Created with Sketch.
104 minutes | May 9, 2022
Site Reliability Engineering – Eliminating Toil
We say "toil" a lot this episode while Joe saw a movie, Michael says something controversial, and Allen's tip is to figure it out yourself, all while learning how to eliminate toil.
119 minutes | Apr 25, 2022
Site Reliability Engineering – Service Level Indicators, Objectives, and Agreements
Welcome to the morning edition of Coding Blocks as we dive into what service level indicators, objectives, and agreements are while Michael clearly needs more sleep, Allen doesn't know how web pages work anymore, and Joe isn't allowed to beg.
104 minutes | Apr 11, 2022
Site Reliability Engineering – Embracing Risk
We learn how to embrace risk as we continue our learning about Site Reliability Engineering while Johnny Underwood talked too much, Joe shares a (scary) journey through his mind, and Michael, Reader of Names, ends the show on a dark note.
108 minutes | Mar 28, 2022
Software Reliability Engineering – Hope is not a strategy
It's finally time to learn what Site Reliability Engineering is all about, while Jer can't speak nor type, Merkle got one (!!!), and Mr. Wunderwood is wrong.
120 minutes | Mar 14, 2022
The Great Resignation
We're living through the tail end, maybe?, of the Great Resignation, so we dig into how that might impact software engineering careers while Allen is very somber, Joe's years are ... different, and Michael compares Apples to Apples.
111 minutes | Feb 28, 2022
Minimum Viable Continuous Delivery
We dive into what it takes to adhere to minimum viable continuous delivery while Michael isn't going to quit his day job, Allen catches the earworm, and Joe is experiencing full-on Stockholm syndrome.
109 minutes | Feb 14, 2022
#CBJAM 22 Recap
99 minutes | Jan 31, 2022
PagerDuty’s Security Training for Engineers, The Dramatic Conclusion
We wrap up our discussion of PagerDuty’s Security Training, while Joe declares this year is already a loss, Michael can’t even, and Allen says doody, err, duty. The full show notes for this episode are available at https://www.codingblocks.net/episode177. Sponsors Datadog – Sign up today for a free 14 day trial and get a free Datadog t-shirt after creating your first dashboard.Linode – Sign up for $100 in free credit and simplify your infrastructure with Linode’s Linux virtual machines.Shortcut – Project management has never been easier. Check out how Shortcut is project management without all the management. Survey Says Anonymous VoteSign in with WordpressWhat percentage of time does your team devote to technical debt per release cycle?100%, it's all we do. I don't even know if we have customers.75%-ish, we don't care for new features.About 50%, we're equally slaying last release's technical debt while we introduce this release's technical debt.Around 25%, we're accumulating technical debt faster than we're paying it off.Roughly 10%, we've got too many new features to deliver to care.Technical debt? Why would anyone address that? You'll completely rewrite the application before it comes due.vote News Ja Ja Ja Jamuary is complete and there are 46 new games in the world. Go play! (itch.io) Session Management Session management is the ability to identify a user over multiple requests.HTTP is stateless, so there needs to be a way to maintain state.Cookies are commonly used to store information on the client to be sent back to the server on subsequent requests. They usually contains a session token of some sort, which should be a random unique string.Do NOT store sensitive information in the cookie, such as no usernames, passwords, etc.Besides tampering, it can be difficult to revoke the cookies. Session Hijacking Session hijacking is stealing a user’s session, possibly by: Guessing or stealing the session identifiers, orTaking over cookies that weren’t properly locked down. Session Fixation Session fixation is when a bad actor creates a session that you will unknowingly take over, thus giving the bad actor access to the data in the user’s session.This used to be more of an issue when session tokens were passed around in the URL (remember CFID and CFTOKEN?!).Always treat cookies like any other user input, don’t implicitly trust it, because it can be manipulated on the client. How to Secure / Verify Sessions Add extra pieces of data to the session you can verify when requests are made.Ensure you actually created the session.Make sure it hasn’t expired and ensure you set expirations for sessions.All of this just catches the easy stuff.Session ID’s should be unique and random.Ensure the following when sending cookies to the client:Secure flag is set,httpOnly flag is set, andThe domain is set on the cookie so it can only be used by your application.To avoid the session fixation we mentioned earlier, ALWAYS make sure to send a new session ID when privileges are elevated, i.e. a login.Always keep information stored on the server side, not on the client.Make sure you have an expiration that is set on the server side session. This should be completely independent of the cookie because the cookie values can be manipulated.When a user logs out or the session expires, ensure you fully destroy all session information.NEVER TRUST USER INPUT! Permissions Try to avoid using sudo in any shell scripts if you can.If you can’t avoid it, use it with care.The the principle of least privilege, i.e. more restrictive permissions, as in, can you live with read-only perms?Revoke permissions you don’t need.Create separate users for separate needs.If you need to delete files from a storage bucket, have a service account or user set up with just that permission.Same for managing compute instances.Use the least permissive approach you can as it greatly reduces risks. Other Classic Vulnerabilities Buffer overflow: This is when a piece of data is stored somewhere it shouldn’t be able to access.From Wikipedia, a buffer overflow _”is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.”_Typically these are used to execute malicious code by putting instructions in a piece of memory that is to be executed after a previous statement completes.One malicious use of a buffer overflow is using a NOP sled (no-operation sled) to fill up the buffer with a lot of NOPs with your malicious code at the end of the ride.Apparently you can use this method to easily get a root shell – article linked in the resourcesMetasploit (YouTube)Path Traversal: This is when you “break out” of the web server’s directory and are able to access, or serve up, content from elsewhere on the serverRemember, your dependencies may also have vulnerabilities such as this. You need to run scans on your apps, code, and infrastructure.Side Channel Attacks: This is when the attacker is using information that’s not necessarily part of a process to get information about that process. Examples include:Timing attack: Understanding how long certain processes take can allow you to infer information about the process. For example, multiplication takes longer than addition so you might be able to determine that there’s multiplication happening.Power analysis: This is when you can actually figure out what a processor is doing by analyzing the electrical power being consumed. An example of this process is called differential power analysis.Acoustic cryptanalysis: This is when the attacker is analyzing sounds to find out what’s going on, such as using a microphone to listen to the sounds of typing a password.Data remanence: This is when an attacker gets sensitive data after it was thought to have been deleted. Resources we Like For Engineers – PagerDuty Security Training (sudo.PagerDuty.com)For Everyone – PagerDuty Security Training (sudo.PagerDuty.com)Session Management Cheat Sheet (OWASP.org)Channel-Bound Cookies (BrowserAuth.net)Origin Cookies (tools.ietf.org)Channel Bindings for TLS (tools.ietf.org)Firesheep (Wikipedia)Buffer overflow (Wikipedia)Smashing The Stack For Fun And Profit (phrack.org)The Visual Microphone: Passive Recovery of Sound from Video (YouTube)NSA’s involvement in the design of the Data Encryption Standard (Wikipedia)The Data Encryption Standard (DES) and its strength against attacks by D. Coppersmith (simson.net)Differential cryptanalysis (Wikipedia)Power analysis (Wikipedia)American Cryptology during the Cold War, 1945-1989 (NSA)DirecTV attacks hacked smart cards (theregister.co.uk)Oh mother… | Family Feud (YouTube)Eagle Eye (IMDb) Tip of the Week Did you know you can use your phone as a pro level webcam? Thanks Simon Barker! (reincubate.com) From the tip hotline (cb.show/tips) – Mikerg sent us a great site for learning VSCode. Some are free, some require a $3 monthly subscription, but the ones Joe has done have been really good. Not just VSCode either! IntelliJ, Gmail, lots of other stuff! (keycombiner.com)How to use Visual Studio Code as the default editor for Git MergeTool (stackoverflow.com)Five Easy to Miss PostgreSQL Query Performance Bottlenecks (pawelurbanek.com)
90 minutes | Jan 18, 2022
PagerDuty’s Security Training for Engineers, Penultimate
We’re pretty sure we’re almost done and we’re definitely all present for the recording as we continue discussing PagerDuty’s Security Training, while Allen won’t fall for it, Joe takes the show to a dark place, and Michael knows obscure, um, stuff. The full show notes for this episode are available at https://www.codingblocks.net/episode176. Sponsors Datadog – Sign up today for a free 14 day trial and get a free Datadog t-shirt after creating your first dashboard.Linode – Sign up for $100 in free credit and simplify your infrastructure with Linode’s Linux virtual machines.Shortcut – Project management has never been easier. Check out how Shortcut is project management without all the management. Survey Says Anonymous VoteSign in with WordpressFor this year's Game Jam, you are ...Super prepared. Been practicing all year. I'm ready.Eh, I'll figure something out.OMG, I have no idea what I'm doing.vote News Thanks for the reviews!iTunes: YouCanSayThisNicknameGame Ja Ja Ja Jam is coming up! Just a few days away! (itch.io) XSS – Cross Site Scripting Q: What is XSS? A: XSS is injecting snippets of code onto webpages that will be viewed by others.This can allow the attacker to basically have access to everything a user does or types on a page.Consider something like a comment on a forum, or blog that allows one to save malicious code.The attacker could potentially access cookies and session information,As well as gain access to keyboard entry on the page.You can sanitize the inputs, but that’s not good enough.You can’t check for everything in the world.You really need to be encoding the stored information before you present it back to any users.This allows things to be displayed as they were entered, but not executed by the browser.Different languages, frameworks, libraries, etc., have their own ways of encoding information before it’s rendered by the browser. Get familiar with your library’s specific ways.User supplied data should ALWAYS be encoded before being rendered by the browser. ALWAYS.This goes for HTML, JS, CSS, etc.Use a library for encoding because the chances are they’ve been vetted.Just like we mentioned before, you still have to be diligent about using 3rd party libraries. Using a 3rd party library doesn’t mean you can wash your hands of it.Content Security Policy (CSP) is another way to handle this. (Wikipedia)OWASP considers XSS a type of Injection attack in 2021. CSRF – Cross Site Request Forgery Q: What is CSRF? A: CSRF is tricking someone into doing something they didn’t want to do, or didn’t know they were doing.A couple of examples were given:For example, set the img src to the logout for the site so that when someone visits the page, they’re automatically logged out.Just imagine if the image source pointed to something a little more nefarious.Another example is a button that tricked you into performing an action such as an account deletion on another site. Can be done using a form post and a simple button click.How do you avoid this?Synchronizer token:This is a hidden field on every user submittable form on a site that has a value that’s private to the user’s session.These tokens should be cryptographically strong random values so they can never be guessed or reverse engineered.These tokens should never be shared with anyone else.When the form is submitted, the token is validated against the user’s session token, and if it matches, go ahead with the action, otherwise abort.Again, there are a number of frameworks and libraries out there that have anti-forgery built in. Check with your specific documentation.They go on to say that anything that is not a READ operation should have CSRF tokens.NEVER use GET requests for state changing operations!PagerDuty had a funny mention about an administrative site that included links to delete rows from the database using GET requests. However, as the browser pre-fetched the links, it deleted the database.OWASP dropped CSRF from the Top 10 in 2017 because the statistical data didn’t rank it highly enough to make the list. Click-jacking Q: What is click-jacking? A: Click-jacking is when you are fooled into clicking on something you didn’t intend to.For example, rendering a page over the top of an iframe, and anything that was clicked on that top page (that seemed innocent) would actually make the click happen on the iframe‘d page, like clicking a Buy it Now button.Another example is moving a window as soon as you click causing you to click on something you didn’t intend to click.The best way to prevent click-jacking is to lock down what an iframe can load using the HTTP header X-FRAME-OPTIONS, set to either SAMEORIGIN or DENY. (developer.mozilla.org) Account Enumeration Q: What is account enumeration? A: Account enumeration is when an attacker attempts to extract users or information from a website.Failed logins that take longer for one user than another may indicate that the one that took longer was a real user, maybe because it takes longer as it tries to hash the password.Similar type of thing could happen if customers are subdomained. One subdomain shows properly and another fails. This reveals information about the customers.These may be frustrating, as they pointed out, as you have to walk the line between user experience and security.Just be aware of what type of data you might be exposing with these types of operations.Regarding logins:If the user exists or doesn’t, run the same hashing algorithm to not give away which is real or not.If a user does a password reset, don’t give a message indicating whether the account really existed or not. Keep the flow and messaging the same. Resources we Like For Engineers – PagerDuty Security Training (sudo.PagerDuty.com)For Everyone – PagerDuty Security Training (sudo.PagerDuty.com)Cross-Site Request Forgery (OWASP.org, Wikipedia)About User Enumeration (blog.rapid7.com) Tip of the Week CloudFlare let’s you deploy JAMStack websites for free using their edge network. (pages.cloudflare.com)Amazon has their own open-source game engine, Open 3D Engine, aka O3DE. It’s the successor to Lumber Yard, a AAA-capable, cross-platform, open source, 3D engine licensed under Apache 2.0. (aws.amazon.com, o3de.org)Let’s talk about CSS! Ever use border to try and figure out layout issues? Why not use outline instead? Thanks Andrew Diamond! (W3Schools.com)We discussed a similar technique as a TotW for episode 81.Have you seen those weird mobile game ads? Click this link, maybe when you’re not at work, and embrace the weird world of mobile game ads. (Reddit)Nostalgia for the 80’s? People have uploaded some of the tapes that used to play on the loudspeakers at US department store, K-Mart (Nerdist.com)OWASP publishes cheat sheets for security. (cheatsheetseries.owasp.org)
105 minutes | Jan 4, 2022
PagerDuty’s Security Training for Engineers! Part Deux
We continue our discussion of PagerDuty’s Security Training presentation while Michael buys a vowel, Joe has some buffer, and Allen hits everything he doesn’t aim for. The full show notes for this episode are available at https://www.codingblocks.net/episode175. Sponsors Datadog – Sign up today for a free 14 day trial and get a free Datadog t-shirt after creating your first dashboard.Linode – Sign up for $100 in free credit and simplify your infrastructure with Linode’s Linux virtual machines.Shortcut – Project management has never been easier. Check out how Shortcut is project management without all the management. Survey Says Anonymous VoteSign in with WordpressDo stick with your New Year's resolutions?For the first couple weeks.I'm pretty good until Spring. -Ish.I'm like a machine. Resolutions are rules that are not meant to be broken.Wait, those things are to be taken seriously? They're broken by noon New Years Day.What are resolutions?vote News Thanks for the reviews!iTunes: aodiogoGame Ja-Ja-Ja-Jamuary is coming up, sign up is open now! (itch.io) Encryption OWASP has the more generic “Cryptographic Failures” at #2, up from #3 in 2017.PagerDuty defines encryption as encoding information in such a way that only authorized readers can access it.Note that this is an informal definition that speaks to the most common use of the word.Encryption is really, really difficult to get right. There are people that spend their whole lives thinking about encryption, and breaking encryption. You may think you’re a genius by coming up with a non-standard implementation, but unfortunately the attackers are really sophisticated and this strategy has shown to fail over and over.There are different types of encryption:Symmetric/Asymmetric – refers to whether the keys for reading and writing the encrypted data are the same.Block Cipher – Lets you encrypt and decrypt the data in whole chunks. You need to have an entire block to encrypt or decrypt the whole block at once.Public/Private Key – A kind of asymmetric encryption intended for situations where you want groups to be able to share one of the keys. For example, you can publish a public PGP key and then people can use that to send you a message. You keep the private key private, so you’re the only entity that can read the message.Stream Cipher – Encode “on the fly”, think about HTTPS, great for streaming. You can start reading before you have the entire message. Great for situations where performance is important, or you might miss data. Encryption in Transit Also known by other names such as data in motion.Designed to protect against entities that can snoop (or manipulate!) our communications. You can do this with HTTPS, TLS, IPsec.Perfect Forward Secrecy is the key to protecting past communications, by generating a new key for a single session so that compromised keys only affect the specific session they were used for.From Wikipedia “In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.” (Wikipedia) Encryption at Rest Simply means that data is encrypted where it’s stored.An example of this is full disk encryption on laptops and desktops. The entire drive is encrypted so if someone were to steal the drive, it’d essentially be useless without the keys to decrypt the data on the drive.For PagerDuty, and many other companies, the most important information to protect is customer data, just as important as your own passwords.PagerDuty’s data classifications:General data – This is anything available to the public.Business data – Includes operating data for the business, such as payroll, employee info, etc. This type of data is expected to be encrypted in transit and at rest.Customer data – This is data provided to the company by the customer and is expected to be encrypted in transit and at rest.Customer data includes controls such as authentication, access control, storage, auditing, encryption, and destruction.Business data has similar controls except without the auditing.PagerDuty called out when using cloud systems, make sure you’re enabling the encryption on the various services, like S3, GCS, Blob storage, etc.They mentioned it’s just a checkbox, but in reality you’re probably using scripts, templates, etc. So make sure you know the configurations to include to enable encryption.Another interesting thing they do at PagerDuty: they get alerted when a resource is created without encryption enabled. What about third parties you use? Should they encrypt as well? YES!!!Perform vendor risk assessments prior to using the vendor. If they don’t pass the security assessment, use a different vendor. Secret Management Q. What is it? A. Protecting and auditing access to secrets.Auditing so that you can see when someone is using your secrets that shouldn’t, as well as keep track of systems that should and are using secrets.Hashicorp Vault has a great video to learn about the challenges of managing secrets. (YouTube)What are secrets?Secrets are sensitive things such as tokens, keys, passwords, user names, many others.Secrets should NOT be stored in source control.Although it seems to happen all the time, be it on purpose, by accident, etc.Anyone with access to the code can now access the secrets.PagerDuty uses Vault. Vault:Securely stores secrets,Provides audit access to those secrets, andProvides mechanisms to rotate the secrets if/when necessary.Don’t hardcode or come up with crazy ways to get secrets into your applications.Secrets should never be shared, i.e. if two people need access to a system, they should have their own secrets to access that system.Or maybe you have a “jump” server that has access to an external system, and users have access to the jump server.NEVER share passwords over insecure channels. This can include channels such as:Slack,Email,SMS,But this is not an exhaustive list.If you do accidentally post a secret in a chat or an insecure channel, you should:Let the security team know immediately (you have a security team right?!), andFind out how to rotate the secret and do it.Never allow a secret to be logged!This can be especially egregious if you’re logging customer credentials you don’t control.Be sure you are sanitizing your log data before you log. Resources we Like For Engineers – PagerDuty Security Training (sudo.PagerDuty.com)For Everyone – PagerDuty Security Training (sudo.PagerDuty.com)Security Now (TWiT.tv)Have I Been Pwned (HaveIBeenPwned.com)Forward secrecy (Wikipedia)What is Sign in with Apple? (support.apple.com)What is Hide My Email? (support.apple.com)Introduction to HashiCorp Vault with Armon Dadgar (YouTube)Encryption (NetworkSorcery.com)OWASP Guide to Cryptography (OWASP.org)Infrastructure Secret Management Software Overview (GitHub) Tip of the Week Hashicorp Vault is a tool for managing secrets, but did you know they have a ton of plugins? Take a look! (VaultProject.io)Unity has tools built in for common game functionality, it’s worth taking a few minutes to google for something before you start typing. Don’t worry, there is still plenty of code to write, but these tools improve the quality and consistency of your game.You can use animation clips to create advanced character animations, but it’s also good for simple tweens and motions that need to happen once, or in a loop. No need for “Rotator.cs” type classes that you see in a lot of Unity tutorials. (docs.unity3d.com)NavMeshes are an efficient ways of handling pathfinding, which is an important piece of many games. You can learn the basics in just a few minutes and accomplish some amazing things. (docs.unity3d.com)GoFullPage lets you take a screenshot of a whole webpage, bada bing, bada boom. (chrome.google.com, GoFullPage.com)
118 minutes | Dec 20, 2021
PagerDuty’s Security Training for Engineers
We're taking our time as we discuss PagerDuty's Security Training presentations and what it means to "roll the pepper" while Michael is embarrassed in front of the whole Internet, Franklin Allen Underwood is on a full name basis, and don't talk to Joe about corn.
117 minutes | Dec 6, 2021
What is a Game Engine?
With Game Ja-Ja-Ja-Jamuary coming up, we discuss what makes a game engine, while Michael's impersonation is spot-on, Allen may really just be Michael, and Joe already has the title of his next podcast show at the ready.
139 minutes | Nov 22, 2021
Designing Data-Intensive Applications – Secondary Indexes, Rebalancing, Routing
We wrap up the discussion on partitioning from our collective favorite book, Designing Data-Intensive Applications, while Allen is properly substituted, Michael can't stop thinking about Kafka, and Joe doesn't live in the real sunshine state.
100 minutes | Nov 8, 2021
Designing Data-Intensive Applications – Partitioning
We crack open our favorite book again, Designing Data-Intensive Applications by Martin Kleppmann, while Joe sounds different, Michael comes to a sad realization, and Allen also engages "no take backs".
180 minutes | Oct 25, 2021
The 2021 Shopping Spree
The Mathemachicken strikes again for this year's shopping spree, while Allen just realized he was under a rock, Joe engages "no take backs", and Michael ups his decor game.
137 minutes | Oct 11, 2021
Should You Speak at a Conference?
We discuss the pros and cons of speaking at conferences and similar events, while Joe makes a verbal typo, Michael has turned over a new leaf, and Allen didn’t actually click the link. The full show notes for this episode are available at https://www.codingblocks.net/episode169. Sponsors Datadog – Sign up today for a free 14 day trial and get a free Datadog t-shirt after creating your first dashboard. Survey Says Anonymous VoteSign in with WordpressHow likely are you to give a presentation?Extremely likely ... to attend one. Oh you mean, speak at one, oh no. Definitely not.Extremely likely ... to think about giving a presentation. Maybe a little day dream about how awesome I'd be at it.Extremely likely ... to say that I will give a presentation. But go through with it? Ain't nobody got time for that.Extremely likely ... to actually give a presentation. I love the opportunity to learn something and share it with others.vote News The Kinesis Gaming Freestyle Edge RGB Split Mechanical Keyboard might be the current favorite. Thank you to everyone that left a review!iTunes: dahol1337, PesriHow long does it take to get the Moonlander? (ZSA.io)Is the Kinesis Gaming Freestyle the current favorite? (Amazon)Atlanta Code Camp was fantastic, see you again next year! (atlantacodecamp.com) What kind of speaking are we talking about? ConferencesMeetupsDoes YouTube/Twitch count as tech presentations?There are some similarities! Streaming has the engagement, but generally isn’t as rehearsed. Published videos are closer to the format but you have to make some assumptions about your audience and can get creative with the editing. Why do people speak? Can help you build an audienceEstablish credibilityCheck out Azure Steve!Promotional opportunitiesNetworkingFree travel/conferencesGreat way to learn somethingBecome a better communicatorIs it fun? Who speaks at conferences? People speak at conferences for different reasonsCouple different archetypes of speakers:Sponsored: the speakers are on the job, promoting their company and productsPractitioners: Talks from people in the trenches, usually more technical and focused on specific results or challengesIdea people: People who have a strong belief in something that is controversial, may have an axe to grind or an idea that’s percolating into a productProfessionals: Some companies encourage speakers to bolster the company reputation, promotions and job descriptions might require this How do you put together a talk? How do you pick a talk?Know who is selecting talks, go niche for larger conferences if you don’t have large credentials/backingSometimes conferences will encourage “tracks” certain themes for topicsWhat are some talks you like? What do they do differently?Do you aim for something you know, or want to know?How do you write your talks?How do you practice for a talk?Differences between digital and physical presentations?How long does it take you? Where can you find places to speak? Is this the right question? What does this tell you about your motivation?Meet new people who share your interests through online and in-person events. (Meetup)Find your next tech conference (Confs.Tech)Google for events in your area! Final Questions Is it worth the time and anxiety?What do you want out of talks?What are some alternatives?BloggingVideosOpen SourceParticipating in communities Resources We Like Is Speaking At A Conference Really Worth Your Time? (Cleverism.com)We’re 93% certain that Burke Holland gave a great talk about a dishwasher and Vue.js. (Twitter)Monitor you Netlify sites with Datadog (Datadog)Netlify (docs.datadoghq.com)Risk Astley – Never Gonna Give You Up (Official Music Video) (YouTube)Simple Minds – Don’t You (Forget About Me) (YouTube)Foo Fighters With Rick Astley – Never Gonna Give You Up – London O2 Arena 19 September 2017 (YouTube) Tip of the Week Next Meeting is a free app for macOS that keeps a status message up in the top right of your toolbar so you know when your next meeting is. It does other stuff too, like making it easier to join meetings and see your day’s events but … the status is enough to warrant the install. Thanks MadVikingGod! (Mac App Store)How do I disable “link preview” in iOS safari? (Stack Exchange)Here is your new favorite YouTube channel, Rick Beato is a music professional who makes great videos about the music you love, focusing on what makes the songs and artists special. (YouTube)Hot is a free app for macOS that shows you the temperate of your MacBook Pro … and the percentage of CPU you’re limited to because of the heat! Laptop feels slow? Maybe it’s too hot! (GitHub, XS-Labs)What is the meaning of $? in a shell script? (Stack Exchange)Did you know…You can install brew on Linux? That’s right, the popular macOS packaging software is available on your favorite distro. (docs.brew.sh, brew.sh)
75 minutes | Sep 27, 2021
Transactions in Distributed Systems
Joe goes full shock jock, but only for a moment. Allen loses the “Most Tips In A Single Episode: 2021” award, and Michael didn’t get the invite notification in this […]
121 minutes | Sep 13, 2021
Docker Licensing, Career and Coding Questions
Some things just require discussion, such as Docker's new licensing, while Joe is full of it, Allen *WILL* fault them, and Michael goes on the record.
111 minutes | Aug 30, 2021
Why Get Into Competitive Programming?
We step away from our microservices deployments to meet around the water cooler and discuss the things on our minds, while Joe is playing Frogger IRL, Allen "Eeyores" his way to victory, and Michael has some words about his keyvoard, er, kryboard, leybaord, ugh, k-e-y-b-o-a-r-d!
118 minutes | Aug 16, 2021
Are Microservices … for real?
We decide to dig into the details of what makes a microservice and do we really understand them as Joe tells us why we really want microservices, Allen incorrectly answers the survey, and Michael breaks down in real time.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022