WEBVTT

1
00:00:07.320 --> 00:00:12.119
Hey everybody, and welcome to another
episode of my Angular story. This week

2
00:00:12.160 --> 00:00:17.519
we're talking to Philippe de Reek.
I hope I got somewhere in the ballpark

3
00:00:17.559 --> 00:00:23.000
there. Yeah, close enough.
Sure it's Philip diek uh huh from living

4
00:00:23.039 --> 00:00:26.879
in Belgium. Very cool. Yeah, Belgium is one of those places that

5
00:00:27.160 --> 00:00:30.480
I would love to visit. I
took some French in high school. My

6
00:00:30.559 --> 00:00:34.719
grandmother was from Lyon in France,
so oh wow. Yeah, so I

7
00:00:34.759 --> 00:00:39.640
want to go back there and visit
some places too. But this episode is

8
00:00:39.679 --> 00:00:43.520
sponsored by Century dot Io. Recently
I came across a great tool for tracking

9
00:00:43.560 --> 00:00:46.280
and monitoring problems in my apps.
Then I asked them if they wanted to

10
00:00:46.320 --> 00:00:49.920
sponsor the show and allow me to
share my experience with you. Century provides

11
00:00:49.920 --> 00:00:52.719
a terrific interface for keeping track of
what's going on with my app. It

12
00:00:52.759 --> 00:00:56.240
also tracks releases so I can tell
if what I deployed makes things better or

13
00:00:56.240 --> 00:00:59.560
worse. They give full stack traces
and as much information as possible about the

14
00:00:59.560 --> 00:01:03.039
situation and when the err occurred to
help you track down the errors. Plus

15
00:01:03.119 --> 00:01:06.480
one thing I love, you can
customize the context provided by Century, so

16
00:01:06.840 --> 00:01:10.799
if you're looking for specific information about
the request you can provide it. It

17
00:01:10.840 --> 00:01:14.760
automatically scrubs passwords and secure information,
and you can customize the scrubbing as well.

18
00:01:15.040 --> 00:01:17.920
Finally, it has a user feedback
system built in that you can use

19
00:01:17.959 --> 00:01:21.239
to get information from your users.
Oh and I also love that they support

20
00:01:21.239 --> 00:01:23.519
open source to the point where they
actually open source centry. If you want

21
00:01:23.519 --> 00:01:26.599
to self host it, use the
code dev chat at centri dot io to

22
00:01:26.640 --> 00:01:33.359
get two months free on Century small
plan. That's code dev chat at century

23
00:01:33.359 --> 00:01:40.159
dot io. Anyway, we're here
to talk to you about you and get

24
00:01:40.159 --> 00:01:42.719
your story how you got into code
and things like that. But before we

25
00:01:42.799 --> 00:01:46.959
do that, for those that didn't
hear your adventures in Angular episode, do

26
00:01:46.959 --> 00:01:49.480
you want to just give a brief
introduction who you are, what you do,

27
00:01:49.560 --> 00:01:53.000
where you work. White people know
you are sure. So I'm Philippe.

28
00:01:53.040 --> 00:01:59.799
I'm Basically what I do is I
help companies build more secure rep applications.

29
00:02:00.079 --> 00:02:05.439
Essentially, I'm more of a security
expert. So if I would describe

30
00:02:05.439 --> 00:02:09.919
myself, I would say I'm security
first and development second, because my main

31
00:02:10.319 --> 00:02:15.800
job is training other developers on how
to build secure applications, and the focus

32
00:02:15.879 --> 00:02:20.800
there is always on security I consult
with companies building complex systems and how they

33
00:02:20.800 --> 00:02:23.840
have to tackle security from the beginning
and how to think about these things and

34
00:02:23.840 --> 00:02:29.039
what the current best practices are.
So it's usually all security what I do,

35
00:02:29.120 --> 00:02:34.080
but highly related to practical advice for
developers. So it's not a security

36
00:02:34.080 --> 00:02:37.400
whereas like, yeah, that doesn't
help us very much. It's concrete advice

37
00:02:37.400 --> 00:02:39.719
where you can actually go back to
your application and start looking at the code

38
00:02:39.719 --> 00:02:43.400
to see like, this is actually
secure and if not, these are the

39
00:02:43.439 --> 00:02:46.240
ways to build it out in a
more secure way. And we talked about

40
00:02:46.280 --> 00:02:52.199
a lot of security topics in our
adventures in Angler episode from last week,

41
00:02:52.240 --> 00:02:54.039
so that was definitely a lot of
fun, and I'm sure this one is

42
00:02:54.080 --> 00:02:59.439
going to be totally fun as well. Oh heck yeah. So give us

43
00:02:59.439 --> 00:03:04.439
a little bit about background. How
did you get into programming. It's I've

44
00:03:04.439 --> 00:03:07.599
been doing this for a long time, so I guess when I was in

45
00:03:07.639 --> 00:03:12.439
my teens, Well, you were
online. That was the early days of

46
00:03:12.479 --> 00:03:15.120
the Internet, as I like to
call it. Even though it's already quite

47
00:03:15.159 --> 00:03:19.560
far in the Internet, it was
pre broadband, so it was still IDN

48
00:03:19.680 --> 00:03:23.520
and dial up and all of that, and you had IRC channels, and

49
00:03:23.680 --> 00:03:28.120
there was at that time was like
a graphical I r C client. You

50
00:03:28.159 --> 00:03:30.080
could write some scripts for that,
and that's actually what got me hooked to

51
00:03:30.080 --> 00:03:35.560
be built like a trivia but asking
questions and playing games stuff like that,

52
00:03:36.759 --> 00:03:40.800
and from there it was kind of
a logical transgression. So in high school

53
00:03:40.840 --> 00:03:45.840
when we had a computer science course, they drew something at me and I

54
00:03:45.919 --> 00:03:49.199
was like done with everything for one
semester in two lessons, so I was

55
00:03:49.199 --> 00:03:52.240
like, give me more. I
want to learn more, and just kept

56
00:03:52.240 --> 00:03:55.159
going from there. So I did
some system administration stuff when I was a

57
00:03:55.199 --> 00:04:00.680
student, wrote around in town on
my bike going fixed to fix other people's

58
00:04:00.680 --> 00:04:04.000
computers for the university. So that
was pretty cool, actually getting paid to

59
00:04:04.000 --> 00:04:08.919
do that as al so that was
nice. And then started well, I

60
00:04:08.960 --> 00:04:14.080
studied computer science, did a PhD
in security, and things just dove or

61
00:04:14.800 --> 00:04:17.199
moved on from there. So it's
actually a very natural thing and it has

62
00:04:17.279 --> 00:04:21.199
been my number one thing that I've
been doing for a long time now.

63
00:04:21.240 --> 00:04:26.519
So yeah, nice that, that's
awesome, and yeah, I remember those

64
00:04:26.600 --> 00:04:30.560
those days. I mean I got
in the same way. I was doing

65
00:04:30.600 --> 00:04:35.319
it for the university as a student. Of course, we were we were

66
00:04:35.319 --> 00:04:40.360
supporting more of the infrastructure and server
stuff, so we didn't go out and

67
00:04:40.360 --> 00:04:43.639
fix people's computers. We would log
into the servers and fix that, or

68
00:04:44.160 --> 00:04:46.439
you know, occasionally we had to. Yeah, we'd jump in a car

69
00:04:46.439 --> 00:04:49.920
because the campus was rather large and
drive out to fix some network switch somewhere

70
00:04:50.439 --> 00:04:55.759
or order in a fix from another
department or things like that. So yeah,

71
00:04:55.480 --> 00:04:58.839
yeah, that's absolutely awesome. Yeah, it wouldn't trust us with that

72
00:04:59.000 --> 00:05:03.240
critical infrastructure, I guess, but
they were running their own student network and

73
00:05:03.319 --> 00:05:06.480
they had the support esk. Well
they had a like a hell desk to

74
00:05:06.800 --> 00:05:10.120
call in and if they couldn't fix
it over the phone, they would send

75
00:05:10.160 --> 00:05:13.279
one of us out. And it
was actually pretty cool. I got to

76
00:05:13.279 --> 00:05:15.399
see a lot of people and well, if you're lucky, you could fix

77
00:05:15.439 --> 00:05:17.680
a lot of problems in a short
amount of time and you were done early

78
00:05:17.720 --> 00:05:20.759
and still get paid for full evening. So oh there you go. Pretty

79
00:05:20.759 --> 00:05:25.759
cool gig, Yeah, very cool. So how did you wind up?

80
00:05:26.759 --> 00:05:29.680
Did you do programming for a while
and then get into security or did you

81
00:05:29.680 --> 00:05:31.879
get into security and then figure out
the development stuff or how did that all

82
00:05:31.920 --> 00:05:35.560
work out? It's it's always been
a close mix so I would say that

83
00:05:36.240 --> 00:05:44.040
I was doing security first, but
doing something on computers without really programming doesn't

84
00:05:44.160 --> 00:05:47.079
work well. So I actually started
scripting and programming, but I quickly moved

85
00:05:47.120 --> 00:05:50.439
to security, and everything I did
wasn't function of security. But I've I've

86
00:05:50.480 --> 00:05:55.720
built software, but usually it was
focused on on security aspects or building out

87
00:05:55.720 --> 00:06:00.839
security tools or something like that.
And when I did my PhD, the

88
00:06:00.920 --> 00:06:05.839
same story actually kind of continued because
I started working on this client side defense

89
00:06:05.920 --> 00:06:10.959
against a certain attack called a crosside
request forgery, and we built it out

90
00:06:11.000 --> 00:06:14.199
in a browser plugin, so it
was actually a real thing that you could

91
00:06:14.240 --> 00:06:17.560
install in a browser and it would
actually prevent most of these attacks while trying

92
00:06:17.639 --> 00:06:25.519
not to break scenarios that are legitimate. And that's that kind of further hone

93
00:06:25.560 --> 00:06:29.759
my skills because essentially, once when
you're building stuff for your own or for

94
00:06:30.199 --> 00:06:33.360
technical people, it's kind of straightforward
and well, you can cut some corners

95
00:06:33.360 --> 00:06:36.199
here and there, But if you're
building something for users, it's it's a

96
00:06:36.199 --> 00:06:42.120
whole different ballpark, and learning how
to build something that people can actually use,

97
00:06:42.160 --> 00:06:46.879
how how to make communication possible,
how to reach out to them and

98
00:06:46.040 --> 00:06:48.800
have them reach out to you,
that's that's a whole different story. Sure.

99
00:06:49.279 --> 00:06:54.240
Yeah, So as you're learning this
stuff, I mean, I've had

100
00:06:54.240 --> 00:06:56.160
a few people coming to me and
say, hey, I want to do

101
00:06:56.680 --> 00:07:00.439
some of the security consulting and things
like that, and they have no idea

102
00:07:00.480 --> 00:07:02.360
where to start. It seems like
once you're in for a while and you

103
00:07:02.560 --> 00:07:06.360
get what's going on, and you
you know, you understand the lingo and

104
00:07:06.399 --> 00:07:12.199
things like that, it's it's kind
of easy to maintain your knowledge. You

105
00:07:12.199 --> 00:07:15.839
know, you just make sure you're
looking in the right places. But if

106
00:07:15.839 --> 00:07:18.000
somebody is trying to get started and
trying to get the mindset that they need

107
00:07:18.040 --> 00:07:23.759
for this, how do they do
that? I think getting started? But

108
00:07:24.000 --> 00:07:27.839
the mindset, I like how you
put that, because to me, that's

109
00:07:27.839 --> 00:07:30.360
the most important thing. Having that
mindset, and whether you apply it to

110
00:07:30.759 --> 00:07:35.240
web security or mobile security or physical
security, it's it's basically the same mindset.

111
00:07:35.279 --> 00:07:39.399
It's always thinking about how things can
be abused, what can go wrong,

112
00:07:40.120 --> 00:07:44.160
things like that. How do you
start? I know it's scary,

113
00:07:44.160 --> 00:07:47.279
but just dive in and start reading
about security, and it's if it's a

114
00:07:47.319 --> 00:07:51.120
good book or a good article,
it will have this mindset will be there.

115
00:07:51.279 --> 00:07:56.040
Kind of implicit, sometimes very explicit. Usually it's implicit the way things

116
00:07:56.079 --> 00:08:00.959
are explained, the way an argument
is being built, and just by by

117
00:08:01.120 --> 00:08:05.519
reading and learning about that, you'll
start seeing things in the same fashion.

118
00:08:05.600 --> 00:08:09.680
But I think it only really works
if you focus on the security aspects,

119
00:08:11.439 --> 00:08:16.560
and it doesn't happen that quickly if
you're looking for a secure solution to your

120
00:08:16.600 --> 00:08:22.560
development problem. So it's I would
I would recommend to focus on security specific

121
00:08:22.680 --> 00:08:26.480
resources first because that's going to give
you a lot of the context you need.

122
00:08:26.519 --> 00:08:30.720
And then after that it's it's a
matter of deciding what way you want

123
00:08:30.759 --> 00:08:33.879
to go in because there's so much
and honestly, I haven't met anyone who's

124
00:08:33.919 --> 00:08:39.720
able to cover everything security device,
Okay, so it's insane. Yeah,

125
00:08:39.759 --> 00:08:43.000
that makes sense. So when you're
talking about security specific solutions, or you're

126
00:08:43.000 --> 00:08:48.120
talking about like oh ASP or oh
AS sure has a very useful set of

127
00:08:48.159 --> 00:08:54.639
resources absolutely so. AS is a
nonprofit organization aiming to improve the state of

128
00:08:54.679 --> 00:08:58.960
security and software, and what they
do is they basically create a very large

129
00:08:58.960 --> 00:09:03.120
community volunteers doing useful, useful stuff. They built useful documents, they built

130
00:09:03.360 --> 00:09:07.840
code examples, tools, vulnerable applications. You can go out and heck things

131
00:09:07.879 --> 00:09:11.240
like that, and all of that
is very useful. So yeah, there's

132
00:09:11.360 --> 00:09:18.399
definitely a bunch of information available there
that can get you started, but apartment

133
00:09:18.480 --> 00:09:22.480
as there's also other things and a
lot of to learn as well. It's

134
00:09:22.480 --> 00:09:28.240
often about technology first, and then
after you master technology you can start thinking

135
00:09:28.279 --> 00:09:33.399
about security implications of these things.
Nice. So so yeah, so you

136
00:09:33.440 --> 00:09:37.960
start learning about this stuff. What
resources were there when you were learning it

137
00:09:39.159 --> 00:09:43.639
back in the day, books or
videos or yes, back then, I

138
00:09:43.120 --> 00:09:46.240
still read a lot of books.
So that was the time where you can

139
00:09:46.279 --> 00:09:52.000
actually get a book which remained valid
for like five to ten years, which

140
00:09:52.080 --> 00:09:56.000
is today, for case, five
to ten minutes these days. Yeah,

141
00:09:56.080 --> 00:09:58.200
something like that. By the time
your book is finished, it's like,

142
00:09:58.279 --> 00:10:01.519
yeah, this thing is data,
let's stump it. Yeah, so it's

143
00:10:01.519 --> 00:10:05.399
it's a whole different age. So
I started with books like Linux Server Administration

144
00:10:05.519 --> 00:10:11.840
and things like that. They remain
valid for a long time. So yeah,

145
00:10:11.840 --> 00:10:13.679
that's that's a good one. There's
still a few few gems out there

146
00:10:13.720 --> 00:10:20.600
that are more about the way of
thinking and classical examples which are still really

147
00:10:20.600 --> 00:10:24.559
really relevant. One really good book
is Security Engineering from Ross Anderson, which

148
00:10:24.919 --> 00:10:30.120
actually explains a lot about the mindset
and makes it very explicit, So that

149
00:10:30.240 --> 00:10:35.720
is definitely a strong recommendation for anyone
thinking about security. It's not a light

150
00:10:35.759 --> 00:10:39.039
reading material, so it actually goes
into a lot of depth in some scenarios

151
00:10:39.320 --> 00:10:45.120
as some real world examples of security
failures as well, not necessarily ID only,

152
00:10:45.159 --> 00:10:48.960
but also like military problems with security
and stuff like that. So it's

153
00:10:48.159 --> 00:10:52.279
wow, yeah, it's it's a
yeah, there's a lot of knowledge in

154
00:10:52.320 --> 00:10:56.519
that book, and that's a good
good starting point. And other than that,

155
00:10:56.639 --> 00:11:00.879
find out what what is your poison, basically what you're interested in,

156
00:11:00.919 --> 00:11:05.759
if it's web security or mobile or
containers or whatever. Yeah, whatever works

157
00:11:05.799 --> 00:11:13.279
for you. Nice. So at
what point were you into the security stuff?

158
00:11:13.200 --> 00:11:18.600
Did you start getting into the web
security and sort of the front end

159
00:11:18.480 --> 00:11:22.240
angular react view, I'm assuming you
treat some back end stuff too, but

160
00:11:22.720 --> 00:11:26.879
how did you get exposed to that
kind of security? Yeah, again,

161
00:11:26.919 --> 00:11:31.960
that's that's kind of a slow progression
moving forward. Part of it is because

162
00:11:31.960 --> 00:11:35.000
I really suck at low level code, so trying to give me pointers in

163
00:11:37.080 --> 00:11:39.320
reference and all of these things that
really gets to be confused really quickly.

164
00:11:39.360 --> 00:11:46.799
So c was not my best course
at the university. So but back end

165
00:11:46.799 --> 00:11:50.120
stuff in Java, that's how things
got started. That was the day of

166
00:11:50.679 --> 00:11:56.919
Java service SID that Bay generation like
GSB and oh yeah. So I started

167
00:11:58.000 --> 00:12:01.360
learning these things back when I was
a student, and then of course security

168
00:12:01.360 --> 00:12:09.200
back then was mainly service sighting.
And then I think when I finished my

169
00:12:09.320 --> 00:12:16.759
PhD, that was when Angler one
was still the main framework in the Angler

170
00:12:16.799 --> 00:12:18.720
world. There was no talk of
Angler Crew. So I started looking at

171
00:12:18.720 --> 00:12:22.240
like, what does security mean in
Angler and actually had to learn Angler first,

172
00:12:24.519 --> 00:12:28.360
which was a big surprise in the
beginning because that was when this was

173
00:12:28.399 --> 00:12:31.799
still awesome. It's like, oh
my god, this this takes away so

174
00:12:31.879 --> 00:12:35.240
much pain, Like yeah, let's
do this. And I started learning about

175
00:12:35.320 --> 00:12:39.759
security and how Angler handles cross that
scripting and how you'll find crappy advices that

176
00:12:39.879 --> 00:12:46.159
overflow to bypassed that and all the
dog basically grew from there, and that's

177
00:12:46.159 --> 00:12:48.799
how I started talking about that.
And I still I was at an Angler

178
00:12:48.840 --> 00:12:52.320
conference in Belgium last week, and
I still met people that said like,

179
00:12:52.440 --> 00:12:54.960
yeah, I first met you at
this meet up talk you did about English

180
00:12:56.000 --> 00:12:58.120
security at the university, and I
was like, yeah, that's a long

181
00:12:58.159 --> 00:13:03.360
time ago. People still remember that, So that's what got me hooked to

182
00:13:03.399 --> 00:13:07.879
Angler. And then of course Angler
too came out and they got a lot

183
00:13:07.879 --> 00:13:13.639
of things a lot better than before, which is great for me to talk

184
00:13:13.679 --> 00:13:15.879
about, Like, hey, if
you're doing Angler, this is actually pretty

185
00:13:15.879 --> 00:13:18.519
cool for security. We talked about
that in a previous episode as well.

186
00:13:18.200 --> 00:13:22.080
And then of course people are using
other things on Angler. There's more out

187
00:13:22.120 --> 00:13:26.360
there in case some of the listeners
have no idea. There's a lot of

188
00:13:26.360 --> 00:13:30.960
people using things like React and View. So yeah, I started looking at

189
00:13:30.960 --> 00:13:35.200
those as well, but I'm I'm
mainly an Angler guy because the security anglers

190
00:13:35.200 --> 00:13:39.399
and Angler is the only framework that
gets security right by default, and I

191
00:13:39.480 --> 00:13:45.559
really like that as a security person. So yeah, yeah, I think

192
00:13:45.600 --> 00:13:48.320
you kind of implied that in the
episode, but I don't know if you

193
00:13:48.440 --> 00:13:54.200
explicitly stated it. So I think
so. I think so because I remember

194
00:13:54.240 --> 00:13:58.120
being careful about not bashing React or
View too much, which I always have

195
00:13:58.200 --> 00:14:01.360
to be careful about cause if people
ask me, I'm like, do it

196
00:14:01.399 --> 00:14:03.639
with Angler, because from a security
perspective, Angler is a lot better.

197
00:14:03.639 --> 00:14:09.440
But I'm fully aware that Angler solves
different problems and reacts with you, and

198
00:14:09.799 --> 00:14:11.840
usually I follow up that first piece
of advice with whatever works for you.

199
00:14:11.919 --> 00:14:16.919
If your team is comfortable with React
and Angler doesn't work for you, then

200
00:14:18.000 --> 00:14:20.080
there's no point in trying to force
yourself to use Angler because it's not going

201
00:14:20.120 --> 00:14:26.200
to work like that. But yeah, hey, folks, this is Charles

202
00:14:26.240 --> 00:14:30.120
Maxwood and I just launched my book, The max Coder's Guide Defining Your Dream

203
00:14:30.120 --> 00:14:33.840
Developer Job. It's up on Amazon. We self published it. I would

204
00:14:33.840 --> 00:14:35.240
love your support. If you want
to go check it out, you can

205
00:14:35.240 --> 00:14:39.840
find it there, The Maxicoder's Guide
Defining Your Dream Developer Job. Have a

206
00:14:39.840 --> 00:14:43.840
good one, max out. I
really like how Angler handles a couple of

207
00:14:43.919 --> 00:14:48.000
things out of the books which the
out frameworks do not. Then that is

208
00:14:48.039 --> 00:14:52.200
my main preference. I would say, nice, So how much have you

209
00:14:52.240 --> 00:14:58.480
done with the other frameworks with Angler
or sorry? With View and React,

210
00:14:58.600 --> 00:15:03.600
it's mainly about figuring out how they
work with security, so I haven't.

211
00:15:03.200 --> 00:15:07.279
I honestly don't have time to stay
up to date on all the frameworks all

212
00:15:07.320 --> 00:15:11.120
the time, espectually to build like
a full flashed application, so I usually

213
00:15:11.159 --> 00:15:18.799
build training applications with the frameworks because
the front end security stuff is focused on

214
00:15:18.840 --> 00:15:22.279
things like crossid scripting, and you
can easily well if you figure out the

215
00:15:22.320 --> 00:15:26.759
techniques or the details, then you
know what's what's going on, and it's

216
00:15:26.799 --> 00:15:31.120
not going to impact the architecture of
the application per se. Right, So

217
00:15:31.360 --> 00:15:35.639
I build my own applications that I
use for my trainings in Angler, and

218
00:15:35.679 --> 00:15:41.200
then I have like I have a
training application for posting restaurant reviews, and

219
00:15:41.240 --> 00:15:45.120
I have that one in a couple
of different languages, and even service side

220
00:15:45.120 --> 00:15:50.600
technologies like the old travel server pages
to show how things went bad in that

221
00:15:50.840 --> 00:15:52.399
area and how it's a lot better
if you have to fix it in a

222
00:15:52.440 --> 00:15:56.600
front end application and you have to
do in a back end application. So

223
00:15:56.720 --> 00:16:00.159
even in React, it's actually better
than it used to be in PHB or

224
00:16:00.200 --> 00:16:03.720
GSP or ASP do thatt or right
or whatever. So it's still a big

225
00:16:03.720 --> 00:16:07.799
improvement, but I think we can
do even better. Yeah, well,

226
00:16:07.080 --> 00:16:11.120
I think security is one of those
fields to where you know, some of

227
00:16:11.159 --> 00:16:15.120
these are going to be obvious,
like cross site scripting and things like that,

228
00:16:15.159 --> 00:16:18.240
where it's okay, you know,
my framework can handle you know,

229
00:16:18.360 --> 00:16:22.519
ninety five percent of the cases right
where this is gonna could even crop up,

230
00:16:22.559 --> 00:16:26.120
and it's just not going to happen
and then somebody's going to come up

231
00:16:26.120 --> 00:16:30.120
with something else or some new way
of doing it that So it's it's this

232
00:16:30.399 --> 00:16:33.799
race that we're going to have to
continually run for as long as we have

233
00:16:33.879 --> 00:16:38.000
computers. Yeah, definitely. And
what I see in the last couple of

234
00:16:38.080 --> 00:16:42.600
years is the technologies that we're using
for security are becoming more and more complicated

235
00:16:42.639 --> 00:16:48.000
as well. So we have a
browser security policies like CSP and well,

236
00:16:48.200 --> 00:16:52.360
frankly, it's a explaining that to
a developer to make it useful for them.

237
00:16:52.399 --> 00:16:56.679
It's it's a really really hard job
because it's a very complicated policy and

238
00:16:56.720 --> 00:17:00.519
there's a lot of bypasses if you
get it wrong, so you have to

239
00:17:00.600 --> 00:17:03.679
really understand what you're doing to get
it right and right. The same thing

240
00:17:03.759 --> 00:17:07.440
goes for service SID technologies like all
out and open eddy connects and all of

241
00:17:07.440 --> 00:17:12.200
these things. It's just understanding how
they work before you can understand where you're

242
00:17:12.200 --> 00:17:17.039
doing it securely. That takes an
insane amount of effort, and that's that's

243
00:17:17.079 --> 00:17:18.960
what a lot of my consulting gigs
are about nowadays, Like, hey,

244
00:17:19.000 --> 00:17:22.880
we're doing this and we don't really
know whether it is Okay, can you

245
00:17:22.000 --> 00:17:25.880
take a look at this and can
you help us out with defining what the

246
00:17:25.880 --> 00:17:29.720
best practices really are because we don't
want to spend a year diving through all

247
00:17:29.720 --> 00:17:33.400
the specs and all of that to
figure out whether we're doing the right job.

248
00:17:33.480 --> 00:17:37.559
And that knowledge injection really helps teams
move forward because they get like a

249
00:17:37.279 --> 00:17:41.680
quick checkup or quick overview of best
practice and they're like, Okay, we

250
00:17:41.799 --> 00:17:44.160
got this right, we need to
fix this and we can move forward,

251
00:17:44.799 --> 00:17:48.559
and that really helps makes sense,
And we went into a lot of this

252
00:17:48.599 --> 00:17:52.400
stuff in Adventures in Angular episode,
so I'm not going to be labor it

253
00:17:52.440 --> 00:17:56.480
too much. I am curious,
though, what's your process for evaluating Let's

254
00:17:56.480 --> 00:18:00.039
say that you know Angeler releases Angular
nine, which we know is coming soon.

255
00:18:02.880 --> 00:18:06.319
What do you do you know when
they release it to evaluate it for

256
00:18:06.359 --> 00:18:10.519
security? Well, fortunately, I
would say on the security side, thinks

257
00:18:10.599 --> 00:18:17.200
remain fairly stable. So I think
that the most of the security related behavior

258
00:18:17.200 --> 00:18:19.839
and angler has been there since version
two, so that's good. Maybe over

259
00:18:19.920 --> 00:18:25.559
time they made some minor modifications that
affect certain aspects, like adding interceptors in

260
00:18:25.640 --> 00:18:29.279
version four. That was kind of
a big change, But we had something

261
00:18:29.319 --> 00:18:32.880
similar Angler one, so it was
still kind of similar. So what I

262
00:18:32.920 --> 00:18:36.039
typically do is I go to the
release notes to see what the features are

263
00:18:36.400 --> 00:18:41.039
that they actually added, because I
don't follow that on like very closely either.

264
00:18:41.160 --> 00:18:45.079
And then when there is something security
related, I have to figure out

265
00:18:45.079 --> 00:18:49.160
what's changed. But honestly, I
haven't seen that happen in Angler yet.

266
00:18:49.559 --> 00:18:55.640
So in React, for example,
they did change or are going to change.

267
00:18:55.640 --> 00:18:59.480
I haven't checked in the last two
weeks, but they actually did change

268
00:18:59.480 --> 00:19:03.759
some security behavior by default. It's
again a good thing. But yeah,

269
00:19:03.799 --> 00:19:08.640
then of course I have to figure
it out, update my my course materials,

270
00:19:08.720 --> 00:19:12.559
update my labs and and all of
that. So it's a yeah,

271
00:19:12.680 --> 00:19:15.559
it's a it's a continuous game of
staying up to date security. There's yea.

272
00:19:15.839 --> 00:19:18.599
It's not like I can ever be
done with my course or anything.

273
00:19:18.640 --> 00:19:23.039
It's always updating and always find you. Yeah, where do people find your

274
00:19:23.079 --> 00:19:30.119
course? I do in person developer
training, so you'll find it if you

275
00:19:30.160 --> 00:19:34.400
bring me to your company. I
got you with me, so yeah,

276
00:19:34.400 --> 00:19:37.839
it's me. It's mainly in person
training, but I'm planning to release some

277
00:19:37.960 --> 00:19:41.319
online content next year. So if
you if you follow me on Twitter or

278
00:19:41.839 --> 00:19:45.519
subscribe to the mailing list. You'll
definitely get updates from there as well.

279
00:19:45.559 --> 00:19:49.440
But it's anyone who has ever built
online content will know that this is not

280
00:19:49.480 --> 00:19:53.920
an easy job and takes a lot. Yeah, so I'm slowly getting ready

281
00:19:53.960 --> 00:19:59.799
for that. So first we have
the holiday season and after that I'm gonna

282
00:20:00.039 --> 00:20:03.000
jumped into it recharged and ready to
go. Yeah, it seems like a

283
00:20:03.039 --> 00:20:06.839
lot of folks or a lot of
companies, sorry, they get it right.

284
00:20:07.400 --> 00:20:11.200
They tend to have one person that's
kind of dedicated to this, and

285
00:20:11.240 --> 00:20:15.440
it may not be a full time
job, but it's a significant part of

286
00:20:15.480 --> 00:20:21.559
the time that they spend working on
that. So yeah, that depends on

287
00:20:21.559 --> 00:20:25.680
the company side. So some of
my customers actually are really big companies.

288
00:20:25.720 --> 00:20:29.599
They have like a security team and
hundreds of people in that security team.

289
00:20:30.119 --> 00:20:33.240
And what they try to do is
or what seems to work really well,

290
00:20:33.279 --> 00:20:37.119
is that they am that's security champions
in the development teams. And a security

291
00:20:37.160 --> 00:20:41.079
champion is kind of a developer with
an appetite for security, so someone who

292
00:20:41.319 --> 00:20:45.759
wants to learn more, who who
gets training on security as well, and

293
00:20:45.119 --> 00:20:49.400
they actually steer the team from the
inside. So whenever there's a development discussion

294
00:20:49.400 --> 00:20:52.079
like can we do it like this, or that they can be like,

295
00:20:52.200 --> 00:20:53.839
no, that is probably not very
secure, so let's do it like this,

296
00:20:55.720 --> 00:21:00.559
And that already brings like the security
awareness into the team. Of course,

297
00:21:00.799 --> 00:21:03.319
they can escalate the the security team
for very specific questions or guidelines or

298
00:21:03.359 --> 00:21:08.319
something like that. But yeah,
it's it's definitely definitely a very important job

299
00:21:08.319 --> 00:21:14.359
to stay up to date so that
you can actually give concrete advice. Yeah,

300
00:21:14.400 --> 00:21:17.920
and I like that approach too,
because, for better or worse,

301
00:21:18.000 --> 00:21:22.240
human nature is such that it's easier
to take when it comes from quote unquote

302
00:21:22.279 --> 00:21:26.039
one of us. Right, and
so if you have that security champion on

303
00:21:26.079 --> 00:21:30.839
the team and they fit in or
they feel like they belong right. You

304
00:21:30.839 --> 00:21:36.680
know, I like working with Joe, but sometimes Joe brings up stuff that's

305
00:21:36.720 --> 00:21:41.119
a pain in the neck because of
security related and that's hard. It's easier

306
00:21:41.119 --> 00:21:44.680
to take than you know, somebody
swooping in from the security team and going

307
00:21:44.680 --> 00:21:48.960
guys, guys, guys, guys, yeah, and no, you cannot

308
00:21:48.960 --> 00:21:51.400
do we released this. You have
to fix this in this first Yeah,

309
00:21:51.400 --> 00:21:55.240
that grade is definitely a bad vibe. So yeah, no, team.

310
00:21:56.000 --> 00:21:59.480
Yeah, but one of the important
things about security champions. Is that there

311
00:21:59.559 --> 00:22:03.599
developer themselves, So yeah, they
know about the banes that developers face,

312
00:22:03.640 --> 00:22:06.279
and it's like I can easily say, like just do this like that,

313
00:22:06.319 --> 00:22:10.240
but if you don't know what's behind
that, it's going to be a major

314
00:22:10.480 --> 00:22:12.640
architectural change in the application. It's
like a lot of code that needs to

315
00:22:12.680 --> 00:22:17.559
be redone and that has a major
impact. So you need to have that

316
00:22:17.680 --> 00:22:22.160
background to understand the impact of the
of certain decisions. And yeah, absolutely,

317
00:22:22.200 --> 00:22:26.920
that's that's why I'm I can never
stop developing either. I need that

318
00:22:26.519 --> 00:22:30.559
the background to make my advice and
my courses and whatever relevant. Otherwise,

319
00:22:32.079 --> 00:22:34.279
well you're just telling people to do
stuff without knowing what it means, and

320
00:22:34.359 --> 00:22:41.799
that's not what I want to do. Yep, absolutely, So yeah,

321
00:22:41.799 --> 00:22:45.319
this has been really fun. What
are you working on now? Honestly,

322
00:22:45.039 --> 00:22:48.319
when I shut down my call here, I'm going to go on holiday,

323
00:22:48.440 --> 00:22:53.920
so I'm reorizing except for trying to
take some time off. So yeah,

324
00:22:53.960 --> 00:22:57.839
it's it's been a very busy year, so I've been looking forward to some

325
00:22:57.920 --> 00:23:03.480
time off. But what I'm working
on next is I have a couple of

326
00:23:03.519 --> 00:23:07.839
conferences in Europe coming up. Conference
workshops on single page application security. So

327
00:23:07.880 --> 00:23:15.119
I'll definitely be working on that in
January to make sure it's updated from this

328
00:23:15.240 --> 00:23:18.160
year so it's all ready to go. And then I'll be working on some

329
00:23:18.960 --> 00:23:25.119
online course materials and a couple more
cheat sheets on security. So I've built

330
00:23:25.119 --> 00:23:30.440
a few this year about like one
page overview of security in Angler, for

331
00:23:30.480 --> 00:23:33.359
example, like a list of things
to watch out for or to not do

332
00:23:34.440 --> 00:23:38.119
or check look for in your applications. And I did one on Jason webtokens

333
00:23:38.119 --> 00:23:41.319
as well, and I'm planning to
build a few more next year. So

334
00:23:41.440 --> 00:23:47.720
yeah, nice, very cool.
One other thing that I like to do

335
00:23:47.759 --> 00:23:51.920
on these shows is just give people
an idea of who our guests are,

336
00:23:52.000 --> 00:23:55.039
right, because we talk about the
tech, we talk a bit about your

337
00:23:55.079 --> 00:23:59.920
career, but it's like, you
know, who is Philip right are you?

338
00:24:00.079 --> 00:24:03.440
You know, maybe you have eighteen
kids and fourteen cats. I mean,

339
00:24:03.480 --> 00:24:07.359
who knows, right? You know, maybe you like to ski,

340
00:24:07.480 --> 00:24:10.920
maybe you play the guitar, So
you want to kind of give us an

341
00:24:10.960 --> 00:24:15.160
idea of who you are when you're
not the security expert. Yeah, so

342
00:24:15.279 --> 00:24:22.119
I do have a family, not
eighteen kids, but two and a half,

343
00:24:22.160 --> 00:24:26.200
So two kids, someone on the
way oh congrats, thank you.

344
00:24:26.599 --> 00:24:33.480
And we have zero animals at home, so I know we're not really cat

345
00:24:33.559 --> 00:24:37.880
persons are dark persons. We're good
like that. So what do I do?

346
00:24:37.960 --> 00:24:41.039
Well, I travel a lot for
work, so I'm happy when i'm

347
00:24:41.039 --> 00:24:45.440
home. I like to cook,
so I'm also a professional chef. I

348
00:24:45.519 --> 00:24:48.079
used to have a catering business for
a very short amount of time, but

349
00:24:48.119 --> 00:24:51.799
then things wow so busy that,
yeah, that was impossible to maintain.

350
00:24:52.599 --> 00:24:56.519
Yeah, I have Christmas coming up, so I'm actually working on a Christmas

351
00:24:56.599 --> 00:25:00.160
menu and slow cooking some meat and
things like that. So that's yes,

352
00:25:02.599 --> 00:25:04.680
So that's what I like to do
when I'm when I'm home. Sure,

353
00:25:04.960 --> 00:25:07.799
Now, when you say slow cooking
some meat, are you using something like

354
00:25:07.880 --> 00:25:15.000
a crockpot or a smoker or it's
a souvid. So he goes into a

355
00:25:15.079 --> 00:25:22.119
vacuum bag and I have some some
pork. I don't know the English word,

356
00:25:22.240 --> 00:25:26.599
like the upper part of the tie. It's rich now, and it's

357
00:25:26.640 --> 00:25:29.839
going to go into a Brian for
for two days, and then I'm gonna

358
00:25:29.839 --> 00:25:33.519
slow coogle at sixty five celsius for
two more days and it's going to be

359
00:25:33.559 --> 00:25:37.640
like super tender, and yeah,
it's awesome, just like Falls off the

360
00:25:37.680 --> 00:25:41.839
Bone, and it's going to be
great. Adventures and Angler is a dev

361
00:25:41.920 --> 00:25:47.240
chat dot tv production made in partnership
with hero Devs. Hero Devs is a

362
00:25:47.279 --> 00:25:51.960
group of Angular experts who can help
your team code like true developer heroes.

363
00:25:52.200 --> 00:25:55.920
If your team needs an Angular expert, reach out to Aaron at hero dot

364
00:25:55.960 --> 00:26:00.000
dev today. So I have to
ask then, because I have a Suvie

365
00:26:00.160 --> 00:26:04.160
machine that I have never used.
That's the shame it is. I it's

366
00:26:04.200 --> 00:26:07.960
something that I need to remedy.
I have a whole bunch of roasts in

367
00:26:08.039 --> 00:26:14.720
my in my freezer, so you
know we've got uh, We've got the

368
00:26:14.799 --> 00:26:18.079
rump roast, which I think is
what you're talking about, shoulder roasts.

369
00:26:18.839 --> 00:26:23.599
I've got beef roast too. So
yeah, so what what should I do

370
00:26:23.680 --> 00:26:27.960
with Let's say that I have a
shoulder beef shoulder roast? How do how

371
00:26:27.960 --> 00:26:33.039
do I how do I attack that
with zoobeed machine? Well, what you

372
00:26:33.160 --> 00:26:41.759
what you can do is you could
sweet it first, so basically cook it

373
00:26:41.799 --> 00:26:45.960
first slowly so it gets like real
moist and tender, and then you can

374
00:26:45.119 --> 00:26:49.519
see it afterwards. You can basically
it's called it sounds good. So you

375
00:26:49.519 --> 00:26:52.960
you make it like it's very tuicy
and tender first and then put in like

376
00:26:53.000 --> 00:26:56.039
a really hot bund or in the
oven for for a bit, and you

377
00:26:56.119 --> 00:26:59.559
get the outside and nice and crispy, and the inside is going to be

378
00:27:00.039 --> 00:27:03.519
a very tender because you you sloke
right very long time. So yeah,

379
00:27:03.559 --> 00:27:08.000
that would definitely be be a good
way to go. And you can start

380
00:27:08.000 --> 00:27:12.039
piling around with the spices and whatever
you put in the bag and there's yeah,

381
00:27:12.079 --> 00:27:17.960
there's a lot of fun doing that. Yeah. Yeah, my version

382
00:27:17.960 --> 00:27:21.559
of this, I have a meat
smoker that sits on my front porch.

383
00:27:21.759 --> 00:27:25.319
It actually looks like a mini fridge. It's it just plugs into the wall.

384
00:27:25.960 --> 00:27:26.960
But yeah, you throw some wood
chips in there. It has a

385
00:27:27.039 --> 00:27:32.279
heating element in there that you know, sits right under the wood makes it

386
00:27:33.000 --> 00:27:37.160
char and so it smokes, and
uh, yeah, I've gotten I've done

387
00:27:37.680 --> 00:27:41.759
pork. In fact, I've got
a ton of ribs in my freezer too.

388
00:27:41.759 --> 00:27:45.079
I should just make some some ribs. I've been wanting to brind a

389
00:27:45.119 --> 00:27:49.519
turkey and put it in the smoker
and see how that goes. But yeah,

390
00:27:49.559 --> 00:27:53.799
the smoker usually depending on how I'm
cooking things, you know, it

391
00:27:53.839 --> 00:27:57.279
can take anywhere from six hours to
like eighteen hours to cook the meat.

392
00:27:57.359 --> 00:28:02.039
So yeah, it sounds like a
big smoker if you can fit a turkey

393
00:28:02.039 --> 00:28:06.319
in there, but yeah, that
would be about all that would fit in

394
00:28:06.319 --> 00:28:10.559
there is one turkey. Yeah,
when we smoke here, we do it

395
00:28:10.640 --> 00:28:14.440
on a smaller scale typically, But
yeah, I haven't tried my hand on

396
00:28:14.519 --> 00:28:17.720
that yet, so yeah, maybe
next year, who knows. Yeah,

397
00:28:17.720 --> 00:28:18.920
a good deal. But yeah,
I'm definitely going to have to try the

398
00:28:19.319 --> 00:28:25.160
suv'd And a lot of the roasts
I get are vacuum sealed already, so

399
00:28:25.200 --> 00:28:27.480
I'm pretty sure I can just drop
it in with the souvi'de. I don't

400
00:28:27.480 --> 00:28:32.039
need to put it in a it's
already vacuum sealts. I don't You could

401
00:28:32.079 --> 00:28:34.799
do that, then you definitely need
some good seasoning afterwards, yeah, when

402
00:28:34.799 --> 00:28:37.640
you finished the meat. But yeah, if it's already vacuum sealed, it's

403
00:28:37.680 --> 00:28:41.279
going to be I don't know if
you have an actual vacuum machine, I

404
00:28:41.319 --> 00:28:45.920
do, Okay, that doesn't matter. You can reseal it as well,

405
00:28:45.039 --> 00:28:48.400
that's true. I could pull it
out, season it and then stick it

406
00:28:48.440 --> 00:28:52.920
in and vacuum seal it again.
Yeah, absolutely, you've inspired me.

407
00:28:53.160 --> 00:28:57.599
I have time. I need to
do it before I'm forty, which means

408
00:28:57.640 --> 00:29:03.440
I need to do it today because
my birthdays and two days all right tomorrow

409
00:29:03.480 --> 00:29:07.400
actually, so oh congrats happy birthday
man, most thank you the same for

410
00:29:07.440 --> 00:29:11.000
you. That's right. Well,
we'll pretend that we're brothers or something,

411
00:29:11.079 --> 00:29:17.480
right, all right, Definitely go
go try out at Suvi. There's there's

412
00:29:17.519 --> 00:29:19.720
a website with a lot of great
information called chef Steps, and they have

413
00:29:19.759 --> 00:29:23.240
a lot of great content. So
give them a give them a look,

414
00:29:23.279 --> 00:29:27.240
and you'll be able to find something
to do with your shoulder roast for sure.

415
00:29:27.680 --> 00:29:30.559
Yeah. One other thing that I've
been thinking is just because a lot

416
00:29:30.559 --> 00:29:33.920
of times what I what I do
is I wind up making a meal either

417
00:29:33.960 --> 00:29:37.559
in my instant pot, which is
a pressure cooker, and so you can

418
00:29:37.599 --> 00:29:40.839
do a lot of the slow cooker
recipes. You just throw it in and

419
00:29:40.839 --> 00:29:45.200
it's done in an hour. But
yeah, I've thought about like putting a

420
00:29:45.319 --> 00:29:51.160
meal in the pressure cooker for tonight
and then putting something that needs to run

421
00:29:51.200 --> 00:29:55.480
in like the slow cooker, the
croc pot, you know, for for

422
00:29:55.640 --> 00:29:59.319
tomorrow for dinner, you know,
because I can just leave it warm on

423
00:29:59.359 --> 00:30:03.200
the counter and then yeah, do
something in the SOUVD and so I basically

424
00:30:03.200 --> 00:30:04.599
have three meals cooking at the same
time, and it's just like, all

425
00:30:04.720 --> 00:30:08.759
right, here's tonight, here's tomorrow, right, you know, or the

426
00:30:08.759 --> 00:30:12.720
smoker, same deal there. But
yeah, and I'm really hankering for some

427
00:30:12.799 --> 00:30:18.519
ribs. Now, well, you
have all day left, I guess in

428
00:30:18.559 --> 00:30:21.720
Salt Lake City, So that's true. Yeah, we have, we have

429
00:30:21.759 --> 00:30:26.640
the whole afternoon. All right.
Well, I guess the last thing we

430
00:30:26.720 --> 00:30:32.319
have is before we do picks.
If people want to find you online,

431
00:30:32.319 --> 00:30:36.640
where do they find you. I'm
very active on Twitter, so that's a

432
00:30:36.640 --> 00:30:40.759
good place to find me. And
the website of my company is called Pragmatic

433
00:30:40.799 --> 00:30:44.599
Web Security dot com and you can
find everything you need there, so I'm

434
00:30:44.640 --> 00:30:45.799
easy to reach. So if there's
anything you want to talk about on his

435
00:30:47.000 --> 00:30:49.759
dates, all right, And and
that's where people can hire you too,

436
00:30:49.920 --> 00:30:56.480
right yeah sure, Well, well
I don't like have a standard hiring practice,

437
00:30:56.559 --> 00:30:59.880
So basically what happens, I just
got a meal like that an hour.

438
00:31:00.160 --> 00:31:03.039
I haven't been able to respond yet, but it's people who shout like,

439
00:31:03.039 --> 00:31:06.920
hey, we're struggling with this or
that would that be a good fit.

440
00:31:06.960 --> 00:31:08.440
Can you help us out here?
And we schedule a call to talk

441
00:31:08.440 --> 00:31:14.119
about these things, and after that
they well, we can both decide whether

442
00:31:14.119 --> 00:31:17.160
it's going to work out or not, and whether I'm the right guy to

443
00:31:17.200 --> 00:31:19.079
help help you with these things.
And if I am, we can move

444
00:31:19.119 --> 00:31:22.640
forward, and if not, then
hopefully I can point you to someone who

445
00:31:22.680 --> 00:31:29.160
will be better suited for the problem
you're having. So absolutely nice, all

446
00:31:29.240 --> 00:31:30.880
right, Well, the last part
of the show is picks, and we

447
00:31:30.920 --> 00:31:36.519
did picks on Adventures in Angular as
well, So picks are just anything you

448
00:31:36.559 --> 00:31:40.119
want to shout out about for the
show. I'm going to throw out a

449
00:31:40.160 --> 00:31:45.599
couple of picks myself and then I'll
let you go for it. One that's

450
00:31:45.640 --> 00:31:51.559
related to security that I enjoyed quite
a bit is a book. It's called

451
00:31:51.599 --> 00:31:55.839
Ghost in the Wires, and I
can't remember the name of the author,

452
00:31:56.559 --> 00:32:00.599
but he was he was a hacker. He did like phone freaking and stuff

453
00:32:00.640 --> 00:32:05.519
way back in the nineties, right
with a whistle or something. But he

454
00:32:05.640 --> 00:32:07.839
talks quite a bit about, hey, this is how we got past the

455
00:32:07.880 --> 00:32:12.400
security with this company or that company. And it was amazing to me too,

456
00:32:12.559 --> 00:32:16.759
just how often the security breach happened
because he got through to somebody and

457
00:32:16.799 --> 00:32:22.000
convinced them that he was legit as
opposed to you know, some of these

458
00:32:22.079 --> 00:32:30.079
more automatable technological things that we talk
about, and I think as we get

459
00:32:30.119 --> 00:32:32.720
further and further down the pipe of
security, you know, because I mean

460
00:32:32.759 --> 00:32:37.519
we've seen major breaches from big companies, and you know, some of them

461
00:32:37.599 --> 00:32:40.799
are, Yeah, it's technical.
They didn't update their library or whatever.

462
00:32:42.680 --> 00:32:45.720
I think Equifax was Equifax, Yes, yes, you know, and it

463
00:32:45.759 --> 00:32:49.440
was because they didn't update their database
engine or something. I mean, it

464
00:32:49.480 --> 00:32:52.119
was it was a dumb thing,
right, But a lot of them is

465
00:32:52.559 --> 00:32:54.519
they get the name of somebody in
the company, they called some call somebody

466
00:32:54.559 --> 00:32:59.039
else in the company and they say, hey, I'm Joe from this team,

467
00:32:59.559 --> 00:33:02.519
and you know, I need my
password reset to the server. And

468
00:33:02.559 --> 00:33:08.039
then they're in and so yes for
me, Yeah, yeah, really effective

469
00:33:08.079 --> 00:33:13.960
technique. It's yeah, you see
it everywhere. And the latest incarnation is

470
00:33:13.960 --> 00:33:16.720
this thing called CEO fraud where they
convinced the financial department to wire like a

471
00:33:16.720 --> 00:33:22.799
million dollars to do an account and
it's not a legitimate account, so off

472
00:33:22.839 --> 00:33:27.680
the money goes and yeah absolutely,
yeah, So yeah, it's it's stuff

473
00:33:27.720 --> 00:33:31.440
like that that kind of gets me
going, huh interesting. So yeah,

474
00:33:31.799 --> 00:33:35.480
so I'm gonna pick that because the
book was just way fun. And then

475
00:33:35.559 --> 00:33:39.559
yeah, as far as you know
the cooking goes, I find a lot

476
00:33:39.599 --> 00:33:45.640
of recipes on allrecipes dot com.
I have. I have a cookie recipe

477
00:33:45.640 --> 00:33:47.559
that I'm famous for that I got
off of that website. And it's funny

478
00:33:47.559 --> 00:33:50.599
because people are like, wow,
where'd you learn to make these? And

479
00:33:50.640 --> 00:33:54.680
I'm like, here's the app?
All right, So so I really love

480
00:33:54.759 --> 00:33:59.880
that. And then yeah, I
just I absolutely love having a smoker.

481
00:34:00.319 --> 00:34:07.400
And it was a cheap deal at
Walmart and I'll have to find the actual

482
00:34:07.480 --> 00:34:09.840
model, and you know, you
can get one for like one hundred and

483
00:34:09.880 --> 00:34:15.079
fifty bucks. The suweed machines are
also pretty inexpensive. I have an Enava,

484
00:34:15.039 --> 00:34:20.280
yes su Lead I haven't over as
well, So yeah, it's pretty

485
00:34:20.320 --> 00:34:22.880
cool. So I'll pick those.
Why don't you go ahead and throw some

486
00:34:22.920 --> 00:34:25.880
picks at us? All right,
So let me big a security topic.

487
00:34:27.880 --> 00:34:31.840
Let me give a shout out to
let's encrypt, which is a certificate authority

488
00:34:31.840 --> 00:34:36.760
handing out certificates for everyone for free. So they automated the whole process and

489
00:34:37.320 --> 00:34:40.000
they make it possible for everyone to
deploy everything over HPS. Basically, so

490
00:34:40.280 --> 00:34:45.119
even if you have a simple recipe
website that nobody really cares about with let'son

491
00:34:45.159 --> 00:34:50.840
crypt it can deploy this over HPS
with zero effort and with zero costs.

492
00:34:50.880 --> 00:34:54.719
So that's definitely a big step forward. So they're a driving force behind the

493
00:34:54.760 --> 00:35:00.559
growth of HPS from about thirty percent
to seventy eighty percent we're at today.

494
00:35:00.599 --> 00:35:07.719
So that's definitely a massive, massive
effort and really much needed in today's world.

495
00:35:08.280 --> 00:35:13.519
And then for the cooking stuff,
I want to give a shout out

496
00:35:13.519 --> 00:35:17.000
to a Belgian company called food Pairing, and what they actually do is they

497
00:35:17.079 --> 00:35:24.000
have like an an application where you
can create recipes by pairing different foods together.

498
00:35:24.119 --> 00:35:27.840
So essentially you start with like a
main ingredient, like I want to

499
00:35:27.880 --> 00:35:30.599
do something with the shoulder rows,
so you pick the pork meat and you

500
00:35:30.719 --> 00:35:36.119
start from there and based on the
aromas they they have analyzed an in the

501
00:35:36.239 --> 00:35:38.599
lab that different foods and they will
say like, okay, these foods fit

502
00:35:38.679 --> 00:35:42.760
well with pork, and you can
start selecting like oh I want to use

503
00:35:43.079 --> 00:35:45.679
this vegetable or maybe this type of
booze or I want to use this or

504
00:35:45.719 --> 00:35:51.840
that, and as you further go
further down the line that the options become

505
00:35:51.920 --> 00:35:54.760
kind of smaller because you want everything
to fit together, or you might want

506
00:35:54.760 --> 00:35:59.039
some contrast in there, and they
give you the option to select all of

507
00:35:59.079 --> 00:36:04.199
that basically from a huge list of
ingredients. So I actually use that when

508
00:36:04.199 --> 00:36:08.039
I'm creating dishes for Christmas or something
like I'm going to do this, like

509
00:36:08.320 --> 00:36:10.920
a piece soup, So what would
go well with pea soup? And like,

510
00:36:10.920 --> 00:36:15.280
oh yeah, pork meat And then
we dive into pork meat and it's

511
00:36:15.280 --> 00:36:17.039
like, Okay, what herbs would
go well with that? And it's and

512
00:36:17.079 --> 00:36:22.039
based on that you can really come
up with some cool stuff. So yeah,

513
00:36:22.079 --> 00:36:30.159
that's that's actually pretty awesome. Nice
all right, Well, yeah,

514
00:36:30.239 --> 00:36:32.400
I think we've covered everything. People
know where to find you. Definitely you

515
00:36:32.440 --> 00:36:37.199
want to give us your website again? Just yeah, so it's Pragmatic web

516
00:36:37.239 --> 00:36:42.320
Security dot com. Everything is all
right, and yeah, I'm just getting

517
00:36:42.320 --> 00:36:45.840
the links to my picks in the
chat so people can sort of wind up

518
00:36:45.880 --> 00:36:52.760
in the show notes. But yeah, where we are looking for hosts and

519
00:36:52.119 --> 00:36:58.280
sponsors for Adventures in Angular and some
of the other shows. So if you're

520
00:36:58.280 --> 00:37:01.719
interested, you can just find me
on Twitter. It's Chuck or sorry C

521
00:37:01.800 --> 00:37:06.719
max W cmaxw on Twitter. Just
send me a DM. My dms are

522
00:37:06.719 --> 00:37:09.719
open and I'll respond and I'll let
you know how to schedule a time to

523
00:37:09.840 --> 00:37:14.840
chat. If you have ideas for
adventures in Angular as far as topics,

524
00:37:15.679 --> 00:37:19.960
people can let me know in the
same way. And yeah, go check

525
00:37:20.000 --> 00:37:22.400
out my book, The Max Coder's
Guide to Finding Your Dream Developer Job,

526
00:37:24.199 --> 00:37:28.360
and that is now out in paperback. Of course, by the time this

527
00:37:28.480 --> 00:37:31.760
goes live, I think the audiobook
will be out there too. So anyway,

528
00:37:31.840 --> 00:37:35.320
just throwing a bunch of stuff out
there because I get asked about it.

529
00:37:35.519 --> 00:37:37.639
And yeah, people can find all
that stuff there. Thanks for coming,

530
00:37:37.679 --> 00:37:43.119
Philip, my pleasure. Thanks for
having me. All right, Well,

531
00:37:43.159 --> 00:37:45.519
next time I'm in Belgium, or
I guess the first time I'm in

532
00:37:45.559 --> 00:37:49.519
Belgium, I'll let you know,
and yeah, we'll see what we can

533
00:37:49.760 --> 00:37:52.239
see when we can get together.
Yeah, absolutely if I'm in the country.

534
00:37:52.280 --> 00:37:55.519
So it's always hard to but sure, give me a shout out and

535
00:37:55.519 --> 00:38:00.320
we'll see what happens. All right, sounds good? All right. Links

536
00:38:00.360 --> 00:38:04.679
in the notes as well, so
you can link to that in the talknotes

537
00:38:04.719 --> 00:38:07.679
and everything is there. All right? Sounds good? Hey, max out

538
00:38:07.679 --> 00:38:12.880
everybody. Bandwidth for this segment is
provided by cash fly, the world's fastest

539
00:38:12.880 --> 00:38:16.400
CDN. Delivery your content fast with
cash Fly. Visit c A C H

540
00:38:16.519 --> 00:38:19.800
E F l Y dot com to
learn more