JavaScript Jam Open Mic with the Clerk Team
A discussion featuring the Clerk team explores authentication, AI integrations, JS tooling, and security best practices
Episode Description
JavaScript Jam Live discusses Clerk authentication, AI chatbot development with LangChain, web security best practices, and the debate over rolling your own auth.
Episode Summary
This episode of JavaScript Jam Live features Dev Agrawal from Clerk alongside hosts Anthony Campolo and Scott Steinlage, with several community members joining throughout. The conversation kicks off with Dev introducing himself as a developer advocate and content creator before a new listener named Chris sparks a discussion about building AI chatbots using LangChain and the OpenAI API, comparing the JavaScript and Python ecosystems for AI tooling. The topic naturally transitions into Clerk's authentication platform, where Dev explains its pre-built components for login, signup, multi-factor auth, and organization management across React and other frameworks, while also highlighting Clerk's new bot detection feature aimed at protecting AI tools from abuse. A substantial portion of the episode centers on the "roll your own auth" debate, with Fuzzy Bear bringing a cybersecurity perspective on why developers should avoid building custom authentication for production, citing the complexity of secure implementations and the risks of blind faith in dependencies. This leads into a broader conversation about web standards versus abstractions, software supply chain security including SBOMs, and the Socket project for npm dependency scanning. The episode winds down with discussions on work-life balance, the power of saying no in professional settings, favorite developer newsletters, and concerns about AI content scraping and copyright protection.
Chapters
00:00:00 - Introductions and Getting Started
The episode opens with the usual lively banter as hosts Scott Steinlage and Anthony Campolo welcome listeners to JavaScript Jam Live, their weekly Wednesday show on web development. They introduce Dev Agrawal, a developer advocate at Clerk and content creator on YouTube and Twitch, who joins from his building's gym while cycling.
Dev talks about his content creation journey, which started with videos on microservices architecture and expanded into serverless computing, Next.js, and domain-driven design. Anthony notes that Dev's content has already made an impact in the community, with people associating him with microservices expertise from just a handful of discussions. The group also briefly reminisces about a recent podcast recording session that involved hours of pre-show karaoke.
00:06:28 - AI Chatbots, LangChain, and Python vs JavaScript
A new community member named Chris joins and steers the conversation toward building AI chatbots using Next.js, TypeScript, and LangChain. Anthony shares his experience building a LangChain starter project using the JavaScript version, while Chris discusses his work with document question-answering bots and the advantages of Python's broader ecosystem for AI tooling.
Chris describes several projects including a chatbot for querying the DSM psychiatric manual, vectorizing YouTube transcripts for conversational search, and an idea to build a tool for chatting with declassified government documents. The discussion highlights the gap in JavaScript AI examples compared to Python, with Anthony noting this represents a great opportunity for JavaScript developers to create tutorials and examples in this emerging space.
00:14:10 - Introducing Clerk and Authentication Solutions
After brief tangents involving new community members and technical difficulties, Dev provides a thorough overview of Clerk's authentication platform. He explains how Clerk offers pre-built components for login, signup, password recovery, account settings, organization management, and multi-factor authentication that can be injected into React applications or used with any frontend framework via Clerk JS.
Dev highlights Clerk's organization features for B2B and multi-tenancy use cases, along with the newly released bot detection capability designed to protect AI tools from automated abuse. The conversation touches on Clerk's pricing model, with Dev revealing that pricing changes are coming soon that will be simpler and more affordable. Several community members share positive experiences with Clerk, and Dev mentions that Clerk is actively hiring, with Dom recently joining as head of developer relations.
00:32:26 - The Roll Your Own Auth Debate
Fuzzy Bear joins and brings a cybersecurity perspective to the ongoing "roll your own auth" debate that has been circulating on Twitter. He argues strongly against building custom authentication for production, citing the numerous security pitfalls, foot guns, and trap doors that require specialized expertise to navigate properly, while acknowledging it can be a valuable learning exercise.
Dev reinforces this position by referencing Domain-Driven Design principles from decades ago, which advocate for using off-the-shelf solutions for generic or supporting features like authentication rather than building them yourself. The discussion explores how developers often underestimate auth complexity and overestimate their ability to handle it with open-source libraries, with Fuzzy Bear describing real-world examples of seemingly secure implementations that were easily bypassed during security audits.
00:41:20 - Web Standards, Security, and Supply Chain Risks
The conversation evolves into a nuanced debate between Dev and Fuzzy Bear about using web standards versus custom abstractions. Fuzzy Bear advocates for staying closer to established standards from a security perspective, while Dev acknowledges the trade-offs, noting that standards themselves are abstractions created by committees and may not cover every specific use case.
The discussion shifts to software supply chain security, with Fuzzy Bear raising the topic of SBOMs — Software Bills of Materials — an emerging compliance requirement that documents every dependency in a software artifact. Anthony introduces Socket, a tool for scanning npm dependencies for security vulnerabilities. Scott connects this back to a previous Composability Summit talk about SBOMs, and the group emphasizes the importance of developers being more conscious about the dependencies they bring into their projects and the real security costs of relying on unaudited abstractions.
00:58:09 - Work-Life Balance and the Power of Saying No
Jeff Escalante from Clerk briefly joins from vacation, sparking a broader discussion about work-life balance in the tech industry. Jeff shares his perspective on intentionally checking in on work during downtime versus feeling obligated to do so, while Travis describes how his new company's security policies accidentally gave him better boundaries by making it harder to access Slack after hours.
The conversation transitions into the professional value of saying no, with Nicky T sharing career lessons about how overcommitting leads to half-finished work, while learning to decline or reprioritize tasks actually produces better outcomes. Travis adds that the key is not just saying no but framing it constructively with alternative solutions, helping managers understand capacity constraints and make informed prioritization decisions.
01:22:18 - Developer Newsletters, AI Content Concerns, and Closing
Dev asks the group about their favorite newsletters and information sources, prompting Anthony to share his extensive Feedly setup including Cooper Press newsletters, React Digest, and bytes.dev, along with individual blogs from Cloudflare, Deno, and prominent developers. Nicky T describes his reading workflow using a Kobo reader integrated with Pocket for saving articles.
The final segment addresses concerns about AI scraping content, with Fuzzy Bear asking how creators can protect their work from being consumed by language models. Anthony argues this mirrors longstanding content theft problems predating AI, citing personal experiences with blog posts being scraped and republished. Travis shares a similar story, and the group discusses the limitations of copyright enforcement across international boundaries. The episode closes with Scott encouraging listeners to subscribe to the JavaScript Jam newsletter and follow the speakers for ongoing value.
Transcript
00:00:00 - Scott Steinlage
Yo.
00:00:01 - Travis
Hello.
00:00:01 - Happy Decoder
Hello.
00:00:01 - Anthony Campolo
Hello.
00:00:02 - Happy Decoder
Hello.
00:00:03 - Scott Steinlage
Hey, hey, hey, hey.
00:00:05 - Happy Decoder
Welcome.
00:00:06 - Scott Steinlage
Can you hear me?
00:00:07 - Anthony Campolo
To JavaScript Jam.
00:00:11 - Scott Steinlage
Welcome to JavaScript Jam Live.
00:00:17 - Anthony Campolo
Yeah, we're livest. The opposite of dead.
00:00:23 - Scott Steinlage
So live I feel really real. Not really.
00:00:27 - Anthony Campolo
You are for real.
00:00:32 - Dev Agrawal
Never meant to make you.
00:00:34 - Scott Steinlage
All right, This is Outcast.
00:00:41 - Happy Decoder
Welcome.
00:00:42 - Scott Steinlage
No,
00:00:44 - Anthony Campolo
still cool in 2023. Sorry.
00:00:47 - Scott Steinlage
Starring Anthony AJZ, web dev and Scott, that's me.
00:00:53 - Anthony Campolo
Developer advocate at Edgio.
00:00:56 - Scott Steinlage
Yeah. And yours truly, technical community manager at Edgio, Scott Steinlage. Welcome to the show, folks. We have today Dev...
00:01:10 - Anthony Campolo
Dev Agrawal. What up? Let me speak, Mr. Roll Your Own Auth. Always,
00:01:19 - Scott Steinlage
always roll your eyes.
00:01:20 - Dev Agrawal
How's it going? How's it going?
00:01:23 - Anthony Campolo
Hey, thanks for coming.
00:01:26 - Dev Agrawal
Of course, my pleasure. Love these spaces.
00:01:28 - Scott Steinlage
Yeah, don't worry, we're just gonna make you sing a couple songs.
00:01:33 - Anthony Campolo
Maybe Dev get down on some karaoke. I've seen Dev sing Hotel California.
00:01:41 - Scott Steinlage
He's got skills.
00:01:43 - Dev Agrawal
Wait, have you. Oh, I was. Yeah, I forgot what we doing before the.
00:01:51 - Anthony Campolo
I clipped it.
00:01:55 - Scott Steinlage
Yes.
00:01:58 - Dev Agrawal
Have them somehow.
00:02:01 - Scott Steinlage
Yeah, we have some. I have some video footage.
00:02:05 - Anthony Campolo
All right, give the rest then. You want to give the rest of the introduction? Scott, the spiel.
00:02:10 - Scott Steinlage
Absolutely. Yeah, yeah. So, y'all, thank you all so much for showing up, for listening in. If you're listening on the recording, thank you as well. We greatly appreciate you, as always. This is JavaScript Jam Live. We do this every Wednesday at 12:00pm Pacific Standard Time. We have a great time here. Whether you're a beginner, whether you're an advanced user or developer, it doesn't matter. We love to hear from everybody. Please be sure to request to come up if you're here with us live today and we'll be able to bring you up and you can ask questions, state facts, comments, opinions, reflections, whatever. We want to hear it. Why? Because that's how we get the most value out of these things, is when people participate and we have fun together. So this is a very open-mic concept. You don't have to be prepared for this. It's just a good time. We like to have some fun. So join us. Let's have fun together. Today we have Dev with us from Clerk, and we're going to be talking through the newsletter, as always, and some of those good things too. So yeah, Anthony.
00:03:16 - Anthony Campolo
Yeah, cool. And my name is Anthony Campolo, developer advocate at Edgio, and I'm going to go ahead and paste the newsletter to the Jumbotron, as we like to say, and want to thank Dev for joining us. Yeah. You want to introduce yourself, Dev?
00:03:39 - Dev Agrawal
Yeah, of course. My Name is Dev, or Dave, whatever you want to call me. I am a developer advocate for clerk.com where we build authentication solutions for React developers. And I am a content creator on YouTube and Twitch.
00:03:55 - Anthony Campolo
What kind of content do you create?
00:03:58 - Dev Agrawal
My content is center around talking about concepts and web development and software development in general, about software architecture, very general high level educational content. I don't have a specific niche. Just up yet. Still on my way to discover that.
00:04:17 - Travis
Cool.
00:04:17 - Anthony Campolo
What are. What's some of the stuff that you've covered so far?
00:04:21 - Dev Agrawal
Yeah, so I really started my YouTube journey by talking about microservices because that's something that I've had to deal with for a while. That's something that people talk about quite a bit without really fully knowing what the concepts are and why they exist. Or people start to implement those in their projects without knowing what the benefits are, what the costs are. So that's how it started. Then I talked a bit about serverless cloud, serverless computing. I talked about Next.js and if it's a backend framework or not. That's my biggest video, I believe. Yeah. And currently I'm also working on some video series around stuff like domain-driven design to see if I can talk more about those concepts and make them more accessible to people who might not have had the best opportunity to understand those concepts yet.
00:05:13 - Anthony Campolo
How much of your content has been reacting to Theo's content?
00:05:17 - Dev Agrawal
Honestly, it's really just that that one video that was like that, that blew up to be my biggest video, which was kind of in response to stuff that Theo has said. Other than that I've reacted. I've only reacted to a few of his videos on my live stream. I haven't really published any to my YouTube channel yet. So I say that I'm a content creator, but it's more like, yeah, I'm trying to be a content creator. I'm not getting too much time and bandwidth to put into that side yet.
00:05:46 - Anthony Campolo
Man, I think the stuff you've done has been pretty impressive. Like some people are referring to like a microservice person just because you had made like one video and talked about it like a handful of times in the space, which I thought was pretty funny. So, like, whatever content you're creating seems to be making an impact.
00:06:02 - Dev Agrawal
Good to hear. Also, by the way, right now I am in a gym and sitting on a cycle.
00:06:08 - Anthony Campolo
Cycling. Yeah. Staying swole. All right, cool. Well, I don't hear any background noise, so that's good.
00:06:15 - Dev Agrawal
Perfect. This is a gym in my building which, like, almost no one visits. So I'm like, it's one tiny room, and I'm basically the only one in here, so I'm free to do that.
00:06:25 - Anthony Campolo
Yeah, I have a. I have a similar setup, actually. That's pretty sweet.
00:06:28 - Happy Decoder
Cool.
00:06:28 - Anthony Campolo
Have you gotten a chance to listen to the podcast yet?
00:06:31 - Dev Agrawal
Oh, yeah, I listened to it the whole way. It's pretty funny. Some parts are pretty funny. Some parts are obviously, like, very informative, I would say.
00:06:42 - Anthony Campolo
Yeah, No, I thought it was a great combo, and I'm glad. There's a segment where I thought I had not gotten the part with Colin that I realized I actually had in a different file, because the way the files came out was a little bit confusing. But I thought having him pop in to kind of, like, add some color was great. Towards the end when you were like, colin, are you still here? He's like, yep, just hanging out.
00:07:05 - Dev Agrawal
Yeah. Went on a whole rant about Makeswift, and Colin was sitting through the whole thing, and we all were [unclear].
00:07:13 - Scott Steinlage
Yeah, that was pretty funny. I even thought about, like, mentioning Makeswift in my tweet just because, like, a huge portion of it was about them.
00:07:25 - Anthony Campolo
Featuring Makeswift, right?
00:07:28 - Dev Agrawal
Phantom Makes with Jeff Escalante.
00:07:32 - Anthony Campolo
I honestly have no idea what Makeswift is. I've never used it before.
00:07:36 - Scott Steinlage
It's really cool.
00:07:36 - Anthony Campolo
I think I'm looking at right now. It looks like it's the visual builder for Next.js.
00:07:42 - Dev Agrawal
There you go. It's such a product that it's infected another Twitter space.
00:07:47 - Scott Steinlage
Yeah. Basically, your developers can create components, custom components, and then the marketing team can come in and they can change things by dragging, dropping, and editing on the screen versus using code. So it's kind of cool.
00:08:03 - Anthony Campolo
So why have we not had them on the space?
00:08:06 - Scott Steinlage
I'll hit them up. I know all of them, so they know me. We'll get them on one of these. Who's this? AI Mercenary.
00:08:15 - Anthony Campolo
You're questionable. They only have six tweets and 21 followers.
00:08:19 - Fuzzy Bear
Yeah.
00:08:20 - Anthony Campolo
And they literally just requested.
00:08:23 - Scott Steinlage
Yeah.
00:08:26 - Anthony Campolo
That's a very risky click.
00:08:28 - Scott Steinlage
Yeah, they can. You can make a comment if you're real. Okay. Yeah, yeah. Peace out. Anyway, they laughed.
00:08:39 - Anthony Campolo
They're responding with laughter. So yeah, AI is responsive. What if it just, like, laughs and...
00:08:48 - Scott Steinlage
does hearts, like, every now and again, it's just like, click, click.
00:08:52 - Anthony Campolo
Dude, I don't even know, man. Or know what's real anymore. It's really quite challenging sometimes.
00:09:00 - Scott Steinlage
Yeah, that's true. That would be really impressive.
00:09:05 - Anthony Campolo
Okay, okay. Real. Okay. Interesting.
00:09:17 - Dev Agrawal
Yeah, that looks real enough.
00:09:19 - Scott Steinlage
All right, we'll bring you up. Let's see what happens.
00:09:25 - Dev Agrawal
I made the call.
00:09:28 - Scott Steinlage
What's up? I brought you up, dude. I said as a speaker.
00:09:33 - Anthony Campolo
It looks like it's taking its sweet time on Twitter Spaces time, huh?
00:09:39 - Scott Steinlage
That's true. What's up, Chris?
00:09:41 - Anthony Campolo
Hello, Happening.
00:09:42 - Chris
What's up fellas? I'm real.
00:09:45 - Scott Steinlage
Hey, what's up?
00:09:46 - Anthony Campolo
You're a real person. He's got a brand new Twitter account.
00:09:50 - Fuzzy Bear
Yeah.
00:09:54 - Chris
I was curious if any of you have been building chatbots in, like, Next.js, TypeScript, React. But I was wondering about the intersection with Python because that's really where the power is in building those. But if you guys haven't been looking at LangChain or any of that...
00:10:11 - Anthony Campolo
yet, then I've checked out LangChain. Yeah, I built a LangChain starter for Edgio and I think it's dope. I use the JavaScript version for it instead of the Python version. So for me I'm not really trying to build or train models, I'm trying to hook into models that already exist in a very easy way with a nice API. So I think LangChain is dope and I've definitely found that the tooling, even if you don't use LangChain, just hooking it to the OpenAI API in general, like the chat completions endpoint, is you basically just have an endpoint that you can throw text at and it responds like it's ChatGPT, and you can pick the model, you can tune how much you want to come out versus how long outputs you want, and a lot of really fine-grained abilities with that.
00:10:58 - Chris
Yeah, I've been doing a lot of that with the TypeScript version off of Mayo's codebase, doing a lot of document question-answering bots. But I was looking into getting more of the generative stuff, and I know there's Replicate AI that has endpoints you can hit and use various open source models. But the power that LangChain has in Python has me wanting to build APIs using Python that would talk to my Next.js app. So that's more what I've been exploring lately.
00:11:35 - Anthony Campolo
What exactly are you able to do in the Python ones that you can't do in the JavaScript ones?
00:11:41 - Chris
The code is very minimal to do in do a lot and there's just a lot more open source tools. I found like really good quick YouTube scrapers.
00:11:54 - Anthony Campolo
I agree there's like 10x more examples in Python. It's for people who write JavaScript and want to create examples. This is like a really good space to be in right now.
00:12:06 - Chris
Yeah, I was thinking about that too. Maybe start making tutorials on what I've done so far.
00:12:11 - Anthony Campolo
So what kind of stuff have you built so far? Like what's like your use cases?
00:12:15 - Chris
Like I said, most of them are questioning and answering. So I built one for an idea
00:12:21 - Anthony Campolo
doctor had for outside of like medical stuff.
00:12:26 - Chris
Well, so pretty much just vectorizing various documents and then doing prompt templates to get them the output they want. So like just prompting prompt templating. Right. And doing markdown. Right. For the responses and how I want it to look. But like one was for a doctor that had an idea to chat with the DSM manual about mental health stuff and psychiatry.
00:12:48 - Anthony Campolo
Yeah.
00:12:49 - Chris
Another one I built was for someone who wanted to vectorize their YouTube transcripts and then put that into a vector database and chat with it.
00:13:01 - Anthony Campolo
That's exactly what I'm going to do with my podcast, JS Jam. Actually I'm working on doing that right now.
00:13:07 - Chris
That's cool.
00:13:10 - Fuzzy Bear
Awesome.
00:13:11 - Chris
Yeah, stuff like that. And I had an idea of like making one to chat with declassified documents. Actually just like pulling all the D class documents and just being able to ask what's been declassified so far? I don't know, there's a lot of
00:13:25 - Anthony Campolo
declassified what like JFK documents?
00:13:28 - Chris
Oh, anything that's been declassified. Just scraping like the CIA reading rooms, the DOD stuff, whatever's been released.
00:13:34 - Anthony Campolo
Yeah, I've tried using it to summarize really long, in-depth documents like that, using ChatGPT. Because there's so much stuff out there, it's like more than any person could ever read, you know?
00:13:47 - Chris
Yeah. And like most of them are hosted as PDFs and now with AI we can read PDFs really fast and get that information. And so like, I mean there's, there's declassified stuff on like remote viewing techniques. I mean there's all kinds of stuff.
00:14:01 - Anthony Campolo
You and I have similar interests, let me tell you.
00:14:05 - Dev Agrawal
Anthony has similar interests with an AI. What a surprise.
00:14:10 - Anthony Campolo
Do you know what remote viewing is, Dev?
00:14:15 - Dev Agrawal
Remote viewing, did you say?
00:14:16 - Anthony Campolo
Yeah, remote viewing.
00:14:18 - Dev Agrawal
I don't think so.
00:14:19 - Anthony Campolo
Yeah, it's complicated. Scott, are you okay? You hopped in and out there.
00:14:26 - Scott Steinlage
I was trying to talk, but it wouldn't let me.
00:14:30 - Anthony Campolo
All right, you can talk now. What's up?
00:14:33 - Scott Steinlage
Yeah, bro, Nifty. What's up?
00:14:35 - Fuzzy Bear
I'll bring you up to you, bro.
00:14:38 - Scott Steinlage
Yeah, I was just saying I was super excited about what he was talking about because of some of the stuff I was doing with PDF reading and trying to create prompts for those things, but I was having issues with the prompting on some stuff to get my expected outcome. Anyway, I was just gonna say, dude, I would love to chat for a little bit offline. Well, online, but off of JavaScript Jam, and get your input on a few things if you have the time in the future.
00:15:08 - Chris
Oh, yeah, absolutely.
00:15:09 - Happy Decoder
No problem.
00:15:10 - Dev Agrawal
Cool, man.
00:15:10 - Scott Steinlage
Well, let's connect.
00:15:15 - Anthony Campolo
How'd you find this space, by the way?
00:15:19 - Chris
I followed this Dev.
00:15:25 - Anthony Campolo
Good old dev. Yeah.
00:15:26 - Chris
How do you. How do you pronounce your last name? I'm sorry, I don't want to butcher it.
00:15:29 - Dev Agrawal
Don't worry about it.
00:15:33 - Chris
No, I want to know how to pronounce it. I'm curious.
00:15:35 - Scott Steinlage
He's like, I'm not even gonna say it. Don't worry about it.
00:15:39 - Anthony Campolo
Yeah, pretty much.
00:15:40 - Scott Steinlage
Just.
00:15:44 - Chris
Yeah. My other Twitter account was getting cluttered with stuff, so I made a new one just to follow AI.
00:15:50 - Anthony Campolo
Yeah, no, it makes sense. It's just difficult sometimes because if you bring up someone who has like a brand new account, all sorts of wackiness can ensue. But definitely thank you for joining and we're happy to have you here.
00:16:02 - Chris
No, I hear that. I've been in the spaces where people just throw up. Yeah. Crazy stuff in the mess. Yeah.
00:16:11 - Anthony Campolo
So are you mostly a Python developer or. Python and JavaScript developer. Like, what's your background?
00:16:18 - Chris
Full time? React right now. Yeah. TypeScript, JavaScript, React. I've done a little bit of Java. I'm learning Python now. More.
00:16:27 - Anthony Campolo
Gotcha. That makes sense. Yeah. Dev's done a little bit of Java, right, In college.
00:16:35 - Dev Agrawal
Yeah, I've done a bit of Java and. NET in the college. Not the biggest.
00:16:40 - Chris
Yeah, same in school.
00:16:42 - Dev Agrawal
Yeah. I mean, I'm definitely not going back to Java anytime soon, but.
00:16:46 - Scott Steinlage
Hell no.
00:16:48 - Dev Agrawal
Honestly.
00:16:51 - Chris
Yeah, with React Native, it's not as needed anymore, at least for mobile app development.
00:17:02 - Scott Steinlage
Awesome, man. Hey, bro.
00:17:03 - Dev Agrawal
Nifty.
00:17:04 - Scott Steinlage
What's up, man?
00:17:05 - Dev Agrawal
Welcome to.
00:17:06 - Speaker 8
Yo. I just came on real quick to give a short quip there in response to Dev's commentary about Anthony and the AI guy. Connecting.
00:17:20 - Anthony Campolo
Go ahead. Got him, Got him. Then he got high five.
00:17:25 - Scott Steinlage
Spicy.
00:17:26 - Fuzzy Bear
Yes.
00:17:30 - Anthony Campolo
I love AI guys. I love it so much.
00:17:33 - Scott Steinlage
Me too.
00:17:33 - Anthony Campolo
What's up? Happy decoder.
00:17:38 - Happy Decoder
Oh, hey, Anthony. Hey, guys. This first time, like, you know, I'm seeing you guys here. I got. Got here, like followed the tweet. Tweet from Dev. Yeah. Just like saw JavaScript and, you know, just clicked on it. That's how like he came. Yes. Yeah, I worked like, you know, I have worked with JavaScript for like most of the times. And yeah, I use Python mostly for, you know, let's say something that I want to get done probably for, you know, this coding interview sort of questions like TSA and things like that. And JavaScript is sort of like, I mean I love JavaScript and also Python, but yeah, and what else? Let's see, you know, I don't know, like what's the plan for this particular space?
00:18:43 - Dev Agrawal
But is it even legal to say that you love JavaScript and you love Python in the same sentence?
00:18:49 - Happy Decoder
Is it not?
00:18:52 - Anthony Campolo
I mean, you know, one, you can learn the other one pretty damn quickly. Like I think the two go together just fine.
00:18:58 - Happy Decoder
I would be very sad to realize that if that's not true. But yeah, I do love both of them. Right. And yeah, but I prefer like JavaScript more because I code, you know, regularly in that so I'm more comfortable there. But yeah, I do love the kind of, you know, I think the way you can express yourself in Python so that something, it feels very natural. So that part I like about Python. JavaScript. Well, you can hate it like, you know, for all that it is. But like you cannot live without that on the web at least.
00:19:41 - Fuzzy Bear
Right.
00:19:41 - Happy Decoder
So you got to do that. And I mostly work on the website. I work with react native on the native mobile app side as well. But yeah, again that's, I still say JavaScript.
00:19:56 - Fuzzy Bear
Right?
00:19:59 - Happy Decoder
Yeah, I worked with Electro on the desktop and I would still say that's sort of like not JavaScript. But yeah, it is like based on JavaScript. So I mean all these frameworks and also like just sort of comes if you are on the web and working with sort of cross platform dependent frameworks.
00:20:21 - Scott Steinlage
Right.
00:20:21 - Happy Decoder
So JavaScript comes handy there.
00:20:24 - Anthony Campolo
So yeah, yeah, yeah, my bootcamp, yeah, my bootcamp they had us learn JavaScript like for the first like you know, main web stuff. You learn how to build like a full stack app and then they had us use Python for like the algorithm stuff you had to learn. That was pretty smart. So you kind of got a taste of both.
00:20:43 - Happy Decoder
Yeah, like Node also if you know Node like you wouldn't need an under especially like if you handle, want to handle all the server logic. You don't need other backend than JavaScript.
00:20:52 - Anthony Campolo
And I don't know, this is JavaScript jam. So node and front end, back end JavaScript, it's all fair game here. And people who write Python are also welcome as well. We're open to all types of programming. Anything that used to get stuff done, that's what it's all about.
00:21:13 - Dev Agrawal
I had a question by the way, for mostly for everyone, but specifically for Anthony and AI Mercenary. So I don't know much about building AI tools, but I keep hearing things about like bots and scrapers causing issues and abusing AI tools. I would love to hear more about that.
00:21:33 - Anthony Campolo
I mean, I think scraping is an issue that kind of is separate from this current batch of AI stuff. That's always been a problem. Maybe it's more of a problem right now because people have a new reason to scrape a bunch of data to do something with it. But that's not really new. Like people have been scraping and there's all sorts of like rules and laws, like types, certain types of websites actually illegal.
00:21:57 - Scott Steinlage
Yeah, that's true.
00:22:01 - Chris
Yeah. Scraping is going to be a big thing. I mean people are scraping for most up to date context, most up to date information. Yeah, it's what the AI is about.
00:22:13 - Dev Agrawal
Right. And what about bots? If I build an AI tool, is it like a likely thing that some bots might target my tool and abuse it and I'll have to pay a bunch of credits?
00:22:26 - Chris
I mean, yeah, I would definitely put it behind auth and that sort of thing. Yeah, for sure.
00:22:33 - Anthony Campolo
Yeah. Like, and this is like just, you
00:22:34 - Chris
can do rate limiters, you got like
00:22:36 - Anthony Campolo
basic DDoS protection that Cloudflare is giving forever. So like this is a, this is a long, this is something that's been going on for a long time and there's already tons and tons of tools aimed at mitigating it.
00:22:48 - Dev Agrawal
Yeah, I mostly brought it up because at Clerk we have been investing in putting all of that out of the box with Clerk. So this is why we have been talking to a lot more people building AI stuff. And a16z is also launching AI bot starter kits and stuff like that, and they're choosing Clerk for it because we recently released a bot detection feature. You don't have to do any sort of setup with any other provider. It's built into Clerk now. I want to see how that plays out with applications and with AI developers.
00:23:26 - Chris
I think that's one of the services I did look into using or trying at some point. I may try it out. But no, I've just been building up from, like, NextAuth starters. And they have the Vercel AI SDK that just released recently. I haven't played with it at all. But they have starter templates for all that up now.
00:23:54 - Dev Agrawal
Yeah, if you want to check out Clerk, you want to check out Clerk for those tools, that would be great.
00:24:05 - Scott Steinlage
Do you guys have a go-to landing page you're sending people to, or just clerk.com?
00:24:13 - Dev Agrawal
Just clerk.com.
00:24:16 - Anthony Campolo
Dave.
00:24:17 - Dev Agrawal
Dave. Yeah, just don't misspell that with D-A-V-E because that's not a TLD.
00:24:25 - Scott Steinlage
But I thought Dave was your guys.
00:24:27 - Anthony Campolo
Not yet.
00:24:32 - Dev Agrawal
Oh yeah. So do you guys, did you guys have any other questions? Anything you were wondering about after the podcast episode? Anything that you didn't get to ask there?
00:24:41 - Anthony Campolo
That's a good question. Are there any other people on the speaker panel who are interested in Clerk or have used Clerk?
00:24:50 - Scott Steinlage
Yeah, maybe for some of your AI stuff there. AI Mercenary.
00:24:58 - Happy Decoder
I mean, see, I want to know, like, this whole discussion was first like you talked about some scraping, right, you wanted to do?
00:25:08 - Chris
I mean it's kind of free form.
00:25:10 - Anthony Campolo
It was originally meant for talking about Clerk stuff, but then if other topics come up, then we talk about other topics, so it's kind of whatever. Right now we're talking about Clerk though, again, it seems.
00:25:20 - Happy Decoder
Yeah, I mean I was just gonna go search for it. Like, what exactly is this? I opened my laptop and saw JavaScript Jam. What is Clerk.com? I've seen a few tweets, but I haven't got a chance to look at it. Just going to see what it is.
00:25:41 - Dev Agrawal
Great question. Well, I'm right here to help answer that. Yeah, fortunately. So Clerk is an authentication provider, by the way. Let me know if you guys can still hear me properly.
00:25:53 - Scott Steinlage
Yeah, you're good, you're good.
00:25:54 - Dev Agrawal
Cool. Clerk is an authentication provider for React projects, and specifically Next.js projects as well. Basically, if you're building an application and you need any sort of authorization flow or authentication flow like login, sign-up, forgot password, account settings, organization settings, multifactor, all of that is built into Clerk and we provide that out of the box. The primary way we do that is we provide you with built-in components that you can inject into a React application, or really any application, but React is the DX that we focus on and try to streamline as much as possible. But obviously you can use Clerk JS with any front-end framework. The components have a fully built-in login, signup, verification flow, everything. We also have components for account settings, account profile, adding multiple factors, changing passwords, OAuth, and everything. Some of the features that I really like are organizations because that's something that I've struggled with building on my own for projects for a while. So if you want some sort of collaboration or some sort of multi-tenancy, if you're building something B2B for organizations, then all the capabilities that you might need there are built into Clerk.
00:27:25 - Dev Agrawal
And then on top of that we just talked about AI tools and how like if you're building AI tools, it's likely to get abused by bots and stuff. So we also have bot detection now built into Clerk, so you don't need to do any sort of additional setup with Cloudflare or anything like that. It's all built into Clerk now
00:27:47 - Chris
and it's free up until the 999th user. Is that true?
00:27:55 - Dev Agrawal
Yeah, there's a free tier and we are overhauling the pricing model and the pricing page right now. So like whatever you see on the pricing page right now is going to be different in a few days or in a few weeks.
00:28:11 - Scott Steinlage
Is this a good thing for users?
00:28:15 - Dev Agrawal
Yeah, yeah, we're dropping the pricing and we are also making it simpler to understand.
00:28:20 - Scott Steinlage
All right, you heard it first on JavaScript Jam, y'all.
00:28:23 - Scott Steinlage
Hey Dom, I see you out there in the audience, man. You come up if you want. We'd love to hear from you as
00:28:28 - Dev Agrawal
always come up here.
00:28:29 - Scott Steinlage
You can also.
00:28:30 - Dev Agrawal
Dom is also a sick a bit though.
00:28:34 - Happy Decoder
Yeah, yeah, I think I got to know what Clerk is and it makes sense, right? So the AI aspect is just for the bot detection, or is it more than that? And if I understood, this is also mostly a React component, right, that you can plug into your React app? Or when you say you can use it in any other frameworks as well, do you have different components for them, or is it somehow in the React component? Got it. Okay.
00:29:12 - Dev Agrawal
Yeah. So we have SDKs for React frameworks like Remix, Gatsby, Redwood. Of course Redwood is in there. Yeah, I tried out Redwood the week before last. It was pretty fun. If you're not in a React project, what you can do is load Clerk JS, which is a script that basically all the other wrappers, all the other SDKs use under the hood. But you can use Clerk JS directly. And what that will give you is a Clerk object and you can do Clerk.openSignIn(). That's a method that you can call, and that will open the sign-up modal, and that's the prebuilt component that we have. You don't need to be using React on your project to be able to use these components. You can still import and use all the components even if you're in a Vue or Angular or Svelte application, or even just a vanilla JS application.
00:30:15 - Chris
Very cool. I think I'll give it a shot on my new S. Awesome.
00:30:20 - Dev Agrawal
Yeah, DM me if you have any questions. And as, as for the AI toolbot detection is how we are starting it, but we are absolutely open to feedback from people building AI tools about what they need and how. And also clerk. But a 16Z or Andreessen, how Horowitz in general, they're doing a lot of tech stuff to make developing AI tools easier.
00:30:53 - Anthony Campolo
Good name drop, good name job.
00:30:58 - Dev Agrawal
I am biased, by the way, because a16z is a supporter of Clerk, so take that into account. But obviously we love everything they're doing in general.
00:31:10 - Anthony Campolo
Yeah, they're great. They're very big on crypto, which I like. What are some other cool things that are happening with Clerk right now, aside from the bot detection?
00:31:21 - Scott Steinlage
Yeah, only like hiring the entire Internet.
00:31:26 - Dev Agrawal
That's exactly what I was going to bring up. In the last few months, Clerk has seen a lot of growth and we are hiring like crazy right now. So if you're looking for a growing startup to work at, Clerk is hiring. Make sure you fill out the application and we'll definitely get to it. I'm really excited. Dom has just been hired as the head of DevRel, and he's my new boss, so I'm very happy to work with him.
00:31:59 - Chris
Do you need an AI mercenary? That's the question.
00:32:02 - Dev Agrawal
Sorry, I didn't catch that.
00:32:04 - Chris
Do you need an AI mercenary?
00:32:06 - Anthony Campolo
An AI mercenary? Are you hiring AI mercenaries?
00:32:10 - Dev Agrawal
I would love to consider that. Dom throws out the heart for sure.
00:32:16 - Scott Steinlage
There you go.
00:32:18 - Anthony Campolo
I'm sure they'd be open to a conversation at the very least. So get in their DMs. Slide in there also. What's up, Fuzzy Bear?
00:32:26 - Scott Steinlage
I see you, Fuzzy Bear.
00:32:30 - Fuzzy Bear
It's Fuzzy time.
00:32:32 - Scott Steinlage
Fuzzy Wuzzy was a bear. Fuzzy Wuzzy had no hair. Fuzzy Wuzzy wasn't very fuzzy, was he?
00:32:40 - Anthony Campolo
Was he? Was he, Was he Scottish?
00:32:43 - Scott Steinlage
Yes, he is.
00:32:45 - Anthony Campolo
And bald, bro.
00:32:46 - Scott Steinlage
No, I have no idea.
00:32:48 - Fuzzy Bear
For real.
00:32:48 - Anthony Campolo
Honestly,
00:32:54 - Dev Agrawal
In case someone was wondering what we were talking about before the podcast episode. It was basically this happening for two hours straight before we actually got to recording the podcast.
00:33:07 - Scott Steinlage
That's true. No, it might have been three hours, but yeah, it was fun though. And lots of karaoke from. From Dave. It's true.
00:33:17 - Dev Agrawal
Specifically Eminem.
00:33:19 - Anthony Campolo
I heard it.
00:33:20 - Fuzzy Bear
I heard.
00:33:20 - Scott Steinlage
It's true.
00:33:21 - Anthony Campolo
Without me?
00:33:23 - Scott Steinlage
Yes, it was good.
00:33:25 - Anthony Campolo
So, Fuzzy.
00:33:26 - Fuzzy Bear
Waka, waka, waka. Yo, how are you, Zo?
00:33:33 - Scott Steinlage
Doing good.
00:33:34 - Anthony Campolo
We're just chatting some clerk here with Dave.
00:33:37 - Fuzzy Bear
I heard it sounded really interesting. Sorry, I caught only like the last five minutes of it. Late to the party as always.
00:33:44 - Anthony Campolo
How do you feel about rolling your own auth?
00:33:47 - Fuzzy Bear
Honestly, what we say in security, from a security point of view, is: don't build your own OAuth pipeline. Leverage something that's already out there. There you go.
00:34:00 - Anthony Campolo
Don't roll your own auth. You heard it from Fuzzy himself.
00:34:03 - Fuzzy Bear
It is like, in all honesty, it's a great exercise. There's a great technical exercise. There's a great learning opportunity for people to do it. But don't roll it into production. There is so many gotchas, foot guns, trap doors, that you need a dead, you know, a designated team, especially specialist, that could actually, you know, who are aware of take the blame. Yeah, exactly. Oh, I got hacked. Well, it's not my fault.
00:34:33 - Anthony Campolo
Liability handed to someone else, Right?
00:34:36 - Fuzzy Bear
Damn right.
00:34:37 - Dev Agrawal
I mean,
00:34:39 - Fuzzy Bear
you know, insurance contracts are there for a reason, guys.
00:34:43 - Speaker 8
One of the accounts I sign up to get the notifs from, actually a lot of people, including you, Fuzzy. But the security guy who reports all of the exploits of the big companies, like, oh, so-and-so got hacked and this many people's email addresses and passwords got leaked and it's on the deep or dark web or whatever.
00:35:09 - Scott Steinlage
Yep.
00:35:10 - Speaker 8
To me it seems like the strangest thing. Speaking of foot guns and gotchas and the OAuth flow and just auth in general, security in general seems to me like a very strange thing where people would actually keep passwords in plain text in a database and not salt and hash them. I do not understand anyone.
00:35:32 - Fuzzy Bear
Yeah, we've seen that in actual and live is like with the Security Knowledge foundation group. Right. It's like I'm part of. It's like we've actually seen. I think it was. We were not allowed to name names, but there was like three. Three projects that we've seen that we were. That were surprisingly easy to get past. Right. And it looks like, you know, it's like you have your single sign on flows, you have your, you know, your atypical authentication work, you know, user address flows, but nonetheless they weren't secure end to end. Those, those, you know, values are not encrypted from the client outwards. They think HTTPs, everything's good. But no, you can still, you know, with the right toolkit, man in the middle, attack those. You know, is what I've found, especially moving into security and cyber security and getting trained in that is that as developers there is a level of we're not fully aware of the technical considerations that need to be made when it comes to developing secure software, full stop. We're, we're so enamored with that the frameworks are going to take care of it, the libraries are going to take care of it.
00:36:48 - Fuzzy Bear
And by us like placing the responsibility further away from us and onto these packages that we just used is blind faith. And that blind faith is where the problems inherently come from.
00:37:03 - Dev Agrawal
Yeah, exactly. Thank you very much for that. And I want to say something about this "roll your own auth" debate that's been happening on Twitter for a bit now. Honestly, like three months. Yeah, it seems like very naive to me because like, even if we go back to like early 2000s or like late 1900s, like one of, one of the most influential books in software development that has came out is Domain Driven Design. And it's like very, very widely considered to be like a must have for like most software developers. And even far back then, these concepts and these guides of software development, they always talked about this thing called the generic or the supporting domain. And these are things about your application, things about your software that are not you are actually building. And these things should always be like either you pick something off the shelf or you outsource it somehow. And you never should be, should have to spend your time building generic features that A, have already been built, B, are technically complex to build and C, like, it's not the competency, it's not the thing that you want to be building.
00:38:20 - Dev Agrawal
That's not what separates your application or your business from a different application. That's your core features and you should not be building those on your own. And this idea has been around for like decades. So when I hear about people like, oh, I'm going to roll my own auth, it's very clear to me that first of all they think auth is a simple enough problem that they can solve by stitching together some open source libraries. And second, like they haven't spent enough time building all of those features or even taking into consideration everything that they might need or they will need and how they're going to incorporate that into their system.
00:39:01 - Fuzzy Bear
You're spot on with that. See, my understanding when it comes to OAuth is like, I mean I had to put together four presentations on the subject, right, about the different types of authorization flows, the history of OAuth. And when I was going through it, authorization on the web has been playing catch-up to the different technologies that are out there. If anything, I've always seen that the progression of having secure authorization is never a complete story. People think that, yeah, you know, I'm authenticated, I'm authorized to look at a particular view or access a set of data, and that is secure. And it's a false sense of security. It is just pure naivety to think that what you do online is at all, at any point, secure. Rolling your own OAuth is the height of, what's a polite way of saying this, banality. It's to say that I am more technically superior in my ability than what is currently out there and used.
00:40:18 - Anthony Campolo
in industry type of hubris.
00:40:21 - Fuzzy Bear
Oh, that's the word I was looking for, hubris. Yeah, sorry.
00:40:24 - Dev Agrawal
It's like DHH writing blog after blog about why you shouldn't be on cloud and build your own data centers. It's something. It's not exactly that, but it's like
00:40:36 - Anthony Campolo
of hubris is
00:40:40 - Fuzzy Bear
accusations, inference.
00:40:45 - Anthony Campolo
See what's
00:40:48 - Fuzzy Bear
Though you're spot on there. But yeah, personally speaking, there are new things coming out, like for instance C2PA, right, when it comes to providing manifest data. We're now at a point where the web is not open, everything is documented and traced, right? So we no longer have the ability for privacy online. We no longer have the ability to have secure communication and dialogues between individuals online.
00:41:20 - Anthony Campolo
Unless you're a hardcore nerd about security and do everything yourself. Like that's, that's actually the one case to roll everything yourself. Because if you do it top to bottom and spend five years becoming a security expert, then you can actually be secure in your own thing. You're not running through other people's system. It's a question like is that really worth it?
00:41:38 - Dev Agrawal
You know, I mean that's how you end up with blockchain.
00:41:42 - Anthony Campolo
Exactly. So I think there is a case to be made for. For some people it is worth it. Like, you know, people working for the CIA maybe.
00:41:50 - Fuzzy Bear
I mean it's like I, I know two security experts like One's an offensive their brothers, one's an offensive cyber security. He basically does the cyber security for ign, right, the insurance company. And speaking to Glenn about things like authorization, blockchain, these cryptography techniques, he's always like, you're whatever the cryptography. I mean, it's like what really is at the heart of this, right? It's not people rolling their own oauth. It's people thinking that they can do a master cryptography or try to do something unique in terms of like trying to make it even more encrypted, you know? Encrypted.
00:42:32 - Anthony Campolo
Well, you don't need to though, because there is cryptography that does work. So if you learn how cryptography works, you can learn what's actually crackable, what's not. And people who think that they need to build something better than what we already know is like, you can't crack it in the span of the universe without a quantum computer. You know, like that stuff is pretty solid. We have someone has their hand up. Actually, I like to bring AI in here.
00:42:56 - Chris
Oh yeah, I have to leave, but nice meeting you all. Follow me back and I can message you all. I followed you all.
00:43:01 - Scott Steinlage
Yeah.
00:43:02 - Chris
Appreciate the conversation. Appreciate it, man.
00:43:05 - Scott Steinlage
Hey, if you got value from AI, click on him and follow. Obviously you'll find value in other places as well with him if you follow him. So thanks, awesome. And anybody else up here that you feel like you've gotten value from, please feel free to do that. And by the way, if you're not already subscribed to JavaScript Jam, go to javascriptjam.com, subscribe to our newsletter so you can hear the latest in web and JavaScript and also know what we're going to be talking about on Wednesday. So we do this every Wednesday, 12pm Pacific Standard Time. And by the way, if you're a beginner or an advanced user or developer, it doesn't matter. We want to hear from everybody. So feel free to request to come up here just like several other people have and ask questions, make comments, state facts, opinions, whatever. We love to hear from you. It just helps to increase the value everybody's getting, and we have a fun time. So as you can tell, if you're listening to this recording, thank you. Really appreciate y'all.
00:44:03 - Dev Agrawal
All. Yeah, and I will say one more thing. I have been reading newsletters and blogs and stuff like that for five or six years now, and JavaScript Jam is easily one of my favorites today. And I'm not paid to say this, I'm not only saying this because Anthony is my friend, but it is legitimately one of the very few newsletters that I look forward to reading each week.
00:44:32 - Anthony Campolo
That makes me look forward to writing it more. It's one that I do every week because it's part of my job, and I'm always glad I do. Sometimes I feel like they're better than others, but I always try and make it worthwhile.
00:44:48 - Speaker 8
Anthony is one of the best aggregators in the business. I look to his. His GitHub like his GitHub is. I love his profile like that. You have the. That markdown page for your, you know, when you first go to my.
00:44:59 - Anthony Campolo
My Everything doc. Everything I've ever done doc.
00:45:02 - Speaker 8
Fabulous. I love that. And then, yeah, you're a great aggregator, man. You keep your ear to the ground, or whatever the term is. Like, you know what's going on, your finger's on the pulse. You got it. You got it down, man. You're really good at it.
00:45:14 - Scott Steinlage
Yeah. Cool.
00:45:16 - Anthony Campolo
I appreciate that.
00:45:16 - Dev Agrawal
Yeah.
00:45:17 - Anthony Campolo
It's something that you build up over many, many years. And following the right podcast and the right other newsletters. Like I'll see Peter Cooper's newsletters if you just follow those. Like, I'll say 90 of the material I get for the newsletter is just from following those. Like, those will really keep you pretty much up with the industry. And it's like I just kind of take that and then add a bit more. It's like explanatory content around it, you know? But yeah, no, I really appreciate that though.
00:45:47 - Scott Steinlage
Awesome. Yeah, put the Anthony spin on it. We all love the Anthony spin.
00:45:54 - Anthony Campolo
Just involves 90% Anthony at 10% ChatGPT.
00:45:59 - Scott Steinlage
Right? Yeah.
00:46:01 - Dev Agrawal
10%. Really? That low?
00:46:03 - Scott Steinlage
I mean,
00:46:06 - Anthony Campolo
It kind of depends. This week's was 0% ChatGPT. If I'm summarizing an article, it will be a lot more ChatGPT, but this one, 100% Anthony.
00:46:20 - Scott Steinlage
Nice. Well, folks, you heard it. If you want 100% Anthony, you got to subscribe. Go to JavaScript.com to get 100% Anthony. Anyway, yeah, awesome. These have been some great conversations and let's, let's keep it rolling.
00:46:39 - Happy Decoder
Yeah, I figured, you know, like, I was. There's like a lot of things to learn, you know, from you guys, obviously. I mean, I've already. Just to make that sure. I already followed like, you know, each one of you and would want to be around. That's there.
00:46:57 - Anthony Campolo
What do you want to learn about what's the top of your learning list?
00:47:00 - Happy Decoder
I. I don't know. Just like, you know, when I scroll, scroll down my Twitter, it's something, you know, because now that I have spoken with you guys, obviously makes more sense that, you know, I can relate to the content. So that way, obviously it helps. Yeah. Actually, my mind was still stuck, you know, at that point.
00:47:21 - Fuzzy Bear
About
00:47:23 - Happy Decoder
what was that? Authentication. Basically outsourcing your authentication versus authorization. This whole bunch, right?
00:47:31 - Anthony Campolo
Authentication, JavaScript, news of the week. Anyone else wants to talk about?
00:47:40 - Scott Steinlage
Could you hear Happy Decoder talking or no? Yeah, yeah.
00:47:45 - Anthony Campolo
What's up in the world? Do you still keep up with Astro at all?
00:47:48 - Dev Agrawal
Fuzzy, I think.
00:47:50 - Scott Steinlage
I can't hear anybody.
00:47:52 - Fuzzy Bear
I think.
00:47:54 - Dev Agrawal
Not able to hear people.
00:47:57 - Scott Steinlage
Anthony, can you hear anything?
00:48:02 - Dev Agrawal
Scott, can you kick Anthony?
00:48:05 - Scott Steinlage
Yeah, I can do that.
00:48:11 - Anthony Campolo
My audio just went haywire. What's going on?
00:48:13 - Scott Steinlage
Is he back?
00:48:14 - Dev Agrawal
Can you hear me now?
00:48:16 - Scott Steinlage
Hello? No, he can't. I'll slack him. Yeah, we can hear him. He just can't hear us. I'm gonna slack him real quick. You can't hear us?
00:48:32 - Dev Agrawal
Yeah, no,
00:48:36 - Chris
he said.
00:48:36 - Anthony Campolo
Sorry.
00:48:36 - Scott Steinlage
I got it.
00:48:37 - Fuzzy Bear
He's coming back on. Off and on the router, that's all you need today. [unclear]
00:48:44 - Scott Steinlage
Yeah, he'll be back in just a moment, folks.
00:48:49 - Anthony Campolo
All right.
00:48:49 - Fuzzy Bear
Do you know something, right? Talk about Astro and authentication, right? Matt Phelps from the Astro core team, right? If not the actual Astro core team, we've just got so many amazingly unique, talented individuals working on that project. Matt is an amazing engineer, like an amazing engineer. He just put a retweet out that's kind of on point with what we're talking about in terms of authentication. He basically said authentication should be built into HTTP, not the web, into the protocol itself. You shouldn't have to specify the app to use. You shouldn't need to write a client app to authenticate with an HTTP endpoint.
00:49:32 - Dev Agrawal
I mean, there's some sort of auth built into HTTP. It's just absolutely terrible.
00:49:39 - Fuzzy Bear
I mean, as the standard goes, it's like HTTP has took us to the point where we're now looking at level three and possibly a bit more beyond that. HTTPs, like I said, is not entirely secure. You can easily. There is ways for you to potentially man in the middle attack that stuff. So given the point that, you know, it's like we've layered authentication on top of the protocols, and that is what the. The crux of the matter is. If you have the authentication tied into the actual protocol standards themselves? Would the world be a different place? That's just a hypothetical question that I like to ask.
00:50:23 - Dev Agrawal
I think there's a problem with trying to build use cases directly into the platform, and HTMX is a good example of this, I think, because they claim to be following just the HATEOAS standard, which is the protocol built on top of HTTP and REST, but it also limits their use cases. The creator talks about this in his blog post, that yeah, because HTMX follows the protocol and it's simple to use, it also limits the use cases of HTMX by quite a bit. While it's still simple enough that you can use it for most of your application in some way, there's always things that you'll want to do that HTMX is not able to, and you'll have to include more JavaScript frameworks at that point. So I think that's something similar to something like auth, where it was built into the platform a while ago but now no one uses it because the use cases have evolved drastically beyond that. And if we take whatever the current thing is and somehow build that into the platform once again, we'll run into the issue five years from now, or ten years from now, that what's built into the platform is not enough and we have to do something custom on top of it anyway.
00:51:45 - Dev Agrawal
We're also seeing something similar with web standards of request response, form data. There are frameworks just dropping down to hey, we expose web standards, just use it, go to mdn, but then it's a horrible API, it's not good enough to use everywhere. There is a very good reason why we built abstractions on top of it so that they're easier to work with.
00:52:08 - Fuzzy Bear
I agree, but for me it's like I've got more of a purist mentality when it comes to development. I'd rather stick closer to the standards than go in with the abstractions because those abstractions have penalties, have unforeseen consequences. And from a security point of view, one thing that we have got into the habit of over the last couple of months now, this is the reason why I've not been much back on the scene in terms of DevRel, etc., I've been really heads-down focused with the work that I'm doing currently with the Linux Foundation. And as a result, as part of the flow of the organization, now I'm involved with the OpenJS group. You know, 84 packages that everybody uses, from Express, Fastify, freaking, you name it, are in there, right, apart from the frameworks. And there's a reason why the frameworks are not part of that OpenJS core group, is that these are not projects that we see can actually add real value to the web over the long term.
00:53:26 - Fuzzy Bear
We are of the opinion that these frameworks are today's, you know, new vogue and we don't bet into that. So I just want to say from that point of view, it's like the more you keep, the more you, like, you force yourself to go down the path of, you know what, it might be difficult, it might be hard and it might be ugly, but I'd rather use the standards and those defined protocols, right, and not work with the abstractions knowing that somebody might have made a mistake somewhere else and only that nobody's actually doing any dependency. It was like the dependent. Nobody really knows what dependencies are there, you know, is applied thereafter. So you have vulnerabilities inherently brought into the project by using these abstractions. And that is a cost that amplified in production costs. A lot of money.
00:54:22 - Anthony Campolo
You know about Socket Frost?
00:54:25 - Fuzzy Bear
I love Socket. I love Socket. Those boys have literally taken the arse out of npm. I love what those boys are doing.
00:54:34 - Anthony Campolo
Yeah, it's really interesting. It's. It's a project people don't know that is meant to kind of give a higher level security scan of your dependencies and figure out, like, how can actual, like what is the attack vector of npm, which is actually quite massive when you get right down to it, quite possibly the largest in the world.
00:54:58 - Fuzzy Bear
It's huge. Like, NPM is like, personally speaking, I. I don't put my stuff on. It's like whatever I put on NPM is all private.
00:55:05 - Anthony Campolo
I've never published anything on npm.
00:55:07 - Fuzzy Bear
I've got three packages on npm back from my early days, right? And to be honest, they're dead. They don't work properly, right. But for me, I don't even download from npm. Like you say, Socket is a great way of doing it, right. And I would honestly take a second to basically say to the group: take a good look at whatever dependencies you're bringing into your project, make sure you can verify them, make sure you can audit them. Because there is legislation coming in, especially on the US side of things, right? It's going to be brought into the EU pretty soon as well. But they're looking at security bills of materials. I'm not sure if you guys have heard of this, SBOMs. This is a real thing. This is coming.
00:55:52 - Scott Steinlage
Yeah. Someone was talking about SBOMs, dude. When was that? Several months ago. Who the heck was that? I'll have to think about it later.
00:56:00 - Fuzzy Bear
Anyway, yeah, no, I'm glad that you guys have been already brought up and made aware of it because this is the new shift that's coming into the industry. Basically it is brought down from a compliance point of view to help the insurance industry to help satisfy the requirements when it comes to companies being exposed, hacked or commercially compromised. In a better way of saying it, the whole point of SBOMs is that the software bill of materials is that every time you make, you release a package, you would release the entire dependency graph. And you know what? And if it has been audited from their source. Now security, you know, experts, they go about just. All they do is freaking audit shit, right? They can't get. No security expert could ever guarantee you 100% security. But what they can tell you is that these things might fuck you in the future. And in a sense, if you're not looking at your dependencies, if you're not looking at the projects and those abstractions that you're, that you're leveraging to help your workflow, then you are in a vulnerable position from the get go. So I like to say again to the group, it's like just to be a wee bit more cognizant of what it is that we are using.
00:57:20 - Fuzzy Bear
And would you rather leverage the speed and the abstraction of development to the cost, to the actual mitigating cost of consequential harm and damage.
00:57:33 - Anthony Campolo
Yeah, I think the thing that really drives us home for most devs, once you get through their head that like these dependencies you're downloading onto your own computer means that whatever you do on your own computer is potentially vulnerable. Which can be kind of a scary concept.
00:57:48 - Fuzzy Bear
Exactly. I mean, it's like, like a lot of us, we got a computer, we don't jack it around on it. We, we use it for our work. You know, it's like working containers, working sandboxes is a pain in the ass to do, but it's safety for you. You know, it's like put a condom on it, put a container around it.
00:58:09 - Anthony Campolo
You heard it. You heard it here, folks, from Fuzzy Bear.
00:58:13 - Fuzzy Bear
Sorry for going on a security rant today.
00:58:15 - Anthony Campolo
Like, yeah, I mean, this is security rant. Good. This ties into the whole, the whole topic here of whether to roll your own author on how to think about security. And like, when you break it down to like the personal, like, you understand more. It's like you want your customers stuff to be as vulnerable as you are. You want yourself to be very secure. You want your customers to be very secure too.
00:58:39 - Fuzzy Bear
Exactly. Because it's like fundamentally, albeit we're developing online, you know, we were developing products and tools, etc. To help, you know, other consumers, we still have an obligation, a duty of care to these people. We have a duty, you know, we have an obligation to not build a broken web or a bad web. You know, we, we have a duty and our obligation is unspoken. But it was like the moment we get stood put into this trade, you know, we are those who are helping to develop the future of the web. And like Dev Bayer said earlier. Right. Dev Agro said earlier was that there is standards that have been placed for decades that nobody really pays attention to at the detriment of everything else.
00:59:25 - Dev Agrawal
Yeah, and I kind of wanted to circle back to the standards conversation a bit.
00:59:30 - Fuzzy Bear
So
00:59:33 - Dev Agrawal
you were talking about that. Yeah, you'd rather use standards rather than abstractions that other people built. And I completely understand this position. I completely respect this position. One of the people who I look up to quite a bit is Brian Larue and he has similar ideas around like using the web standards. Not.
00:59:54 - Fuzzy Bear
Sorry by you broke up there.
00:59:57 - Dev Agrawal
Can you hear me now?
00:59:59 - Fuzzy Bear
Yeah, yeah.
01:00:01 - Dev Agrawal
Okay. Yeah. So one of them, I was talking about Brian Larue, who is like someone I follow on Twitter and his thoughts are like, I respect him quite a bit. It's just like sometimes I have a hard time agreeing with him. But he has similar thoughts on using the web standard, building web components, just writing HTML and not having to do a lot of bundling, transpiling, compiling things like that to write web applications. I completely understand this position. It's just that even if someone is working on the standards, standards are also just an abstraction on top of other. Whatever platform underneath there is. It's just like we call it standard because it's created by like this group of people who put a lot of thought into it and try to account for every use case. So like, I don't really see a very meaningful distinction between an abstraction created by a standards team versus an abstraction created by just me. Maybe the one that I'm going to create is going to be more specific to my use case. The one that the standards team will create is going to be a lot more standardized. So it's not going to be as helpful to Me, but it's going to be more stable and secure.
01:01:16 - Dev Agrawal
So I think it's just a matter of trade off. And I completely understand the trade off that you are willing to make.
01:01:23 - Fuzzy Bear
I respect that. But yeah, for me, I just wanted to make a tangential point right on the same vein. Hopefully, if I could keep the train of thought going. Back when I was studying chemistry, right? It was like they're like, for instance, chemistry, biology and physics, the three core sciences, right, have standards that are placed there. They have shared nomenclature, they have shared terminology, they have shared, you know, descriptive terms, right, that could be described, that could be written down, I mean, sent into the ether and then other people and then, you know, in that field can infer what is being said, right? In a similar sense, those stand, those standards, like you're saying, you know, where are more in the lines of discoveries, right? And what you're saying is that my discovery for my use case is more specific to me than it is for everyone else. I get that. I've worked in, you know, situations where that is the case where you need to think, you know, it's like the standards only take me 80% of the way. The remaining 20% is something that I'm going to have to come up with some sort of level of ingenuity to, to try and accomplish my task.
01:02:33 - Fuzzy Bear
However, what we've been taught is that there is the Occam's razor approach. These things have been done in the past, they've been tested in the past, they've been worked on in the past. Just because you're coming to it in the present doesn't mean you're unique in the sense that you're the first person dealing with this issue. You get what I'm trying to say?
01:02:55 - Dev Agrawal
Yeah, yeah, for sure. That's completely understandable.
01:02:58 - Fuzzy Bear
And so that is why I would like, again, coming back to the point of. It's like the standards versus personal abstractions. I'm always more keen if I have to go and make a pair my own personal abstraction, I know I'm not understanding the problem correctly. I see an answer, I see a solution. And I think if that is the right way of doing it, fair enough, I'll go off and do it. But there's a part of me that's always apprehensive to think, has somebody done this before? What is the, you know, what is a production way of doing this?
01:03:30 - Dev Agrawal
Right?
01:03:31 - Fuzzy Bear
What is the way that the industry would accept this? Or when we describe industry, what the, what is the way that the market would take to this and when it comes to you know, the groups of like those who develop the standards, you know, like the till, like the TC9 groups, the, the browser vendors themselves that implement etc. Yet those are now informalized democratic processes and institutions are just taking hold. For us to turn around was, you know what? These guys are half wrong and half right. You're building a broken web.
01:04:06 - Dev Agrawal
Yeah, that's a fair stance I think. I still think it comes down to kind of like trade offs and use cases and what you're willing to accept from. For your specific project or your specific team that's working on it. But yeah, just dropping back to standards as much as you can is a completely valid position and there's some great, there's some nice perks that come with it.
01:04:30 - Scott Steinlage
I also want to really quick go back to that SBOM thing you're talking about. I did find what I remembered. It was actually. So we had this summit called Composability Summit last year. What was it? June? July. June, yeah.
01:04:44 - Anthony Campolo
Composability of 2022, not 23.
01:04:48 - Scott Steinlage
Yeah, 2022 exactly. So anyway, and we had Barack Bruto on from Scribe and he talked about SBOM and you know, he said basically it's like an ingredient list for your software artifact. It can help you see dependencies all the way through your software supply chain. Like a food ingredient list. It allows you to see if there's anything in that software you might be allergic, quote unquote to be it like a specific package or a specific package license. In a world where 80% of code is open source with unclear provenance, increasing the visibility of what it is you're getting or delivering has a lot of value in increasing software trust. Basically he's showing like the minimum requirements of an SBoM. What those are covering some recent US regulations requiring use of an S BoM and then demonstrating an open source tool for creating SBoMs from Docker images. So kind of cool thing. If you want to check out that talk, you can go to. I linked it up at the top here in the Jumbotron. Go take a look and yeah, hear it out.
01:05:55 - Fuzzy Bear
No, I'm going to check that right after this. That is like. Yeah, that's really cool, dude. Thanks for posting that by the way.
01:06:04 - Anthony Campolo
Nicky T. Welcome to the stage.
01:06:06 - Scott Steinlage
Hey, what's up?
01:06:07 - Nicky T
How you doing man?
01:06:10 - Anthony Campolo
Yeah, you've been doing software for a long time. I'm sure you have security thoughts.
01:06:14 - Nicky T
Yeah, well, I came in late here so I probably missed a huge chunk of the discussion, but I've had the privilege of maintaining a custom SAML implementation with a dash of OAuth and I honestly wouldn't want to wish it on anybody. You know, there's the standards we're all talking about, and SAML is a security standard, but it's pretty complicated. We were doing hacks, there were bugs, and at the end of the day me and one of the sales engineers convinced the client to go with an off-the-shelf thing. This is years ago, this is when I was doing .NET. But, you know, I kind of lean towards trust the experts and go with that, whatever it is. I'm just mentioning that because obviously Dev's on here talking with Clerk and stuff, and I think if people are specialized in security and they have solutions, it's probably a good route to go. That's why people use something like Clerk or Okta or OAuth or OpenID, et cetera, et cetera.
01:07:35 - Nicky T
I mean this is also the reason why people use social logins, maybe, maybe less so Facebook, because it's Facebook but you know, you know, like using Google to sign into a million places. GitHub, like we're all devs, we. Anywhere that GitHub is, you know, available to log in, most of us probably sign in. And the other thing is I used to work in McAfee and I used to work on their password browser extension. So think of like one password. It's, it was their offering. This is like back in 2016. But there's this, you know, when it comes to security, there's this balance between like me, the person. I want my things secure, but I also want it easy, you know, and those things are, they're like, they're at odds to some degree. You know, nowadays these things are a lot better because we have for example, you know, biometrics. Like I remember when we were first looking at this back in 2016, you know, McAfee was starting to use biometrics face ID. I mean that's why all these things exists on our devices. You know, it's not just to, to have a cool selfie or something,
01:08:48 - Chris
you
01:08:49 - Nicky T
know, but even with all these things to make them simple still, you know, you'll still hear about people like losing their login for like Apple or whatever, you know, and there's like, there's a ton of things you have to do. You have to back up like a recovery key. And stuff. Like, even though things are a lot more simplified still, like security is still a complex thing. And it's, it's very hard in general to make something complex, simple. And I always give this example of I snowboard. And so like I have a Thule box on my roof. Thule makes amazing products and so I'm okay paying more for it. They have a thing where it's like I can open up my, my snowboard box on my left, on the left or right of the car. Whereas if you buy a cheaper model, you know, it's like you can only open it on one side and stuff. I don't know where I'm going with this exactly. But anyways. And then the only other thing I was going to say is just about like going to bare metal like Dev was saying with like, you know, standards and stuff.
01:09:54 - Nicky T
Like obviously you want to, you definitely want to build off web standards, but these abstractions exist. Like there's a reason why we have frameworks. It's because like you could, you could do this all by hand. But like the amount of time to create something that's like, you know, the render in React is, you know, there's a lot of stuff going on there. And this gets back to my point about something complex is, is, is given to you in a simpler way. And, and you know, so like I always like to say, like, making complex things simple is very difficult. And simple doesn't mean it's like trivial. It's just, it's. It takes so much effort to make something complex simple. So anyways, just a bit of a brain barf post Twitch stream.
01:10:41 - Speaker 8
So Nick, are you, are you using the SAML profile for OAuth2?
01:10:48 - Nicky T
Oh, I'm not. I don't work in this anymore. At the time, this was for managing six SharePoint applications. So basically it was using an identity provider, you know, like using Microsoft stuff. But you know, and you got your claims and stuff. Like I'm sure all the clerk folks know about all these things, but I don't want to, I don't want to monopolize the conversation, but just wanted to get my 2 cents about some experiences I had.
01:11:16 - Fuzzy Bear
Yeah, okay.
01:11:18 - Dev Agrawal
I did disconnect there for a bit. I wasn't able to hear what Nick was saying for like the first five minutes.
01:11:24 - Anthony Campolo
All good. We got some new people up here to introduce themselves. Oh, go ahead.
01:11:28 - Scott Steinlage
He said clerks. He said clerk sucks. I'm kidding.
01:11:32 - Anthony Campolo
Never use clerk is only for a jerk.
01:11:37 - Nicky T
I have used clerk. I had James, one of their dev rels I did a stream with him last year and honestly, it was, yeah, super simple to get up and running with it. Honestly, I, I listened to the podcast yesterday, but they have a lot of great stuff in there. Like the built the, you know, the, you know, the, the pre existing components for doing all the common stuff. Like, honestly, it's, it's, it's really polished.
01:12:00 - Jeff Escalante
Really well done.
01:12:01 - Scott Steinlage
Nice.
01:12:03 - Fuzzy Bear
I want to second that. Clerk has really spent a fair bit of time on this and I think, yeah, they're, they're looking good. You know, as an offering, they're looking really good. That's all I've got to say.
01:12:17 - Anthony Campolo
Awesome.
01:12:18 - Dev Agrawal
Super appreciate all of this.
01:12:19 - Anthony Campolo
Yeah. Jeff and Travis, you guys want to introduce yourselves?
01:12:24 - Jeff Escalante
Hey, I'm Jeff. I'm currently on vacation, so I might not be here for long.
01:12:32 - Anthony Campolo
Cool.
01:12:32 - Jeff Escalante
Thanks for joining from vacation with the family. So if you hear any babies in the background, that's why. But I wanted to tune in for a little bit and say what's up. I work at Clerk. I do a lot of things there. It's hard to say what exactly I do, but I'm having a good time doing it and happy to speak to anything that I can speak to around here.
01:12:57 - Anthony Campolo
Work life balance, bro.
01:12:59 - Scott Steinlage
Right. Thanks for joining, though. That's awesome.
01:13:02 - Dev Agrawal
What is work life balance? I don't understand the concept
01:13:09 - Fuzzy Bear
having to work. That's, that's, that's what work life balance is. Being on holiday and still having to work. I just want to say, Jeff, I was, I've been doing the same. I'm now in Canada and yeah, I'm still in front of the laptop.
01:13:20 - Jeff Escalante
Yeah, I mean, yeah, I feel like work life balance is a weird thing, right? Ultimately, like, you could kind of choose what you want to be doing and when you want to be doing it. But, like, sometimes I'll be like, end of the day, like, everyone's kind of just hanging out, like on their phones or computers. I'm like, checking in on some messages to make sure I don't get too far behind. And people are like, log off. Go enjoy your vacation. I'm like, it's fine. You know, like, I'm doing this on purpose. Like, thank you. Thank you.
01:13:48 - Anthony Campolo
Jeff doesn't like being told what to do.
01:13:54 - Dev Agrawal
Yeah.
01:13:54 - Scott Steinlage
I mean, heck, when you're so passionate about something, you just can't get away from it, can you? I mean, come on,
01:14:01 - Dev Agrawal
it's just a
01:14:02 - Jeff Escalante
matter of, like, trying to not fall outrageously behind when there's not really anything else going on versus being like, oh, I'm gonna, like, you know, skip this like crucial like thing that I'm doing, my family or friends or like I'm not gonna. I feel obligated to do it or somebody's telling me to do it. Right. I feel like there's a big difference. I don't know. Looks like my daughter's here at Speaking of which, so I'll stop talking. But I feel like there's a whole topic you could do do about this area.
01:14:32 - Scott Steinlage
Oh yeah, totally.
01:14:34 - Dev Agrawal
Yeah. And it didn't help that the, the people I know the most or the people I'm closest to in the industry are people like people like Theo, people like James, people like Anthony who probably like, like it's not helpful.
01:14:52 - Anthony Campolo
Yeah, no, we're. I'm pretty unhealthy about that. My shit is just all mixed up is there's no concept whatsoever. Work life balance, pretty bad. Try to, try to work that out, but. Travis, what's up man?
01:15:07 - Travis
What's up? Speaking of work life balance, I think I'm finding it because like this new gig that I just started, their security is forcing me to like do extra work to put slack on my phone with them. And I'm like, well, I'm not going to do that. So that means I don't get slack messages outside of work hours. So it's actually kind of been nice not seeing messages from around the the company after hours.
01:15:36 - Fuzzy Bear
I must say. The UK is looking to put in legislation. So is the EU right to actually mandatory, you know, say like if your working is between certain hours and you have the right not, you know, to what is it they call on it? I write to a personal life. I love the fact that you have to legislate this.
01:15:54 - Anthony Campolo
Yeah, I mean I think that's. People need to stand up for their own self respect and tell their bosses at a certain point. But I agree having it enshrined in a law would probably be useful.
01:16:07 - Travis
Sometimes people don't even know they can stand up. Like I've had times where my boss was like, why didn't you just tell me you were on vacation? I would have mentioned it's like, oh, I didn't think like that would be. He's like, yeah, just tell me. You know what I mean? Sometimes we just get like too wrapped up in our own like self worth or like, you know, too scared to like rock the boat, that we're just like, ah, I guess I'll just keep answering questions on vacation when instead like they would be like, yeah, that's fine, go take off.
01:16:36 - Anthony Campolo
Yeah, it's Like a personality trait, agreeableness. Some people are more agreeable than others. Some people just kind of take it. And some people go like, what? No, screw that. And it's like, it's, it's, it's hard for people who are. I know people who are definitely more on the agreeable side. I have been in the past and I kind of had to like, learn to take a stand for my own, you know. Right. To not have ridiculous work hours.
01:17:01 - Scott Steinlage
Yeah, no. And not just that, not just about hours, but like, no is a very powerful word and it can get you to a lot of different places in life because it's kind of, you know, put things in priority for yourself and allow you to do things and help you accomplish things in life you never thought you could because. Yeah, yeah. The word no, I mean it's, it's powerful, it's good, it's not necessarily bad. It's a great thing.
01:17:27 - Dev Agrawal
I love that. Jeff took some time to talk about clerk and now we are all roasting him for not having a work life balance apparently.
01:17:35 - Anthony Campolo
No, actually I respect his, his clear headedness around.
01:17:39 - Dev Agrawal
No.
01:17:39 - Anthony Campolo
I thought it was great and not. I think he actually has a really clear idea of that.
01:17:44 - Scott Steinlage
Yeah, exactly. Yeah. I didn't find anything wrong with it.
01:17:47 - Travis
Going back on the power of no there, like there's one time we were absorbed with another team and they started telling us all the stuff that this upper-management person wanted to do with this other team. And we're like, okay, well here's the process: you want it, you put it on our board, we backlog it, and we put it in our sprints just like anything else. And after him doing that one time, he never asked us for anything ever again. All this quote-unquote important work, when he didn't have a team that would just roll over and do it for him whenever he wanted, all of a sudden didn't become very important.
01:18:23 - Speaker 8
That's bold, Travis. I appreciate that. Yeah. Sometimes managers can be abusive. It can be helpful to work with friends and people that you trust and already know. Like, build a community first and then work together, be productive, and not just have nobody pulling dead weight or whatever. Everybody's contributing and we're all making money together and nobody has to... It's like team sports and you trust the people you work with. It's definitely a different arrangement than the classical kind of big corporate sweatshop.
01:19:08 - Jeff Escalante
All right, I do actually have to go. Sorry, friends. Wish I could join.
01:19:12 - Anthony Campolo
Thanks for stopping by, man.
01:19:13 - Scott Steinlage
Thanks for hanging out.
01:19:16 - Jeff Escalante
I'll make sure to catch up on the recording.
01:19:17 - Anthony Campolo
I'll.
01:19:18 - Jeff Escalante
I'll be there next time. I'm not a vacation. See y'.
01:19:21 - Fuzzy Bear
All.
01:19:22 - Nicky T
Yeah, the. The other thing about the power. No is it's not, it's not a bad thing, you know, like, people, like, I was guilty of this when I was younger in my career, but like, you know, when, when you're a new dev, it's like, yeah, I can do that, I can do this, I can do that. And you end up kind of shooting yourself in the foot because you say you can do a bunch of things and then you kind of like end up half assing like a bunch of things and it's. It doesn't work out in the end, you know, and you want a whole ass your work.
01:19:51 - Scott Steinlage
Yeah.
01:19:51 - Fuzzy Bear
Yeah, okay.
01:19:52 - Anthony Campolo
Yeah, sure. But.
01:19:53 - Nicky T
But like, you know, and like later on in my career, it's like when I would say, no, I can't do this, it doesn't mean, no, I don't want to do it. It's like, say you have three competing, like, priorities, like, we need this, this, and this. And, you know, if you say, well, I can only do two out of those three things based on the timeline you need, you know, and it's. It's not. It's not to be a dickhead.
01:20:17 - Dev Agrawal
It's.
01:20:18 - Nicky T
It's to be like. Because, because, like, clients or project managers, like, they'll always try and get as much as they can, even if they're not doing it on purpose. You know, like a client wants everything. So, like, if you say, I can only do two out of these three things, you'll see very quickly how somebody prioritizes something or, or if you say one thing out of three and then all of a sudden it's like this other thing wasn't really that important. You know, maybe they are in some cases, but, like, it's just, you know, it allows you to potentially do better work than, you know, just, you know, like half assing a bunch of stuff and, you know, you end up looking better for it and you. You'll probably ship better stuff. I mean, there's a lot of factors that go into it, but it's. Being, Being able to say no has been super healthy for me in career wise.
01:21:09 - Scott Steinlage
Yeah, I love that. That's good. Yeah. Don't, Don't Treat it always a negative. It's. It's often actually pretty positive. So.
01:21:19 - Travis
Well, I think the one thing I've learned as I moved up in seniority or whatever, it's not just saying no, but learning how to say no in a way that's helpful.
01:21:30 - Scott Steinlage
Right? Yeah. Increasing the scope of work, bringing on additional players to help in this area, things like that. It could help with efficiency, productivity, everything. Because of a no.
01:21:41 - Dev Agrawal
Right.
01:21:41 - Travis
So yeah, yeah, like coming with solutions to things or like at least, yeah, being honest 100%. But yeah, like stating it like, yeah, we're not going to do that is not going to be helpful for anyone. But if you come in and you're like, yeah, we're at risk of not meeting any of these deadlines because we have too much work. And so like I think we need to prioritize or we maybe deprioritize like you said, some other teams and they take over Project Y because I'm focused on Project X.
01:22:13 - Anthony Campolo
But yeah,
01:22:18 - Dev Agrawal
awesome.
01:22:18 - Scott Steinlage
Well I love this. Anthony, do you want to keep rolling Dev, did you want to give anything else about.
01:22:25 - Anthony Campolo
I mean I would say just like open the floor if anyone wants to talk about anything in particular. Anyone's got thoughts or wants to continue, you know, promote some stuff and it's totally open floor.
01:22:36 - Dev Agrawal
Yeah, I would actually love to ask people like if you like we were talking about JavaScript Jam newsletter, if there are like other newsletters or blogs or new sites like that people are reading. Where do you get your information from? Because like I said, I've been reading newsletters blog posts for years now. That's where I get most of my information from. So I'd love to hear about what everyone else is reading And I'll also plug something that I want to plug after this.
01:23:04 - Anthony Campolo
Yeah, I would say the big ones I follow, I have a whole Feedly setup for the newsletter to collect stuff. And I'll kind of put this all in one giant tweet and post after. There's Node Weekly, React Status, Frontend Focus, JavaScript Weekly, and Jamstack. All five of those are Cooper Press newsletters, all very high quality. And then React Digest is one I like. You get like five React articles each week. And then bytes.dev, which is Tyler McGinnis, and he also has another React-specific one. So yeah, those are all pretty great. And then for individual blogs I follow Cloudflare's blog, Deno blog, Fastly, Kent C. Dodds, Next.js, Svelte, Astro, Chris, and TKDodo. Got a bunch on there. So yeah, there's a whole lot of information out there.
01:24:10 - Dev Agrawal
How much time do you actually spend reading all of these?
01:24:13 - Anthony Campolo
Very little. This is a feeder so that I kind of scan it and find interesting stuff for the newsletter and then obviously I read the stuff before I put it in the newsletter. So that's mostly why I have like so many of these. I think Sebastian, who does this week and React, is actually another one. I should mention he. He has a similar kind of feeder system.
01:24:37 - Dev Agrawal
Nice. What about everyone else?
01:24:39 - Travis
But I'm a Big Bites fan. Just because it usually like, it's.
01:24:47 - Nicky T
I subscribe to already. Aside from that, just, you know, summer content creators like Colby's and like Jason Langstorfs and stuff. But that, that's not necessarily for like the latest news, but, you know, I just like to follow what they're doing and stuff. I, you know, I've been using Feedly a lot lately with just rss.
01:25:10 - Anthony Campolo
That's exactly what I use. Yeah.
01:25:12 - Nicky T
You know, like, it's just because there's so much stuff and like, the way I've been reading stuff lately is I got a Kobo reader last fall mainly because I can. I can actually take out library books and read them on there. You can't do that on Kindle, but they're integrated. They own Overdrive, slash Libby, and they also have an integration with Pocket. So a lot of times it's like I'll look at Feedly or if I'm on a, you know, in my web browser, I'll just. I'll just stack up stuff in there and then I'll just put them onto Pocket and then I'll read them later. But, you know, a lot of times it's headline skimming because it's more to keep an ear to the ground. It's like only until I need to actually dig deep into something will. Will I read, like, further? Probably just because for time's sake, honestly, you know, there's like so much content and it's like back in the day I used to try and read literally everything and it just became too overwhelming.
01:26:18 - Travis
I think also being part of like, discourse, like Twitter communities or those kind of communities, just being aware of, like, the conversations that our people are having helps me just be aware of what's out there, because I think that's the most important thing. You just have need to be aware of what's out there, so you can then decide kind of like what's going to be the most Relevant for you
01:26:39 - Anthony Campolo
or advance? You got your hand up. What's up?
01:26:42 - Chris
Sounds like an AI agent. RSS reader would be of great use to many people.
01:26:51 - Anthony Campolo
That's. Yeah, that's a smart idea. Is that something you're building?
01:26:55 - Chris
I may or may not be the AI mercenary, but yes, I can.
01:26:58 - Jeff Escalante
I like that.
01:26:59 - Anthony Campolo
How many accounts do you have, bro?
01:27:02 - Scott Steinlage
For real?
01:27:03 - Nicky T
Looking forward to your pr?
01:27:07 - Anthony Campolo
Well, I think Feedly has AI integration. It's. It's in the paid version, so I'm not using it, but be curious to see what that's like.
01:27:18 - Chris
Yeah, I think we're an explosion of AI tools with all these people. I saw Notion Notion, that's pretty good AI integration already. I saw Framer was putting it into their UI stuff. There was a lot of people that are doing a mad dash towards that.
01:27:35 - Fuzzy Bear
Can I ask a daft question? Right. How would you go about protecting like content from being taken by AI? Like
01:27:48 - Dev Agrawal
what?
01:27:49 - Fuzzy Bear
I mean, there's that C2PA model that's getting thrown out, but what steps are people taking? For instance, the use case that I'm thinking of is an assessment-driven environment where people are given questions they need to input an answer to. How do you get them to stop copy-and-pasting things from, you know, ChatGPT or having ChatGPT do these online assessments?
01:28:15 - Anthony Campolo
I mean, I would say it's similar to if you don't want your thing to be referenced by any creator, you don't make it public. That's pretty much. You can't really stop it from being fed into these models. And I don't think that's like something that we should really worry too much about because it's like anything else being fed into any other person, learning things and using it as a reference. Like, you know, they say great artists, great artists don't borrow, they steal. You know, so I think it's a similar thing with LLMs. But I understand that there's. You have a very different opinion there and I respect that.
01:28:50 - Chris
Yeah, you could build up a local model that's completely offline. I mean, I guess that would be the best way. I imagine many enterprise businesses are, I imagine, are running towards that as well. You know, like at my company, we couldn't put all our code into OpenAI and have it evaluated. So you'd have to use a local model on site, on prem to feed it customer client code.
01:29:20 - Dev Agrawal
I think the concern here is not like having your own model, it's having your own content that's like fed into or analyzed by models that are owned by someone else and how to protect your content or your code or your videos, whatever you're making from that.
01:29:40 - Chris
Yeah, I think that's impossible. You'd have to use an open source, I mean llama2 or something. Something that's out there. Open Chat is another model that trained on OpenAI and is like really small. There's a lot of cool stuff happening.
01:29:57 - Travis
I mean, I think Anthony said it that's like, if you don't want your stuff trained in open things, don't make it open and public, unfortunately.
01:30:08 - Scott Steinlage
I mean.
01:30:09 - Travis
Well, I mean, I personally don't think it's that big of a deal, but like I get that other people do. So like, unfortunately that's probably the only way.
01:30:17 - Anthony Campolo
Yeah, Nick.
01:30:19 - Scott Steinlage
Thanks Nick.
01:30:20 - Anthony Campolo
Yeah, I think that, you know, people are trying to kind of rewrite copyright laws to deal with this. Yeah, I think it would be nice. I look at this like, you know, in your robots txt, you can like say, I don't want this to be scraped by like Google's crawlers. Like, I think that it would be nice if AI LLM people kind of came up with a convention that would also give people that ability to, to opt out. I hope that that becomes a thing. I don't know, I think that would be kind of more effective than trying to legislate around it. But I think. Yeah, also. What's up, Carl? My co workers from Quick no just hopped in. But yeah, so it's an interesting topic. Fuzzy and I'm glad you brought it up because it's, it's something that needs to be discussed more.
01:31:08 - Fuzzy Bear
I mean, personally speaking. Thank you for like, what? You know, the thoughts, especially from bands. That's really interesting. Like I'd say it's is probably one of those things that is like the concern of the times at the present moment. You know, it is. How do you get a digital entity to stop stealing your shit? You know, like, it's like. It's like having a Portuguese running around your house, right? And taking everything you own and selling on the platform.
01:31:36 - Anthony Campolo
I mean, I've had people script scrape my blogs, RSS and then repost my Dev2 post on an entirely new website with my name removed and it just says this is a dev contributor. So it's like, this is not an AI problem. You know, this is the problem that is. That extends far beyond that.
01:31:54 - Travis
No, I've had the same thing happen to me and I had to go track. It took me ages till I got someone to track down and how to get it removed from their website because then. But yeah, so people copy and pasting your.
01:32:08 - Anthony Campolo
Your content.
01:32:09 - Travis
Isn't it like West Boss, like found his whole course totally listed on Udemy and it. He had to go through battles just to get Udemy to take it down.
01:32:23 - Fuzzy Bear
For real?
01:32:24 - Anthony Campolo
Yeah. Yeah.
01:32:26 - Fuzzy Bear
Because.
01:32:27 - Anthony Campolo
Because once stuff gets international, like you can't just say I want to take down this. Because this copyright law, that's a U.S. law. For someone who's not in the U.S. you know, it's like, it's not. It's kind of. It's a really tough thing because we need like kind of international laws to be able to do this. But then every country needs to be subject to those laws and then we need a one world government.
01:32:50 - Fuzzy Bear
God damn me. I. Yeah, I really appreciate the conversation. Hi. This has been like always a privilege and I just a joy, but I'm gonna have to go. I'm gonna have to.
01:33:07 - Anthony Campolo
Yeah, all good, man. I think we're. I think we're starting to wind down here, so thanks so much for joining. Been a real pleasure.
01:33:13 - Scott Steinlage
Yeah, thanks.
01:33:14 - Fuzzy Bear
Buzzer.
01:33:16 - Anthony Campolo
You want to close this ascot?
01:33:17 - Scott Steinlage
Yeah, man, absolutely. Hey, thanks y'all, everybody. Greatly appreciate everybody who is in here. By the way, if you got any value from anybody that was up here on stage or just said anything at all, please click on their face and/or their image there and follow them because you're probably going to get value from them elsewhere. Yeah. Thank you so much. By the way, we do this every Wednesday, 12pm Pacific Standard Time, where we talk about JavaScript and web development in general, and we love hearing from everybody. So thank you guys for hanging out. Greatly appreciate you all. Don't forget to go to javascriptjam.com. You heard lots of wonderful things about our newsletter today. So if you're not subscribed yet, be sure to get on that. Don't want to miss out on that, for sure. Thank you to everybody who had all the kind words. Thank you to Dev for showing up here for the Clerk team and chatting about Clerk and all the wonderful things that are coming up with Clerk, including changes in their pricing model. So be sure to stay tuned for maybe some savings in the future as that new model is being pushed out here in the next several weeks.
01:34:24 - Scott Steinlage
Looking forward to all the wonderful things that Clerk is doing and creating, and looking forward to hearing more about how the whole bot-blocking thing baked into Clerk is going as well. So lots of cool things. If you didn't hear this from the beginning, maybe you should listen to it, because we had some really cool stuff we talked about. But if you listened to the recording and you're to this point, thank you so much. All right, and we'll see you in the next one.
01:34:51 - Anthony Campolo
In the next one.
01:34:53 - Scott Steinlage
And I don't have no roadcast, no Rodecaster pro with me today, so the outro music is going to be.
01:34:59 - Anthony Campolo
Do this.
01:35:09 - Scott Steinlage
Yeah. All right, y', all, we'll see you in the next one. Thanks very much. We love you all. Peace.