If there’s one thing Charlie Gerard knows, it’s the power of promoting yourself over waiting for someone to hand it to you. Charlie is a Senior Developer Advocate at Stripe and author of TensorFlow.js for Web Developers. In this episode, Cassidy, Zach, and Charlie discuss being your own cheerleader, why it’s smart to dumb things down, and what they’re most excited about in the world of software development.
If there’s one thing Charlie Gerard knows, it’s the power of promoting yourself over waiting for someone to hand it to you. Charlie is a Senior Developer Advocate at Stripe and author of TensorFlow.js for Web Developers.
In this episode, Cassidy, Zach, and Charlie discuss being your own cheerleader, why it’s smart to dumb things down, and what they’re most excited about in the world of software development.
-------------------
Episode Timestamps:
(04:35): Charlie’s day-to-day at Stripe
(07:46): What got Charlie into the industry
(12:09): Rapid Fire Questions
(19:17): Random Segment Generator
(28:30): What Charlie is excited about in the software development world
(33:40): Cassidy’s Sage Advice
-------------------
“You have to basically be your own cheerleader and track your own work. I feel like that's a skill we should probably teach people as well. How to promote your work in the right way or how to ask questions in your company to figure out what you should focus on, if your goal is to be promoted.” – Charlie Gerard
-------------------
Links:
The Dev Morning Show (At Night) YouTube Page
Cassidy William...: Hello everybody and welcome to The Dev Morning Show (At Night). I am your host, Cassidy Williams, and I am accompanied by my lovely co-host, Zach Plata. Hey, Zach.
Zach Plata: Hey, Cass. How was your weekend?
Cassidy William...: So good, I learned about moose this weekend. The animal.
Zach Plata: Okay.
Cassidy William...: Not the hair product.
Zach Plata: Tell me a fun fact.
Cassidy William...: I'm going to tell you so many fun facts. Did you know that a moose can dive 20 feet into water? And these are big creatures, their antlers can go up to six feet wide and they can weigh up to 1,800 pounds and they dive. They physically close their nostrils, dive and just eat on the bottom of bodies of water.
Zach Plata: This is terrifying.
Cassidy William...: It's amazing, moose are amazing. Anyway, hey Charlie. Charlie Gerard is our guest today. She's a senior developer advocate at Stripe and she also wrote a book about machine learning, Practical Machine Learning in JavaScript. Charlie, hello. Welcome to the show. Do you know about moose?
Charlie Gerard: Hi. Well, now I know about moose and I have to admit, I'm a bit envious of the whole, you can close your nostrils. I mean, I wish I could do that. I can make them bigger, but I can't close them.
Cassidy William...: Yeah, I thought that was a really interesting thing that they can do. Yeah, it's very practical, because we can do this, but imagine being able to do that and then bob for apples.
Charlie Gerard: Yeah. Just go.
Zach Plata: Yeah.
Cassidy William...: Be like a moose.
Charlie Gerard: That's my new superpower I wish I had.
Cassidy William...: Yeah, that's going to be the one that you bring up whenever people are like, "What superpower would you want?" People are like, "I'd like to fly, I'd like to be invisible." I'd like to close my nostrils.
Zach Plata: I bet it is one of those weird talents that you'll probably see on America's Got Talent or something like that.
Cassidy William...: Oh yeah, someone just...
Charlie Gerard: That's it.
Cassidy William...: I'd be impressed. Well, anyway. Charlie, you're very cool, what are you working on right now?
Charlie Gerard: You mean at work or on the site?
Cassidy William...: Both.
Charlie Gerard: Or both? Both, ooh. Well, at Stripe, at the moment I'm focusing a lot on the Stripe samples that we have on GitHub. A lot of our stuff are open source to let people understand how to use different products. I noticed that there were a few improvements that could be made there. I usually like to contribute to open source, so I'm focusing on that at the moment.
Outside of work, I have gained an interest in learning more about security. I started looking into it and then it gave me that feeling that I had when I just started programming, where it was like, "Oh, my God, this whole world that I know nothing about." Yeah, I have very limited free time, but I'm trying to learn a bit more about that.
Cassidy William...: That's awesome. You always have the coolest side projects probably I've ever seen ever. Just ooh.
Charlie Gerard: Yeah, keep going.
Cassidy William...: Stop, please. But Zach, for some context on Charlie, she's probably the most creative developer I've ever seen. Whenever you see her conference talks, she's just like, "I'm going to make it so if I do this hand motion, I pay someone with PayPal or Stripe or something. Or if I go-"
Charlie Gerard: Yeah, Stripe.
Cassidy William...: "Stripey Stripe. Or if I go like this, all of a sudden I'll be drumming." Or you made oh, what was it? Beat Saber in the browser with your arms.
Zach Plata: Oh my word I would love that.
Cassidy William...: It's incredible.
Zach Plata: Is that a game I can play right now?
Charlie Gerard: Yeah. I mean think it's still... It was hosted on Netlify so it probably still exists.
Zach Plata: Perfect. I'll hit you up after this.
Cassidy William...: Yeah. We'll drop it in the show notes and everything. Okay. It is time to talk about our sponsors.
Zach Plata: The Dev Morning Show (At Night) is a sponsored podcast. I mean, someone has to pay the bills around here. We're sponsored by LaunchDarkly and LaunchDarkly is the first scalable feature management platform. That means dev teams can innovate and get better software to customers faster. How? By gradually releasing new software features and shipping code whenever they want, fast tracking their journeys to the cloud and building stronger relationships with business teams. Thanks for the money LaunchDarkly.
Cassidy William...: Charlie, what is your typical day at Stripe? You mentioned what you're work on with all of the samples and everything, but is it mostly coding things? Is it speaking? Is it writing? Is it a combination of all the above?
Charlie Gerard: Well as a dev advocate, it is definitely a combination of all the above. I think at the moment, I'm a bit lucky that I can really arrange the work that I do the way that I want, because I'm not yet completely comfortable going back to conferences. So I focus a lot on blog posts at the moment because it's still sharing knowledge and writing code and things that people can read even if it's not in person.
Some advocates, they prefer doing video stuff, but I cringe quite a lot recording myself. So it's something I want to get better at, but I won't have to edit so it's fine. I want to get better at it so I think that job is good. I actually took it because I wanted to push myself to do that. But at the moment it's more blog posts and code samples. And when I'm a bit more comfortable than I want to get back out there on stage.
And a demo is always more fun when you can do it live on stage. So yeah, definitely a mix of a lot of different things as long as it's related to Stripe and teaching people about the products that we have or how to start your own business online, as long as it's remotely related to creating some kind of business online, then it I'm free to come up with whatever idea, which is cool. I like that.
Cassidy William...: And allows for a lot of creativity too.
Charlie Gerard: Yeah.
Zach Plata: So regarding your day to day workspace, what kind of tools do you use on the daily?
Charlie Gerard: So I'm very simple. I'm not the type of person who's going to customize everything. So I just use iTerm and with Z shell and VS Code and my browser and that's pretty much it. I don't even have a custom theme or anything cause I think when I get excited about something-
Cassidy William...: Wow. No, themes?
Charlie Gerard: Well just the default.
Cassidy William...: Yeah.
Charlie Gerard: I know. It makes me feel like I'm not a real dev, but it's more that I guess most of the time I'm just excited about building something and I feel like I just want to get the thing done. But sometimes when I see other people's set up, I think it looks really pretty, but that's my lazy part is on doing that.
Cassidy William...: Well, there's also that and mildly distracting depending on how pretty it is, because there's been some themes where I'm just like, I like this so much that I don't want to use it because I just keep looking at how pretty it is and I don't actually build anything.
Zach Plata: But I'm right there with you, Charlie. I'm very much a plain default settings person. But then I think Cassidy was showing me her Obsidian themes and I was like, "Okay, this looks really cool." And sometimes I'm inspired was
Charlie Gerard: There are themes in Obsidian?
Cassidy William...: Oh Charlie don't get me started. There's so many themes in Obsidian.
Charlie Gerard: Right. You'll have to show me that.
Cassidy William...: I made one too. It's called Card Stack. It's open source. You can find it.
Charlie Gerard: Okay.
Cassidy William...: Anyway,
Zach Plata: You get inspired.
Cassidy William...: Yes. Yes, exactly. But Charlie, going back, what got you into the industry in the first place because you have such a creative look at coding, it feels like you have been an artist in another life because you do such cool things with it.
Charlie Gerard: Maybe I was. Actually I come from a marketing background. I never saw myself as a creative person, which is interesting because I only thought I ever was just very strategic and logical and I had no skill for anything artistic. And it's only when I started learning to code that I realized that maybe that was my medium.
I'm not very good at drawing unless I have help from the tools on iPad and stuff like that. But free hand stuff, I'm terrible. But from working in marketing, it wasn't something that I was super excited about. I think studying marketing and advertising was really interesting, but then the job, it was very different. It was a lot more project management than anything else, which, it's important that's a job that needs to be done.
But for me, I was working with developers and I was looking at what they were doing. And I think it was the beginning of 3D in the browser with 3JS. So about eight to 10 years ago. And that was like, "Oh, I didn't know you could do that on website. And it's cool. And so interactive." And I think seeing what they were doing, I already wanted to give it a try, but learning outside of work when I had no framework of where to start... I didn't even know how to add JavaScript to a website.
Cassidy William...: Oh man.
Charlie Gerard: This is really how... I knew about HTML tags, but I was like, "How do you add the JavaScript?"
Cassidy William...: Just put it in.
Charlie Gerard: So I did a bootcamp. But when you don't know something, I feel the same now when I'm looking at security and I'm like, "Well, I don't know anything so where do I start?" And it's about finding maybe certain frameworks that guide you into what to learn. So yeah, after the bootcamp, I realized, "Whoa, this is so cool." Even in my bootcamp, this is where I started doing a bit of 3D in the browser just on my own. It wasn't part of the bootcamp, but we had projects to make and I didn't want to make it to the list. I was like, I need to be excited. So I want to try what's out there.
And I was studying doing a hardware with JavaScript as well. And I think from there, it was this new world where I was like, whoa, I can really create whatever I want. I have an idea and I don't have to wait for somebody else to do it. And I feel like when I was in marketing, it was maybe that frustrating thing where I was like, "Oh, the client really needs this," and the developers were like, "Well, I'm busy with something else." Now I can just do it all.
Zach Plata: Yeah.
Charlie Gerard: So yeah.
Cassidy William...: That's awesome though. I feel like even those who don't consider themselves very creative developers, but so many of the creative devs I know come from a background where they just were like, "Wait, that kind of looks cool." And then they start learning it themselves and figuring it out. And I feel like that's how you best learn something when you figure it out on your own rather than just being given a textbook. Go, learn it. And not getting that practical exploration.
Charlie Gerard: Yeah. I think it's very standardized. Yeah. I think when you see material given to you in a course, it is for you to get a job at the end. So it's usually very, very practical and I feel it's quite restrictive, whereas... Or maybe it's the way I learn, I need to be excited to not be lazy about it. Cause if I find it boring, I'm just going to procrastinate, push it as further I can. But when I'm excited about something, then there's no stopping me. I won't stop until it's done. And that's a feeling that I like, so... But yeah, everybody likes different things. So, yeah.
Cassidy William...: I feel that way with my side projects where, there are parts of it where I say, I know how to do it, I know that I can learn this thing, but that's not as exciting as the pretty CSS or figuring out how to do this fun animation or something like that.
Zach Plata: Totally. I think there needs to be more of that in day to day work. The creativity side of things where you're not worried about, is this the right thing to do? Or I need to check on this resource to see if this is how everyone does it. But it's just kind of, "I'll just figure it out and do the thing." And then eventually I'll figure it out later.
Cassidy William...: Yeah. Okay. It is time for rapid fire questions. We are going to rapidly ask you questions and I'm excited to hear your answers. First of all, we all have domain names or five, 10, however many domain names that we're squatting on. What are yours?
Charlie Gerard: I actually only have one and it's my personal site. I'm very boring.
Cassidy William...: Wow, good for you though.
Zach Plata: Next question is what is the most recent thing you over optimized?
Charlie Gerard: So I think it's one of my latest projects about ultrasonic payments. It took me a while to write that blog post because I wanted it to be perfect because I've known about this for a while, but explaining it to people who don't know is... I definitely feel like I over optimized that. I asked my team members for feedback and I had 50 comments and I wanted to give up. I was like, "I'm done." But in the end it was like, I asked for feedback. So I really appreciated it. But at Stripe, people are very nit picky. And I feel like I definitely over optimized. People don't feel it when they read it, but I feel like I rewrote this thing a hundred times, but I loved it in the end. It was fun.
Cassidy William...: And also, could you please explain what ultrasonic payments is? I read your blog post, so I know, but for those who haven't.
Charlie Gerard: Okay. Yeah. It's using ultrasonic data transmissions so sending data via sound waves. And what I did is sending a Stripe payment link from an offline device to my phone using the microphone and the speaker. So what I wanted to do at the beginning was to transfer my card details encrypted or not so just a prototype, but I didn't have the time to do that. So I'm just sending a payment link. So you can basically have some kind of payment between offline devices. And you could repurpose that for whatever you want. Just, I don't know, send images between your phone and your laptop with sound.
Cassidy William...: Memes.
Charlie Gerard: Yeah. You can just redo that. Yeah.
Cassidy William...: That blows my mind. The fact that that kind of information can be translated audibly. Granted, we are speaking, we're transmitting audio. So interesting how that all is possible.
Charlie Gerard: It is. I love the whole invisible data. How everything that is some kind of waves like lights or sound or anything can actually be used to transfer data. That's fun.
Cassidy William...: Incredible.
Zach Plata: Definitely.
Cassidy William...: Okay. Oh, next question. What's your golden rule for coding?
Charlie Gerard: So I think there's a phrase, but I forgot it. It's kind of, make it work and then refactor. I'm a very much fan of just make it work. It's probably ugly at first, but just do it and then figure out how to refactor it. And sometimes you just don't refactor it, but that's fine, it works. So I think there's a proper phrase, but to me it's definitely my golden rule.
Cassidy William...: Yeah. Well, proper phrase or not, the concept is still there. Just get it working. You can always fix it. Yeah.
Zach Plata: What's your favorite, it depends question?
Charlie Gerard: It's when people ask me about career advice or tech to learn. I always like, "I don't know. I don't even know where I'm going. So I don't think I can tell you where you should go." But yeah, it's probably one of my favorite it depends. Cause I do want to help people, but it's no prepackaged solution about what you should do with your life or what you should learn. I wish people were just trying to figure out what they want to do, but I understand also asking other people question.
Cassidy William...: You want to be able to offer guidance, but it truly is an it depends question because they can do anything. What is the oldest piece of tech that you own?
Charlie Gerard: So I moved to a lot over the past few years, so there's a lot of stuff I don't have anymore, but I think that right now, the oldest thing I have is an old MacBook pro from 2010.
Cassidy William...: Oh wow, that is an old one.
Charlie Gerard: White MacBook... It doesn't turn on anymore, but I kept it-
Cassidy William...: Just in case.
Charlie Gerard: I don't know if I would ever use the PC. If I can do something with it one day, put in a museum or something.
Cassidy William...: Sure.
Zach Plata: Love that. All right. Have you written a piece of cringy code and if you have lately, what was it?
Charlie Gerard: I think I always write cringy code. I think all my side projects have a bit of cringy code in it, but I think probably the worst was one of my first projects where it was an animation of cats across the screen. And all the logic was just if statements after if statements. And I looked back at it maybe a few years ago and I was like, "Wow, I've come a long way, but I don't want to look at it anymore." It's done, it's in the past.
Cassidy William...: That's a good way of looking at it though. I've come a long way. Because then yeah, I feel like it's healthy to look at anything you've ever written and cringe a little, because that means growth.
Charlie Gerard: It's funny because I could refactor it because it's public. So people could look back at it and be like, "Ooh, she's a terrible developer." But in the end, I'm not going to refactor it. It's a side project. And also it's fun to look back and be like, "Whoa, I wrote that after a few weeks of learning to code and now I would definitely not rewrite it the same way, but it's fun that again, I made it work and I never refactored it."
Cassidy William...: It works. Yeah. What's your favorite programming pun?
Charlie Gerard: I don't have any, but I know you do have a lot.
Cassidy William...: Twist my arm why don't you?
Charlie Gerard: Help me here.
Cassidy William...: There's so many options, I'm on the spot.
Zach Plata: The tables have turned.
Cassidy William...: Oh gosh, I actually am on this spot now and I'm panicking.
Charlie Gerard: That's fine. It's rapid fire.
Cassidy William...: Rapid fire.
Charlie Gerard: There has to be something about spaghetti code. Pasta? Oh the favorite meal, spaghetti code. I don't know.
Cassidy William...: Okay. Spaghetti code. I'll do one that's very specific to you. So it was a very patriotic choice that Stripe made to hire you Charlie, because you are a star. Stars and Stripes.
Charlie Gerard: Oh my God.
Cassidy William...: I'll take it.
Zach Plata: The sound effect.
Charlie Gerard: Yeah.
Zach Plata: Awesome. All right. And then last question. What's your most used emoji?
Charlie Gerard: I always use the smiley face with the tears because I laugh a lot. I take not that many things that seriously. And I think in every of my tweets or texts, there's always that face.
Zach Plata: It's a popular one.
Cassidy William...: A good one. It's a classic and it's also good to-
Charlie Gerard: And it's nice. It's like, "ha!"
Zach Plata: Yeah.
Cassidy William...: It's also good to decorate any sarcasm just in case it's lost in translation in text.
Charlie Gerard: Definitely.
Cassidy William...: All right. And it is now time for our random segment generator. We're going to go through some options and see what random segments might pop up. And this first one is, spill some tea. What's something that's overrated or underrated in the developer community?
Charlie Gerard: So I think to me, I mean, I don't know if it's spilling some tea, but it really annoys me when if something looks like fun or easy to understand, people think that it's not smart. That makes my blood boil every time. I've given talks or I've written things where people come and tell me after that, it's like, "Oh, it's nice to have a non-technical talk." And I'm just like, there was code on almost every slide. What is not technical?
Because I could make what I do very complicated if I wanted to, I could not bother to explain and I could use a lot of buzz words, but that's not what I want to do. And the hard work is to make it actually something that most people can understand. And I feel like that's completely forgotten. People are just like, "Oh I can understand this. So it must not be smart." It's like, "Well actually it was very smart to make it accessible, thank you very much." But yeah, it really annoys me because then I feel like people might fall back into the, "Oh, I'm not going to make the work to explain because it's going to make me look smart if it's complicated." I don't see the point. So yeah, this is my end of rent.
Zach Plata: Moving on to the next segment. We have 404s and heartbreak. So we'll talk about what's something that was taken off the internet or there's a page not found that you really miss.
Charlie Gerard: So I don't know if you remember this, because I don't know if it was very popular at the time, but do you remember the program SETI@home?
Cassidy William...: No.
Zach Plata: No.
Charlie Gerard: Ooh. I've going to explain it to you.
Zach Plata: I can't wait.
Charlie Gerard: Ooh. So it was a program, I forgot if it was NASA or a university, where people could download a program on their laptop that was basically being fed data from satellites and to then find extraterrestrial life. So I think SETI is maybe software for extraterrestrial... Yeah. I'll send the link.
But I think that last year they actually stopped letting people get data on their laptop. So I think you can't download the program anymore. If you had it before, you can probably still open it, but I didn't download it on my laptop so I think now it's not really accessible and they stopped it because they had collected data for probably more than 10 years. And now it's time for them to actually analyze it with machine learning and find if there was any signal coming from other planets or whatever that could potentially be extraterrestrial life.
But yeah, it was in the news last year. It made me sad that they stopped because it was this really cool... You could run it as a screensaver. And it reminded me that my dad had that when I was a kid. It had cool colors, there was basically a 3D graph of a spectrum and you could see it was moving live because it was getting data that then... It was basically kind of like an old peer to peer network. Every computer was a node and it was then sending the data back because I guess the university or, I forgot the organization that was doing that, didn't have enough computer power to actually do it all on its own. So it was spreading it across everybody who had the software.
And I just like the project. You're contributing to potentially finding extraterrestrial life out there. So they stopped now. But who knows, if there's result in the data in the end, if they find something, that'd be really cool. Yeah.
Cassidy William...: So cool. Even if nothing comes from it, what a cool community thing that some people could participate in.
Charlie Gerard: I wish they had let people still do it, but just maybe didn't collect the data or whatever. I don't know. I could have had the data and run machine learning on it.
Cassidy William...: You could have found an alien. It might have been ultrasonic. I'm glad that we talked about both moose and aliens on this podcast. And finally, our last segment is launch lightly, crash darkly and owed to our lovely sponsors. What is your advice Charlie, for someone just getting started out in software development, dev stuff in general?
Charlie Gerard: So usually I would kind of want to say, don't believe the hype, but I know that it's hard because when you get started in the industry, I think you're probably very influenced by everything that you see around. But a lot of the times, especially if your resources is Twitter, people always talk about the new buzz thing.
And it's never really what you should focus on when you start. But I know that it's hard when you just starting in the industry and you don't really know what to focus on, but I wish that people entering the industry would not maybe stress too much about that or about, "Oh, this random person that I've never met said, I should learn this so I'm going to learn this." And I get there's a lot of bad advice out there, but here I am giving advice so I don't know, maybe my advice is bad too.
But at some point when the whole Web3 thing was exploding, I saw so many tweets that were saying, "If you're entering the industry, you should learn this, this and all of these tools." And now that crypto is crashing a little bit and there's not that many jobs in there and I wouldn't really trust it right now. I hope that people didn't spend too much time really focusing on that. I think educating yourself and understanding maybe difference between tools, that's cool. But we change tools so often that you'll be fine no matter what, I think. I still haven't written a line of TypeScript and I have a job. But maybe I'm very privileged. I've been in the industry for eight years so maybe now it's different, but a job of-
Cassidy William...: You're very privileged to not have to write TypeScript.
Charlie Gerard: Yeah. I can understand why it can be useful, but I've been fine not learning any TypeScript. And I hope that people are not going to hate me for this, but it's okay. I can understand what it does-
Cassidy William...: It has its place. Yeah.
Zach Plata: Definitely.
Charlie Gerard: Yeah, if I needed to, I would learn it, but I think there's more important things for me at least.
Cassidy William...: Well, and I know Zach uses it, but it's a library that you all are building.
Zach Plata: Yeah. I find that it's good for documentation and people trying to use your library, but especially if you're working with small code snippets or just building something for a blog or a simple coding app or something like that, it's just sometimes simpler just to see things condensed and in its raw form. I think that's equally as powerful too. So I totally agree there. All right. If you could undo one thing in your career, what would it be?
Charlie Gerard: I mean, I don't know if it's career or life in general, but it's when I was raised to believe that meritocracy is real. And I wish I undid that many years ago because I feel like when you believe that if you work hard, then you'll be promoted or whatever, it can be really heartbreaking when you work hard for so many years and you realize that promotions are not actually really tied to that.
And there's a political game to play in every company. And I wish that if I had known that before, I wouldn't have waited for somebody to hand me a promotion and be like, "Oh Charlie, you're doing such a great job," because that never happens. Now I know that you have to go and ask for it and you have to basically be your own cheerleader and track your own work and it's not something I like to do. It doesn't come naturally to me at all.
But I wish that... I mean, if I had known years ago that it works that way, then I could have grown that skill as well to promote yourself in a better way. And maybe my career would've been different and I just wish that we didn't keep broadcasting that message of, if you work hard, it's just going to happen. Because it doesn't. I feel like that's the skill we should probably teach people as well. How to promote your work in the right way or how to understand... How to ask questions in your company to figure out what you should focus on if your goal is to be promoted or all that stuff. Yeah. Now I know at least.
Cassidy William...: I think in an ideal world that would be true. If everything were fair in the world, that would be true. Where you work hard, you get the promo, done. But I think you're right. Documenting what you do and being able to push for yourself, it's a weird political game that depending on where you work, you have to play it more than other companies. But anyway, on a more fun note, what are you excited about right now in the world of software development?
Charlie Gerard: Well, as I mentioned at the beginning, the whole security part of the tech field is something I'm excited in. And I mean, personally the way I've been learning about it is, in JavaScript, I do everything in JavaScript. So I've mostly been trying to do things in OGS and specifically in open source security, because the more I look into it, the more I realize, how are we really using all of these packages that we have no control over that I had never read the source code of any other thing that I use.
And I experimented with adding [inaudible 00:29:13] somewhere in an OGS module and networks. And then I added what's called a reverse shell. So in one line of code, you can actually open some kind of connection between somebody else's computer and yours that would give me complete access to their file system.
Not anything that would run with pseudo because you would have to know the person's password, but it means that if somebody installs the fake package that I wrote, it gives me direct access to their laptop and they have no idea. So I could encrypt everything or I could look at all of their files or pictures or I could then I don't know, install a key logger and have really everything that they're typing. And that's easy to do and quite easy to hide considering that nobody checks the source code of the packages that they use.
So I think that that's super interesting as I'm opening this door to a world that I didn't really know before and tying it back to open source and JavaScript means that that's my entry way into learning about that. Because I learn by building things so if I wasn't able to do that, I wouldn't really know how to guide myself into learning more about that. But it's scary, but also super exciting. I'm like, "Ooh, what's next?" I don't really know what my next step, but yeah, it's really interesting. I like that.
Cassidy William...: It's like you're a spy.
Charlie Gerard: Yeah. I can do bad things. For educational purposes.
Cassidy William...: For educational purposes.
Charlie Gerard: I mean, it's important to say I'm not actually trying to steal anything. I'm always interested in understanding how things work. So now I have become a bit more cautious about the tools that I use and even at Stripe, when Dependabot opens PRs for updates on packages, I look more at the changes. I don't just trust the change log because sometimes they're not very explicit.
Cassidy William...: You never know.
Charlie Gerard: Yeah. But I look at actually the code changes and at some point actually there was an update to an ES2, I think it was ES linked and the PR was fixing actually a security issue that was there. So it's interesting to be reading that. It kind of forces me to look more into the source code of the tools I'm using which is... Learning doesn't always come from writing code, it also comes from reading it. So yeah, it's been interesting. And interesting [inaudible 00:31:41].
Cassidy William...: Well, and it's also one of those things where if you know how the attackers do it, then you can defend against it. And so learning about security, it is a scary thing because you're just like, "Oh the implications of this are not good," but if you learn it, then you can be better prepared to defend against it.
Charlie Gerard: And to me that's a really important thing because there are a lot of people that there who will do it for bad stuff either to blackmail or steal or whatever. And I feel like people need to be aware of how to defend themselves so that they can make the choice to do it or not do it. But at the moment, if you don't know, then your default choice is to not protect yourself. And I don't really like that as a default and yeah, at the moment I'm talking to... I mean, when I write blog posts, my audience is developers, but I think it would be important to also kind of broaden it a little bit because you can hide stuff in PDFs and I didn't know that. But I was just like, "I just download PDFs left, right and center." So I don't know in it.
Cassidy William...: It's a PDF, what could go wrong?
Zach Plata: The whole security thing, I think sometimes I take it for granted or I would just add another dependency to the project or whatever. But then you come across, what was that event that happened a year ago with the Java library log for J or something like that? It caused a huge-
Charlie Gerard: Yeah, it was Log4J.
Zach Plata: ... security thing that everyone had to have because everyone used this library and had everyone had to-
Cassidy William...: It just ruins the holidays for so many developers.
Zach Plata: They had to scramble to address the underlying issue. And it was hard because it was an open source project. No one was really... Or I think everyone was just kind of like, "Who's taking care of this?"
Cassidy William...: Right.
Zach Plata: But yeah. It's interesting to learn about these things for sure.
Cassidy William...: Yeah. All right, we are moving on to the sage advice part of whatever this thing is. Words are very difficult. If only I were like a moose where I could just take to ground running and outrun a human five days after being born.
Zach Plata: Just close your nostrils.
Cassidy William...: Close my nostrils. So that's what we got to do. Anyway-
Charlie Gerard: For COVID it would be good. You just close it and then, I mean, you breathe with your mouth. I mean you have to breathe at some point, right?
Cassidy William...: You do have to breathe at some point. They can hold their breath for a while. Anyway, outside of moose, for the humans out there who might need help defending themselves against it, you should explore more. I feel like some of the best learning that you do is when you are exploring something that you are interested in and when you're especially learning some kind of new technology or something, don't just go straight to what is the best way to do this? Or what are the Twitter thought leaders saying about this? What is the optimal way to make this thing?
Just kind of try it. Embrace that childlike wonder within you and try building something. And as it breaks, figure it out as you go. Because you will learn so much deeper anything that you're building when you solve it that way. That being said, Charlie, thank you so much for being here with us today.
Charlie Gerard: Thank you. Thanks for having me.
Zach Plata: Yeah. Thank you Charlie.
Cassidy William...: It was so fun. Where can people find you on the internet?
Charlie Gerard: Well, I have a Twitter. I'm less active on Twitter recently, but I'm still sometimes doom scroll. So I'm devdevcharlie on Twitter. And otherwise if you're interested in my projects or my blog posts, everything is on CharlieGerard.dev. And that's me.
Cassidy William...: Awesome.
Charlie Gerard: I'm Charlie Gerard or devdevcharlie everywhere. I mean, everywhere. Everywhere I have an account cause I'm everywhere. No.
Cassidy William...: Everywhere and nowhere all at once. You'll hear me and I'll already be in your house. And once again, because making podcast is expensive. This show is brought to you by LaunchDarkly. LaunchDarkly toggles peaks of 20 trillion feature flags each day and that number continues to grow and you should use them. You can head over to launchdarkly.com and learn about how. Thank you for making this show possible LaunchDarkly.
Zach Plata: Well I'm Zach and I work in developer relations at Rive. You can find me on Twitter @zachplata.
Cassidy William...: And I'm Cassidy Williams. You can find me @cassidoo, C-A-S-S-I-D-O-O, on most things. I do developer experience at Remote and OSS Capital and I like memes. You'll find us next time. Thanks for being here. And once again, thank you LaunchDarkly for being a really, really awesome sponsor of this show. LaunchDarkly lets you move fast, like a moose, which can run up to 35 miles per hour, speedy. Bye.