point where threat hunters can look at a couple of lines of command line commands that would run on like an infected computer or in a Computer with a successful intrusion to compromise one and they can immediately say oh, that's that threat actor in China You know and so it's more about knowledge and knowing patterns and being able to be incredibly agile with being able to Get ahead of the I guess the attacker

What kind of signatures are they leaving like what's the breadcrumbs are leaving behind? Is it like literally a signature? Is it like a a dat file that's left behind with like, you know a one-liner?

That sounds really cool

No, it's not a very good hacker if they leave their signature behind then or they leave a file that says You know, don't delete me read this but he was Banksy. It was somebody named Banksy. Mm-hmm

It can be everything from did this person switch to a specific language keyboard? Mmm, it can be the specific actual hacking tool So for example, let's think of a hacking tool like bloodhound or Mimi cats or something like that, you know What specific tools are they using and in conjunction with other tools? It can also be things like okay Does this country have a major national holiday and was there zero hacking activity on this machine that day? And then it resumed to the next day. Okay. Well, maybe they're located in a specific country then which narrows it down to it You know a smaller collection of threat actors, right? and so there are all these little sort of bits and pieces that come together and You know a threat hunter needs to be able to find something that that happened piece together what actually happened and Be able to inform future, you know

Detections, how do these threat hunters? Get access to this the infected systems without Fear of you know additional hacks or I mean, is it like they friends? You know the Heisenberg effect by by inspecting it You're actually modifying it And so how did they is it like clone a snapshot of the disc and work with it offline? Or what do they do in order to actually go about their work?

Yeah, so I think you're also thinking of things like forensics. I am I think that's probably more the appropriate discipline Threat hunting is not exactly quite like that It's more sort of data sifting than anything So I'm just being really careful about my NDA right now Fine you can tell like there are certain things I'm sharing that a very vague because I don't know what would be considered Proprietary information. I don't talk about this topic very often. So it is very difficult for me to delineate that but yeah um, I think you're talking more about forensics and that's something that I learned in college how to Successfully image a hard drive without actually changing a single bit Right is harder than it sounds It is and I think this is also a lot of incident response to so incident response and forensics are a little bit different to threat Hunting in that they tend to be doing the hands-on work and actually getting into the machines and doing that I think threat hunters are taking information after the fact that's being collected and they're not necessarily doing that work So, yeah, like I said cyber security is really broad and so you can split these skill sets out into

Focuses. Yeah, I definitely was categorizing forensic people with threat hunting but I assumed they would be

operating at least in similar time frames with regards to a

Breach, but how do they get their tasks? Are they just sitting in JIRA getting threat hunting tasks? I'm just you know joking of course, but like how do they get their their missions? How do they know what systems are they active in literal crime scenarios? Are they working for? folks like the NSA and the FBI or Private companies like you were usually like a self-destructing letter, isn't it? 10 seconds?

There are threat hunters at yet like private institutions So for example, like crowd strikes threat hunters are actually threat hunters for hire. So they work with companies Directly and you know, if you look at the product offering online, it's called overwatch There are different tiers of it where they'll even give you you know Briefings on the latest threats to look out for and things to maybe specifically look at for your industry even so, you know If this company is a financial tech industry and they're working with crowd strike the overwatch team the threat hunters can you know give actual briefings on what they're seeing as Trends in that financial industry based on attacks on other companies that are similar to them and so the threat hunters do a lot of different services and So it's going to depend on whether you're in the private or public sectors to like what tools you use as well So I'm sure that there are teams that use JIRA to keep track of intrusions and dump a bunch of data in there But I think that a lot of these tools tend to be very proprietary And so, you know, they've been designed and developed and incrementally, you know Improved based on the specific kind of work that these threat hunters doing at their institution. That's all I can say Yeah

What's the best way in to get into this? This layer of cyber security whether it's for hunting or you know Looking at signatures or something like what's the is it go to school for it? Just get steeped in it find a community. What's the best way in it's exactly the same as coding really

I think as if you know what you want to do in cyber security such as threat hunting specifically or Forensics or something like related to that. I think that makes it a lot easier What you can do is just try and look online for resources for free resources, or you can actually enroll in Some certification programs as well, which will give you the foundation so you kind of know where to go from there and obviously taking part in CTFs like So the code breaker CTF that NSA puts out the National Security Agency of the United States You know, we all can have complicated feelings about that company. I just want to sort of like, you know Preempt that but they have a CTF every year called code breaker and it's a reverse engineering Competition and that's where I sort of got the fidget spinner from because I took part in it and I sort of placed at a Certain level to get a fidget spinner. But um that particular CTF I would recommend for threat hunters because There's a there's a sort of fictional narrative they put out as part of the CTF and they keep drip feeding you all of this additional evidence of a breach and you're supposed to unwind what happened and so the the one that I Participated in that we're giving you everything from dot, you know compromised docker containers to network logs to Yeah, like why a shark pick up dumps showing network traffic and so you had to reverse reverse engineer a bunch of binary executable is you had to figure out how the doc container got compromised then you had to Reverse engineer the protocol that the threat actors were using on the network and then you had to kind of then hack back into their Computer to find further evidence, you know, and I think being able to sift through evidence like that is Probably the the best skill to practice when it comes to wanting to get into that side of cybersecurity

How much does that draw out your coding skills? I imagine quite a bit as you go through that stuff because there's so much TDM

Otherwise, yeah, I'd say I had a huge advantage in a lot of the CTS because I could write simple scripts even right? So let's say you get a giant Apache log file, right and Like it's a pretty structured log file, right? and so you can use you know bash one liners you can use or can you can use like truncate and Unique and all of those command line tools and you can just kind of like glue something together But if you want to do something a bit more complex, that's where scripting just really comes into its own and so during these CTS I was writing all sorts of Different scripts to filter things and to count things and to accumulate things and also there was one time where there was something was encrypted using RSA and It was kind of hard to find a tool online to just like dump the text in and uninc and decrypt it And I think that was the point of the CTF. They were trying to make it difficult so I was able to just write a quick JavaScript implementation of the RSA algorithm that sort of like Brute forced through and figured out the key and they obviously gave us a weak key because otherwise You need like a quantum computer to crack it, but that was so advantageous Most people either didn't solve it or they had to find a tool online that only let you put in one character at a time To crack it whereas I had it written and you know, like maybe 10 minutes and it was done Sorry, it's a huge advantage. I think being able to code but also you You understand how computers work as a foundation right and that gives you a really good intuition for solving problems Like I've seen people who have come into cybersecurity But not having an IT background and there's a certain intuition that they're missing where you can infer things from certain pieces of evidence and even the docker container thing like I was able to just jump in whereas A lot of people were like, I don't even know how to run this thing I'm gonna have to spend half an hour now learning docker, right? So I've always had a huge advantage in CTFs because I do have that coding background

Yes a lot easier to know what to look for in an Apache log if you've actually managed an Apache web server for a while for whatever reason or if you've it's a lot easier to use docker if you use docker and And all these things I mean, maybe that sounds obvious But when you lack that context you really are poking out of black box, you know And you're just like you can't really get in past the surface very easily

So was it were you on your own or is it teams that particular one code breaker it was very strictly by yourself And so I think there were 10 problems and I made it to problem 8 and that's where I felt that I was hitting a ceiling Right. It was very specialist Reverse engineering like I ended up looking at the solution afterwards from people doing write-ups and I was like, I never would have got that You know that you had to sort of do this weird You had to roll the protocol correctly But then you also had to kind of plant a buffer overflow in order to sort of get through it and I'm just like I Was like I know how to do toy buffer overflows when the conditions have been presented to me in the correct way But I can't actually sort of you know, it's a lot harder for me to do that because I don't have a lot of practice with it So yeah, yeah

That's as far as I got back when I was in school was like I understood how they work Yeah, and I could recreate one given certain circumstances But if you wanted me to actually go in and execute arbitrary code like with the no-op sled and stuff like I don't know How long to do this thing in order to land in the right spot and like yeah

Yeah, and like how much do you keep going to you give up because you're just like for just one more just one more You know one more knock and so in the end the solution was to use a was it could abrupt chain as well, right? so using gadgets using assembly gadgets after the knobs led in order to then like Return to see or whatever that um So that you could then run little snippets of the assembly code that were present in the program itself to get what you need And so I looked at that and I was just like yeah, there's no way I'd be able to assemble that That's something that I want to you know, practice that for next time sort of thing. Yeah, that's a nice for level stuff right there

Yeah, ask me your script kiddies can't go there. You know, we can just run the script

It was interesting because one of the write-ups that I read was by a high schooler and I've never felt like Well, that's the thing they're uh, they're on YouTube getting impressed at a young age and next thing you know

White hat hacker for the NSA. Yep. Did you you said you did eight of ten? Is that right? Mm-hmm How did you even get involved in this capture the flag in the first place with the NSA? Like what made you find it discover it want to do it. It was through my cyber security club at my Community college. It was actually a really high quality cyber security club. It was a really high quality cyber security club

It was actually a really high quality cyber security club. I'm still in contact with them I still volunteer and help people ramp up to doing CTFs like I'll teach them the coding sort of stuff It's like oh, here's how github works So if you need to clone down a tool that you can't find anywhere else and get it running Here's how to sort of use github in the in its basic form. And yeah, so I it was through the community college Cybersecurity club is they have a discord that you can join when you're a student and they just put There's like specific channels set up even for specific CTF so it's almost impossible to miss out on when there are actually CTFs going and people will announce them and they'll also hold information sessions and like I said Like tutorial nights where you can go along and follow along and learn a new skill that will help you to tackle those CTFs better And then for the for the CTFs that have teams that school would also help people form teams as well, which was really cool So I think that getting involved in the cyber security community is one of the only ways to really know unless you literally google like cybersecurity CTF list or something that can also help but most of the CTFs I was doing with a Collegiate level two so they were a bit easier I think and so that was a huge help just to get sort of your feet wet

Mm-hmm, you're making you kind of want to get back in the game and give it a shot. It's been probably yeah I didn't know you used to do this. That's really cool. Yeah, I had a information assurance Sub program at my university and so I spent the last two years doing all infosec things I actually did some penetration testing right out of college and between the report writing and the fact that I felt like When you audit somebody like you do your best But you can't really say anything at the end of the day except for well We did our best, you know, and it's better than not having been audited But I always was like there's like a false sense of security that you have now which I don't feel really I don't feel great like selling that you know as a service as a false sense of security and So I realized also I wasn't that great at it Like I don't have as much of a hackers a breakers mind as I do a makers mind I like to create more than I like to break. It's kind of what I learned about myself But also just that I was like I kind of went a different direction from there I managed some Linux networks for a while And that's when I found out about web development and started doing all that kind of stuff and that that just mapped to my mind better than breaking in and breaking stuff but it was fun and I think the CTS was the best part because like they were very much like You know stereotypical like drinking Mountain Dew staying up all night You know like doing all the things that you that happens in the movies, you know And without having to like write a report afterwards or stamp a thing that says you're secure on it, you know Yeah, they're just fun

They're way more fun than actually doing it as work for sure And I I relate to the point about feeling like a hacker and stuff Like I always put on like the mood lighting in here and then I'll put on The synths and the garage tracks and you know Yeah, that kind of thing and like I really go all-in and if it's just a weekend like, you know I don't have a family so I can just literally walk in with the Mountain Dew and just do it And so it's a lot of fun. And again, it's very low stakes, right? Right learn a lot and you're still tickling the part of your brain you want to just yeah like there's no Responsibility, I guess to it either. Sorry, right? Yeah, and I mean they do design the CTFs to be really satisfying too There's nothing more satisfying than running a bunch of checks and the on a company and you're like, well you guys are pretty good But we can't give you a guarantee. It's like what you said. It's very anti-climactic whereas they design the CTFs to specifically be a game and so You do get those moments where you just miss something and then you find out the answer like oh You know and then there are other times where you're one of the only people that found something and it feels really thrilling

And so I think the escape room analogy is a is a good one. Mmm like the way it feels. Yeah Are you trying to find something like you may have said this and I glossed over but like the goal is to find a Secret or get into a certain place. What exactly like what is the artifact that you find? Is it a physical or a digital physical thing or is it just access or is it? Something you take back and you show hey Here's proof. I've got this thing Before I go the main ones that we did were there was a planted vulnerability and it was teams and You were attacking each other's machines and protecting your own I'm not sure if that has a very specific name to it that style of capture the flag. And so is that a yeah So then there would be a vulnerability on everybody's network and The vulnerabilities were all different And so as a team you'd have to fortify your network while attacking the other people's networks Basically, and they would be there would be some sort of a proof like a flag water whatever imagine a flag would be like a string of characters that you'd have to fetch off of their remote machine in order to prove that you penetrated it and In the meantime, you'd have to be trying to find whatever vulnerabilities were on your machines in order to remove those vulnerabilities Before you got hacked and I remember one time we did them nationally And we got hacked and we got completely destroyed in like 18 minutes one time like we were just like we were like had our mountain dudes were ready for a Friday night and like we lost within the first Half an hour because somebody was so much better than us and I was like, oh very talk about anticlimactics like oh and we're dead So that was fun but could have been more fun if we were better at it that's the ones that I did I'm not sure I'm sure there's different ways that can set them up to do Different things yours sounds like it was levels like there's levels of things that you have to do that you progress through

Yeah, I think I did a mix of them. So I did um, CCDC, which is the collegiate cyber defense Competition I did that with a team and that was just the defense side of what you just said So they do hire professional red teamers and there are you know, like, you know a team from every single college that's participating and This you know, I think Eight of us and you have to lock down they give you an incredibly vulnerable network The the gist of the story is they've just sucked the entire IT team and they've hired you on as the new IT team And you have to like basically audit the whole system find out how it's vulnerable lock it down So it's the same as what you were saying, but we don't have to attack anybody But you spend the first day just auditing trying to lock things down They interrupt you with business requests constantly so you're emailing the CTO he's like I want you to look into crypto as a product Can you like give me a report on crypto by the end of the day or something, you know? And so they're constantly interrupting you and trying to simulate a real business environment where you're just fighting for your life And then yeah, like he said if they just find one vulnerability Which they will all of a sudden you've got the choo-choo trains on your console and then certain other boxes of boot looping And you're just like, oh my god, I didn't you just like it's an actual fire right now And so that was a very stressful one that I did but the others were more about They're trying to give you experience with everything in cybersecurity. So, you know, there's there'll be an encryption section where there's puzzles They'll give you a bunch of encrypted text and they're like, what does this say? and it's more about answering the questions and completing as many of the challenges as possible and they're just smaller toy challenges and They'll also you know challenge you to actually get into a box for example and then yeah find the flag and report what the flag was and Sorry, I've done a big mix of them and then there was the reverse engineering one Which was NSA and that's totally different again. And so yeah, it's um Been a variety. I think I like the ones where I can just sit and Tinker but the the cyber defense one. I really feel like I leveled up Especially in Linux like I we the amount we spent months practicing and running password reset drills and you know Things like that and being able to order it and like we had this big notebook We were all throwing notes into for each other and like we were on a zoom call for the entire Weekend talking to each other and it was very high stress. It took me a few days to recover Yeah, but I really feel that it forced me to level up and I'm sure you felt similarly Jared for sure for sure and definitely

Felt like my Linux administration skills were like peeking at that moment because you you have to know You know all the commands and you have to usually I mean the heat is on which is the way it is I guess I've never been on a network that's under attack in the real world But I'm sure it feels a lot like that where it's like if you have an actual threat actor Who has access to your internal network? I mean it we're moving as fast as we can right like you got to figure out what machines they have access to how they got in like all these things what are we gonna turn off or unplug or like it is a gotta be a very stressful situation and So when the heats on you got to know the command you can't go You can't you hand me sitting there googling like how do I reset the password on this and that? You know all those things kind of go out the window and you got to just move fast And so I definitely leveled up through those experiences, you know, even more even when only lasted 18 minutes, you know

Yeah, but it's so satisfying sometimes when you see you'll run a couple of commands and you'll you'll run who for example when you see someone's logged in and then you find their process ID for their telnet session or SSH and then you kill the process and you're just like They're out and it's like you're sort of scrambling and so it can be incredibly satisfying and then you run it again

And they're back and you're like

Yeah, we we ended up having We ended up using tmux and just opening all of these Different sessions and we had who running and top running and you know net stat and everything and we had them sort of Self-updating constantly so that we could just keep track of it and everyone was assigned two machines to look after and that was way too much overhead as well, right it was just so hard

What are the things you would look for in top like a New process ID from that just seems obscure doesn't belong

Yeah, something that's burning up a lot of CPU to some of the tools are really badly written So they'll they'll rise to the top of that list and you'll actually see it burning a lot of stuff

So we need is top top top the top top off the top. Mm-hmm I feel like we should team up and do one. I I Need a team, you know, I don't have a team anymore says although you're you're you're located, you know Three-quarters of the way around the world for me. So I probably wouldn't be the best but has been really difficult

Yeah, I've stopped participating in the team once now because of that which sucks Yeah, the last team when I did I actually was in San Diego for a work trip and so I stayed an extra couple of days through the weekend because they happen to be one going on and that was Hacking from the hotel. It felt even more hacker movie

Right from a hotel room. Do people travel to do these a lot? Like is that is it meant to be in the same space? Really? Is that where the fun really is that like co-located?

Yeah prior to COVID. I think that was much more common the cyber defense competition that I did We all did it remotely but if you for the regionals, but if you make it through the Nationals you actually go there in person and you're put in a room and You can only bring print books. You can't bring anything digital And so you've got Linux freaking command-line books and you've got all of these printouts of cheat sheets You're going to use and stuff and so they're very strict and locked down and I think those can be really fun, too But I mean a lot of people go to Def Con because there are a lot of CTF competitions there, too I went to B-sides in Canberra last year, which is our capital state So there were lots of feds there as well But they were holding a CTF and you could just go into the room and just play the CTF from there Pop in and do a little bit of it if you wanted to so I think it's like eSports There are a lot of in-person stuff. I would see it as an e-sport almost. They're probably doing them live on Twitch You can probably Twitch stream this. Yeah, a lot of people are probably doing hack the box and Try hack me which are both like online VM platforms that give you puzzle boxes to solve There's a lot of people on Twitch doing those even if they're not talking. They're just streaming themselves doing it

Is there a big career in this obviously I mean like as we as software eats the world and systems morph and you've got more and more things being obviously modernized is this a lucrative or Not even lucrative since you're not chasing fame or money But is there is there a major upside like if there's people listen to this thing and geez I haven't thought about this or I've got a fancy for it But I never considered that I'm like super bored in this current position and maybe I can pivot

I think there's a lot of job security in it because Depending on the role you're in because like it's going to be whack more forever There's always going to be hackers and it's impossible to keep it's impossible to release code without vulnerabilities There's always going to be those kinds of things right? And so it is really good job security in a depressing way And there is a lot of money in it if you specialize there's a lot of really great career opportunities at that again Sometimes it can feel like you're actually doing something important as well I think that the feeling of again, it depends on the role you're in but feeling like you are preventing Citizen data from being breached like if you work on the defense side, even the pentesting side You're helping companies, you know lock down their systems better there's I think there's a lot of reward in it even if it can be a bit of a Depressing industry to be in because you see a lot of stuff you can't unsee and it does make you feel more worried about Just how vulnerable what a systems are it can be incredibly rewarding I think because It's I think some of the jobs are a bit more tangible. You're not just shipping things to make more sales, right? Which I've done in previous jobs. I work for a shoe retailer. It's like yay. We made more money this quarter Whoo, you know, it's just that's not very fulfilling for some people including myself Whereas if you're like I helped develop this tool that kept out the hackers or I pen tested this company and now they're going to Be in a much better security Position like that just feels a bit more tangible and a bit more rewarding that you're actually helping add some good in the world

Yeah, I think it depends on where you land because I've definitely heard horror stories as well and I've heard a lot of InfoSec industry people kind of liking it to get game dev, you know Which is of all the software development careers game dev is like looks like the best but as actually the worst Because everybody wants to be one and yeah like the sweatshop of developers, yeah, it's so crunchy

It definitely depends on where you're at. And yeah, and a pretty depressing example of that too is if you're in forensics There are a lot of really nasty stuff that you can have to sift through in forensics, you know It's the same as content moderation. It's it's you're seeing similar things and so I'm really interested in forensics But I don't think that I again if I can't watch mr Robot, if I can't watch scary movies There's no way that I can work in forensics without feeling psychological damage from that and it affected my mental health Sorry, cyber security has a lot of mental health problems just because of the nature of how things have really messed up And I think that it's a tech community, too So it has its own sort of toxic parts, which we're all familiar with encoding communities as well, right? This just yeah, I think that tech has a lot of Immaturities that still, you know haven't resolved as well as they could and so I see very similar patterns in cyber security To be honest, so, you know, it does come with a warning But I think given that cyber security is such a broad field There are a lot of things you can do that can either keep you out of trouble or can find your niche without Really being exposed to some of the darker parts of cyber security, but I think that's a really good point that you bring up It's not all sunshine and rainbows. That's for sure and you can ruin your hobby If you're not careful, like I think that if I did pen testing as a hobby It would be way more fun than doing it professionally such as like bug bounty, right? Like you can make quite a bit of money from bug bounty if you find a particularly bad vulnerability You can have a $10,000 payout And so I know a lot of people chase that as a bit of a game or a side hustle and that can be really satisfying

Well, what's next for you Suze? Is that something that's Predetermined or you're still trying to figure it out. So trying to figure it out. Can you talk about it or no?

I can't talk about it because I don't know and I'm trying not to put too much pressure on it I thought I think I have a lot of options. That's great. And I don't want to rush into something. So Just for full context and if anyone's watched my recent who is Quincy They'll know but I quit my job in March and then I focused on finishing my master's thesis I did a master's in education technology. So very different from cyber security and my coding background Teaching is something I did earlier my career really enjoyed it. I'm starting to think that it's possible I might want to go back but also I just found I Just thought that that was a really interesting topic for me to study just for my own satisfaction as well So there's not a lot of pressure on whether or not I want to go back to teaching a community college I teach technical topics, obviously Maybe I can do some online courses or something like that but there's just a have a lot of options right like, you know, I have a 20-year career to look back on and I can get a coding job. I can go into another cyber security role I can do teaching part-time maybe and freelance for the rest of it I'm sort of considering my options right now But I've sort of I very deliberately planned my position to have some time off because I am pretty burnt out right now So I'm trying to focus more on the things that bring me joy And then I think it'll eventually lead to something that will be really enjoyable and fruitful for me So yeah, and then just doing my own silly projects again I think that four years of college both a bachelor's and a master's really took a lot of Time away from me being able to be over in this corner Like I'm always at the this corner the computer corner and I'm not in the cool lab corner And so I want to get back to that corner of the room and then on top of that I'm getting my pilot's license. So that's requiring a lot of study and time commitment from me as well So I'm sort of trying to focus on what I currently have going on and then I'll sort of figure it out from there

Lot of facets to you seriously wonder why people are so interested in throwing the pilot's license and there has some

Yeah, I don't talk about it a lot because it tends to get a lot of I think that's what I was alluding to earlier when I said I have other hobbies and then people sort of latch on to it and they're like That's really awesome. And I'm like, no, but can we just talk about the planes and can we talk about the laws and regulations? I find that really interesting But then they just want to be like, oh, so you're gonna be a pilot and I'm like, it's not about me I just want to talk about aviation. So it's the same thing, you know But yeah No I I just love learning and I love machines and I think that planes are a Aircraft are a particularly interesting human machine interface actually Like I drive a manual car. I just love machines and it's not just computers You must love knobs and yeah, like yeah that kind of stuff so I'm learning in a Cessna an old-school plane because it has all of the knobs and the Vacuum instruments and it's a bit sort of flying on hard mode compared to some of the more modern glass cockpits But I just love anything. That's a human machine interface And so to me the pilot made sense, but everyone's like, why are you doing that? And I'm like, well it actually makes sense If you track all the way back to what my interests actually are, but it can seem a bit eccentric to people sometimes

I think more dangerous than eccentric in my mind, you know, I think about flying planes and I'm like well What about when you're not good at it, isn't that when you crash?

I'm not very good at all. I've only got like 35 hours I think now but I have gone on my first solo and I didn't crash the plane so I can't be Super terrible, right? You must be alright but here's the thing planes are a lot more tightly regulated as far as safety goes as far as the maintenance required and they're very strict on you know after next amount of hours you need to completely overhaul the engine and It's actually safer technically than you know being on the highway, but I know with ultra light aircraft and light aircraft You know, the danger level goes up a bit compared to a commercial air line up

But yeah, the smaller the plane the scarier I more scared I am

Yeah, I'm in a four seater the one that I learned and it's the Cessna 172, which is a classic Student pilot plane to learn but it's also a very common one that you can rent once you've got your license So it's sort of it's a good fit But yeah, there's a lot of things that can go wrong. I've been in traffic incidents when I've been solo Where there's been a plane that confused the runway and they're heading straight for me and I've got to like fix it and stuff So I've seen how dangerous it can be already. Um, but I think it's better than it's much safer than a motorcycle So I'm just stick with it. Okay. Oh, yeah 100% Yeah

Motorcycles are scary Yeah, never been a most guy personally I just was thinking like I see so many people here in Texas not wearing helmets because it's legal to not wear a helmet And I'm like you do not like your life at all I mean you have no concerns or cares because it's like there is no way you crash and come back from that

No, it's not like I when I was a kid in Elementary school we got asked like oh what what car do you want to drive or something? I forget why they even asked us this and I was like, I want to ride a motorcycle That's what I'm gonna do and then I got older and I realized I don't trust myself and I don't trust anyone else on the Road, so it is interesting that I picked up aviation because I think it does feel like it's a lot more dangerous because you're adding Like another dimension right like cars are 2d and like planes are 3d and they're much more susceptible to weather as well And sorry, there's a lot more right. There are a lot more variables to them and so Motorcycling seems and I think is a lot more simpler as well just to pick up and actually learn But it's interesting that the danger levels are actually very different from each other

Well, you know the skies are white more wide open, you know There's less idiots out there in the skies if you still have issues, I guess with who's landing when and where but that's the problem with Motor vehicles is like everybody else making bad decisions. Like you can't you can't control them, right?

Yeah, pretty much and I think as a student pilot I've been taking my time because I feel that the more jewel hours I get in the plane with an instructor the better because I can be exposed to a wider variety of scenarios but have the safety of having someone who can take over immediately if they need to and that's been really beneficial and even just facing an Incident on my second solo and my third solo in a controlled airspace, right? Where air traffic control knows I'm on my solo so they can give me additional instructions and things like that I think it is really important to Expose yourself to as many of that as possible because I don't you know, I'm getting my license in a few months Quite close but right now I feel that I want more time to face those Uncertainties to really get a feel for how I would handle them under pressure

Sounds cool. Well, how do we land this plane soos? I Think We just say goodbye and love catching up with you up to cool stuff. I'm looking forward to your pseudonymous anonymous Open source contributions upcoming. I don't know. I don't know it's you but I just I like the idea that you're out there that you're out there

Doing your thing even if nobody knows you find her signature in something. I'm sure she's a a pattern you can match to Yes, we should threat hunt Susan

Yes, it was good catching up with you it's good just good to see that you're well good to see just generally you're you know the way you approach life, you know the way you approach decision-making even from things you're Fearful of or concerned about or things that give you more comfort and safety. It's it's interesting to see that part of your life

Yeah, I appreciate talking to you guys. I miss you guys a lot. Actually. I was just yeah, I was saying in the email I was just thinking about you guys and then you emailed and I was quite thrilled So I always feel like our conversations always go this way. They're always very fruitful very thoughtful and Yeah, I'm just glad that you sort of understand the journey that I'm on right now because I think it's very privileged one but it's also Maybe not as typical and really enjoying just quietly living my life. I think so. It feels like you guys get that

Yeah, we get it. We do get it and we appreciate you opening up and sharing with us Absolutely, all right, I guess we now we'll just say goodbye and It's ringing out. Bye friends. Bye friends What do you think? Should I dust off my old copies of nmap? Wireshark and metasploit and try my hand at capturing the flag once again Let us know in the comments. We love hearing from you one more. Thanks to our sponsors of this episode Super base speak easy test double and socket and of course to our partners at fly to IO and to our beat freak in residence break master cylinder Oh and don't forget sentry use code changelog when you sign up for a sentry team plan and save yourself a hundred bucks Why not right next week on the changelog news on Monday? Ryan whirl from warp stream on Wednesday and our next edition of the award worthy pound define game show on Friday Have a great weekend. Leave us a five-star review if you haven't yet and let's talk again real soon