MAS 109: Philippe De Ryck - podcast episode cover

MAS 109: Philippe De Ryck

My Angular Story
Feb 04, 202038 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Philippe De Ryck is a web security expert out of Belgium. Philippe trains developers on building secure apps. Philippe started coding in high school and worked on system administration projects. He then went onto get a PhD in security. Along with security he also worked on development so when he is working with clients he can go through the code and point out security problems. Philippe also gives some tips to those who want to get started on security consulting. Philippe says its a mindset and a person just needs to dive in and start reading books and blogs about it to develop the approach. Host: Charles Max Wood Joined By Special Guest: Philippe De Ryck Sponsors ____________________________________________________________ "The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today! ____________________________________________________________ Links Picks Charles Max Wood: Philippe De Ryck:

Transcript

Hey everybody, and welcome to another episode of my Angular story. This week we're talking to Philippe de Reek. I hope I got somewhere in the ballpark there. Yeah, close enough. Sure it's Philip diek uh huh from living in Belgium. Very cool. Yeah, Belgium is one of those places that I would love to visit. I took some French in high school. My grandmother was from Lyon in France, so oh wow. Yeah, so I want to go back there and visit some places too. But this episode is

sponsored by Century dot Io. Recently I came across a great tool for tracking and monitoring problems in my apps. Then I asked them if they wanted to sponsor the show and allow me to share my experience with you. Century provides a terrific interface for keeping track of what's going on with my app. It also tracks releases so I can tell if what I deployed makes things better or worse. They give full stack traces and as much information as possible about the

situation and when the err occurred to help you track down the errors. Plus one thing I love, you can customize the context provided by Century, so if you're looking for specific information about the request you can provide it. It automatically scrubs passwords and secure information, and you can customize the scrubbing as well. Finally, it has a user feedback system built in that you can use to get information from your users. Oh and I also love that they support

open source to the point where they actually open source centry. If you want to self host it, use the code dev chat at centri dot io to get two months free on Century small plan. That's code dev chat at century dot io. Anyway, we're here to talk to you about you and get your story how you got into code and things like that. But before we do that, for those that didn't hear your adventures in Angular episode, do you want to just give a brief introduction who you are, what you do,

where you work. White people know you are sure. So I'm Philippe. I'm Basically what I do is I help companies build more secure rep applications.

Essentially, I'm more of a security expert. So if I would describe myself, I would say I'm security first and development second, because my main job is training other developers on how to build secure applications, and the focus there is always on security I consult with companies building complex systems and how they have to tackle security from the beginning and how to think about these things and what the current best practices are. So it's usually all security what I do,

but highly related to practical advice for developers. So it's not a security whereas like, yeah, that doesn't help us very much. It's concrete advice where you can actually go back to your application and start looking at the code to see like, this is actually secure and if not, these are the ways to build it out in a more secure way. And we talked about a lot of security topics in our adventures in Angler episode from last week, so that was definitely a lot of fun, and I'm sure this one is

going to be totally fun as well. Oh heck yeah. So give us a little bit about background. How did you get into programming. It's I've been doing this for a long time, so I guess when I was in my teens, Well, you were online. That was the early days of the Internet, as I like to call it. Even though it's already quite far in the Internet, it was pre broadband, so it was still IDN and dial up and all of that, and you had IRC channels, and

there was at that time was like a graphical I r C client. You could write some scripts for that, and that's actually what got me hooked to be built like a trivia but asking questions and playing games stuff like that, and from there it was kind of a logical transgression. So in high school when we had a computer science course, they drew something at me and I was like done with everything for one semester in two lessons, so I was like, give me more. I want to learn more, and just kept

going from there. So I did some system administration stuff when I was a student, wrote around in town on my bike going fixed to fix other people's computers for the university. So that was pretty cool, actually getting paid to do that as al so that was nice. And then started well, I studied computer science, did a PhD in security, and things just dove or moved on from there. So it's actually a very natural thing and it has been my number one thing that I've been doing for a long time now.

So yeah, nice that, that's awesome, and yeah, I remember those those days. I mean I got in the same way. I was doing it for the university as a student. Of course, we were we were supporting more of the infrastructure and server stuff, so we didn't go out and fix people's computers. We would log into the servers and fix that, or you know, occasionally we had to. Yeah, we'd jump in a car because the campus was rather large and drive out to fix some network switch somewhere

or order in a fix from another department or things like that. So yeah, yeah, that's absolutely awesome. Yeah, it wouldn't trust us with that critical infrastructure, I guess, but they were running their own student network and they had the support esk. Well they had a like a hell desk to call in and if they couldn't fix it over the phone, they would send

one of us out. And it was actually pretty cool. I got to see a lot of people and well, if you're lucky, you could fix a lot of problems in a short amount of time and you were done early and still get paid for full evening. So oh there you go. Pretty cool gig, Yeah, very cool. So how did you wind up? Did you do programming for a while and then get into security or did you get into security and then figure out the development stuff or how did that all

work out? It's it's always been a close mix so I would say that I was doing security first, but doing something on computers without really programming doesn't work well. So I actually started scripting and programming, but I quickly moved to security, and everything I did wasn't function of security. But I've I've built software, but usually it was focused on on security aspects or building out

security tools or something like that. And when I did my PhD, the same story actually kind of continued because I started working on this client side defense against a certain attack called a crosside request forgery, and we built it out in a browser plugin, so it was actually a real thing that you could install in a browser and it would actually prevent most of these attacks while trying

not to break scenarios that are legitimate. And that's that kind of further hone my skills because essentially, once when you're building stuff for your own or for technical people, it's kind of straightforward and well, you can cut some corners here and there, But if you're building something for users, it's it's a whole different ballpark, and learning how to build something that people can actually use, how how to make communication possible, how to reach out to them and

have them reach out to you, that's that's a whole different story. Sure. Yeah, So as you're learning this stuff, I mean, I've had a few people coming to me and say, hey, I want to do some of the security consulting and things like that, and they have no idea where to start. It seems like once you're in for a while and you get what's going on, and you you know, you understand the lingo and things like that, it's it's kind of easy to maintain your knowledge. You

know, you just make sure you're looking in the right places. But if somebody is trying to get started and trying to get the mindset that they need for this, how do they do that? I think getting started? But the mindset, I like how you put that, because to me, that's the most important thing. Having that mindset, and whether you apply it to web security or mobile security or physical security, it's it's basically the same mindset.

It's always thinking about how things can be abused, what can go wrong, things like that. How do you start? I know it's scary, but just dive in and start reading about security, and it's if it's a good book or a good article, it will have this mindset will be there. Kind of implicit, sometimes very explicit. Usually it's implicit the way things are explained, the way an argument is being built, and just by by reading and learning about that, you'll start seeing things in the same fashion.

But I think it only really works if you focus on the security aspects, and it doesn't happen that quickly if you're looking for a secure solution to your development problem. So it's I would I would recommend to focus on security specific resources first because that's going to give you a lot of the context you need. And then after that it's it's a matter of deciding what way you want to go in because there's so much and honestly, I haven't met anyone who's

able to cover everything security device, Okay, so it's insane. Yeah, that makes sense. So when you're talking about security specific solutions, or you're talking about like oh ASP or oh AS sure has a very useful set of resources absolutely so. AS is a nonprofit organization aiming to improve the state of security and software, and what they do is they basically create a very large community volunteers doing useful, useful stuff. They built useful documents, they built

code examples, tools, vulnerable applications. You can go out and heck things like that, and all of that is very useful. So yeah, there's definitely a bunch of information available there that can get you started, but apartment as there's also other things and a lot of to learn as well. It's often about technology first, and then after you master technology you can start thinking about security implications of these things. Nice. So so yeah, so you

start learning about this stuff. What resources were there when you were learning it back in the day, books or videos or yes, back then, I still read a lot of books. So that was the time where you can actually get a book which remained valid for like five to ten years, which is today, for case, five to ten minutes these days. Yeah, something like that. By the time your book is finished, it's like, yeah, this thing is data, let's stump it. Yeah, so it's

it's a whole different age. So I started with books like Linux Server Administration and things like that. They remain valid for a long time. So yeah, that's that's a good one. There's still a few few gems out there that are more about the way of thinking and classical examples which are still really really relevant. One really good book is Security Engineering from Ross Anderson, which actually explains a lot about the mindset and makes it very explicit, So that

is definitely a strong recommendation for anyone thinking about security. It's not a light reading material, so it actually goes into a lot of depth in some scenarios as some real world examples of security failures as well, not necessarily ID only, but also like military problems with security and stuff like that. So it's wow, yeah, it's it's a yeah, there's a lot of knowledge in

that book, and that's a good good starting point. And other than that, find out what what is your poison, basically what you're interested in, if it's web security or mobile or containers or whatever. Yeah, whatever works for you. Nice. So at what point were you into the security stuff? Did you start getting into the web security and sort of the front end angular react view, I'm assuming you treat some back end stuff too, but how did you get exposed to that kind of security? Yeah, again,

that's that's kind of a slow progression moving forward. Part of it is because I really suck at low level code, so trying to give me pointers in reference and all of these things that really gets to be confused really quickly. So c was not my best course at the university. So but back end stuff in Java, that's how things got started. That was the day of

Java service SID that Bay generation like GSB and oh yeah. So I started learning these things back when I was a student, and then of course security back then was mainly service sighting. And then I think when I finished my PhD, that was when Angler one was still the main framework in the Angler

world. There was no talk of Angler Crew. So I started looking at like, what does security mean in Angler and actually had to learn Angler first, which was a big surprise in the beginning because that was when this was still awesome. It's like, oh my god, this this takes away so

much pain, Like yeah, let's do this. And I started learning about security and how Angler handles cross that scripting and how you'll find crappy advices that overflow to bypassed that and all the dog basically grew from there, and that's

how I started talking about that. And I still I was at an Angler conference in Belgium last week, and I still met people that said like, yeah, I first met you at this meet up talk you did about English security at the university, and I was like, yeah, that's a long time ago. People still remember that, So that's what got me hooked to

Angler. And then of course Angler too came out and they got a lot of things a lot better than before, which is great for me to talk about, Like, hey, if you're doing Angler, this is actually pretty cool for security. We talked about that in a previous episode as well. And then of course people are using other things on Angler. There's more out there in case some of the listeners have no idea. There's a lot of

people using things like React and View. So yeah, I started looking at those as well, but I'm I'm mainly an Angler guy because the security anglers and Angler is the only framework that gets security right by default, and I really like that as a security person. So yeah, yeah, I think you kind of implied that in the episode, but I don't know if you

explicitly stated it. So I think so. I think so because I remember being careful about not bashing React or View too much, which I always have to be careful about cause if people ask me, I'm like, do it with Angler, because from a security perspective, Angler is a lot better. But I'm fully aware that Angler solves different problems and reacts with you, and usually I follow up that first piece of advice with whatever works for you.

If your team is comfortable with React and Angler doesn't work for you, then there's no point in trying to force yourself to use Angler because it's not going to work like that. But yeah, hey, folks, this is Charles Maxwood and I just launched my book, The max Coder's Guide Defining Your Dream Developer Job. It's up on Amazon. We self published it. I would love your support. If you want to go check it out, you can find it there, The Maxicoder's Guide Defining Your Dream Developer Job. Have a

good one, max out. I really like how Angler handles a couple of things out of the books which the out frameworks do not. Then that is my main preference. I would say, nice, So how much have you done with the other frameworks with Angler or sorry? With View and React, it's mainly about figuring out how they work with security, so I haven't.

I honestly don't have time to stay up to date on all the frameworks all the time, espectually to build like a full flashed application, so I usually build training applications with the frameworks because the front end security stuff is focused on things like crossid scripting, and you can easily well if you figure out the techniques or the details, then you know what's what's going on, and it's

not going to impact the architecture of the application per se. Right, So I build my own applications that I use for my trainings in Angler, and then I have like I have a training application for posting restaurant reviews, and I have that one in a couple of different languages, and even service side technologies like the old travel server pages to show how things went bad in that area and how it's a lot better if you have to fix it in a

front end application and you have to do in a back end application. So even in React, it's actually better than it used to be in PHB or GSP or ASP do thatt or right or whatever. So it's still a big

improvement, but I think we can do even better. Yeah, well, I think security is one of those fields to where you know, some of these are going to be obvious, like cross site scripting and things like that, where it's okay, you know, my framework can handle you know, ninety five percent of the cases right where this is gonna could even crop up, and it's just not going to happen and then somebody's going to come up with something else or some new way of doing it that So it's it's this

race that we're going to have to continually run for as long as we have computers. Yeah, definitely. And what I see in the last couple of years is the technologies that we're using for security are becoming more and more complicated as well. So we have a browser security policies like CSP and well, frankly, it's a explaining that to a developer to make it useful for them.

It's it's a really really hard job because it's a very complicated policy and there's a lot of bypasses if you get it wrong, so you have to really understand what you're doing to get it right and right. The same thing goes for service SID technologies like all out and open eddy connects and all of these things. It's just understanding how they work before you can understand where you're

doing it securely. That takes an insane amount of effort, and that's that's what a lot of my consulting gigs are about nowadays, Like, hey, we're doing this and we don't really know whether it is Okay, can you take a look at this and can you help us out with defining what the best practices really are because we don't want to spend a year diving through all the specs and all of that to figure out whether we're doing the right job.

And that knowledge injection really helps teams move forward because they get like a quick checkup or quick overview of best practice and they're like, Okay, we got this right, we need to fix this and we can move forward, and that really helps makes sense, And we went into a lot of this stuff in Adventures in Angular episode, so I'm not going to be labor it

too much. I am curious, though, what's your process for evaluating Let's say that you know Angeler releases Angular nine, which we know is coming soon. What do you do you know when they release it to evaluate it for security? Well, fortunately, I would say on the security side, thinks remain fairly stable. So I think that the most of the security related behavior

and angler has been there since version two, so that's good. Maybe over time they made some minor modifications that affect certain aspects, like adding interceptors in version four. That was kind of a big change, But we had something similar Angler one, so it was still kind of similar. So what I typically do is I go to the release notes to see what the features are that they actually added, because I don't follow that on like very closely either.

And then when there is something security related, I have to figure out what's changed. But honestly, I haven't seen that happen in Angler yet. So in React, for example, they did change or are going to change. I haven't checked in the last two weeks, but they actually did change some security behavior by default. It's again a good thing. But yeah, then of course I have to figure it out, update my my course materials, update my labs and and all of that. So it's a yeah,

it's a it's a continuous game of staying up to date security. There's yea. It's not like I can ever be done with my course or anything. It's always updating and always find you. Yeah, where do people find your course? I do in person developer training, so you'll find it if you bring me to your company. I got you with me, so yeah, it's me. It's mainly in person training, but I'm planning to release some online content next year. So if you if you follow me on Twitter or

subscribe to the mailing list. You'll definitely get updates from there as well. But it's anyone who has ever built online content will know that this is not an easy job and takes a lot. Yeah, so I'm slowly getting ready for that. So first we have the holiday season and after that I'm gonna jumped into it recharged and ready to go. Yeah, it seems like a lot of folks or a lot of companies, sorry, they get it right.

They tend to have one person that's kind of dedicated to this, and it may not be a full time job, but it's a significant part of the time that they spend working on that. So yeah, that depends on the company side. So some of my customers actually are really big companies. They have like a security team and hundreds of people in that security team. And what they try to do is or what seems to work really well,

is that they am that's security champions in the development teams. And a security champion is kind of a developer with an appetite for security, so someone who wants to learn more, who who gets training on security as well, and they actually steer the team from the inside. So whenever there's a development discussion like can we do it like this, or that they can be like, no, that is probably not very secure, so let's do it like this,

And that already brings like the security awareness into the team. Of course, they can escalate the the security team for very specific questions or guidelines or something like that. But yeah, it's it's definitely definitely a very important job to stay up to date so that you can actually give concrete advice. Yeah, and I like that approach too, because, for better or worse, human nature is such that it's easier to take when it comes from quote unquote

one of us. Right, and so if you have that security champion on the team and they fit in or they feel like they belong right. You know, I like working with Joe, but sometimes Joe brings up stuff that's a pain in the neck because of security related and that's hard. It's easier to take than you know, somebody swooping in from the security team and going guys, guys, guys, guys, yeah, and no, you cannot do we released this. You have to fix this in this first Yeah,

that grade is definitely a bad vibe. So yeah, no, team. Yeah, but one of the important things about security champions. Is that there developer themselves, So yeah, they know about the banes that developers face, and it's like I can easily say, like just do this like that, but if you don't know what's behind that, it's going to be a major architectural change in the application. It's like a lot of code that needs to be redone and that has a major impact. So you need to have that

background to understand the impact of the of certain decisions. And yeah, absolutely, that's that's why I'm I can never stop developing either. I need that the background to make my advice and my courses and whatever relevant. Otherwise, well you're just telling people to do stuff without knowing what it means, and that's not what I want to do. Yep, absolutely, So yeah, this has been really fun. What are you working on now? Honestly, when I shut down my call here, I'm going to go on holiday,

so I'm reorizing except for trying to take some time off. So yeah, it's it's been a very busy year, so I've been looking forward to some time off. But what I'm working on next is I have a couple of conferences in Europe coming up. Conference workshops on single page application security. So I'll definitely be working on that in January to make sure it's updated from this year so it's all ready to go. And then I'll be working on some

online course materials and a couple more cheat sheets on security. So I've built a few this year about like one page overview of security in Angler, for example, like a list of things to watch out for or to not do or check look for in your applications. And I did one on Jason webtokens as well, and I'm planning to build a few more next year. So

yeah, nice, very cool. One other thing that I like to do on these shows is just give people an idea of who our guests are, right, because we talk about the tech, we talk a bit about your career, but it's like, you know, who is Philip right are you? You know, maybe you have eighteen kids and fourteen cats. I mean, who knows, right? You know, maybe you like to ski, maybe you play the guitar, So you want to kind of give us an

idea of who you are when you're not the security expert. Yeah, so I do have a family, not eighteen kids, but two and a half, So two kids, someone on the way oh congrats, thank you. And we have zero animals at home, so I know we're not really cat persons are dark persons. We're good like that. So what do I do? Well, I travel a lot for work, so I'm happy when i'm

home. I like to cook, so I'm also a professional chef. I used to have a catering business for a very short amount of time, but then things wow so busy that, yeah, that was impossible to maintain. Yeah, I have Christmas coming up, so I'm actually working on a Christmas menu and slow cooking some meat and things like that. So that's yes, So that's what I like to do when I'm when I'm home. Sure, Now, when you say slow cooking some meat, are you using something like

a crockpot or a smoker or it's a souvid. So he goes into a vacuum bag and I have some some pork. I don't know the English word, like the upper part of the tie. It's rich now, and it's going to go into a Brian for for two days, and then I'm gonna slow coogle at sixty five celsius for two more days and it's going to be like super tender, and yeah, it's awesome, just like Falls off the Bone, and it's going to be great. Adventures and Angler is a dev

chat dot tv production made in partnership with hero Devs. Hero Devs is a group of Angular experts who can help your team code like true developer heroes. If your team needs an Angular expert, reach out to Aaron at hero dot dev today. So I have to ask then, because I have a Suvie machine that I have never used. That's the shame it is. I it's

something that I need to remedy. I have a whole bunch of roasts in my in my freezer, so you know we've got uh, We've got the rump roast, which I think is what you're talking about, shoulder roasts. I've got beef roast too. So yeah, so what what should I do with Let's say that I have a shoulder beef shoulder roast? How do how

do I how do I attack that with zoobeed machine? Well, what you what you can do is you could sweet it first, so basically cook it first slowly so it gets like real moist and tender, and then you can see it afterwards. You can basically it's called it sounds good. So you you make it like it's very tuicy and tender first and then put in like a really hot bund or in the oven for for a bit, and you get the outside and nice and crispy, and the inside is going to be

a very tender because you you sloke right very long time. So yeah, that would definitely be be a good way to go. And you can start piling around with the spices and whatever you put in the bag and there's yeah, there's a lot of fun doing that. Yeah. Yeah, my version of this, I have a meat smoker that sits on my front porch. It actually looks like a mini fridge. It's it just plugs into the wall.

But yeah, you throw some wood chips in there. It has a heating element in there that you know, sits right under the wood makes it char and so it smokes, and uh, yeah, I've gotten I've done pork. In fact, I've got a ton of ribs in my freezer too. I should just make some some ribs. I've been wanting to brind a

turkey and put it in the smoker and see how that goes. But yeah, the smoker usually depending on how I'm cooking things, you know, it can take anywhere from six hours to like eighteen hours to cook the meat. So yeah, it sounds like a big smoker if you can fit a turkey in there, but yeah, that would be about all that would fit in there is one turkey. Yeah, when we smoke here, we do it on a smaller scale typically, But yeah, I haven't tried my hand on

that yet, so yeah, maybe next year, who knows. Yeah, a good deal. But yeah, I'm definitely going to have to try the suv'd And a lot of the roasts I get are vacuum sealed already, so I'm pretty sure I can just drop it in with the souvi'de. I don't need to put it in a it's already vacuum sealts. I don't You could do that, then you definitely need some good seasoning afterwards, yeah, when

you finished the meat. But yeah, if it's already vacuum sealed, it's going to be I don't know if you have an actual vacuum machine, I do, Okay, that doesn't matter. You can reseal it as well, that's true. I could pull it out, season it and then stick it in and vacuum seal it again. Yeah, absolutely, you've inspired me.

I have time. I need to do it before I'm forty, which means I need to do it today because my birthdays and two days all right tomorrow actually, so oh congrats happy birthday man, most thank you the same for you. That's right. Well, we'll pretend that we're brothers or something, right, all right, Definitely go go try out at Suvi. There's there's a website with a lot of great information called chef Steps, and they have

a lot of great content. So give them a give them a look, and you'll be able to find something to do with your shoulder roast for sure. Yeah. One other thing that I've been thinking is just because a lot of times what I what I do is I wind up making a meal either in my instant pot, which is a pressure cooker, and so you can do a lot of the slow cooker recipes. You just throw it in and

it's done in an hour. But yeah, I've thought about like putting a meal in the pressure cooker for tonight and then putting something that needs to run in like the slow cooker, the croc pot, you know, for for tomorrow for dinner, you know, because I can just leave it warm on the counter and then yeah, do something in the SOUVD and so I basically have three meals cooking at the same time, and it's just like, all right, here's tonight, here's tomorrow, right, you know, or the

smoker, same deal there. But yeah, and I'm really hankering for some ribs. Now, well, you have all day left, I guess in Salt Lake City, So that's true. Yeah, we have, we have the whole afternoon. All right. Well, I guess the last thing we have is before we do picks. If people want to find you online, where do they find you. I'm very active on Twitter, so that's a

good place to find me. And the website of my company is called Pragmatic Web Security dot com and you can find everything you need there, so I'm easy to reach. So if there's anything you want to talk about on his dates, all right, And and that's where people can hire you too, right yeah sure, Well, well I don't like have a standard hiring practice, So basically what happens, I just got a meal like that an hour.

I haven't been able to respond yet, but it's people who shout like, hey, we're struggling with this or that would that be a good fit. Can you help us out here? And we schedule a call to talk about these things, and after that they well, we can both decide whether it's going to work out or not, and whether I'm the right guy to help help you with these things. And if I am, we can move forward, and if not, then hopefully I can point you to someone who

will be better suited for the problem you're having. So absolutely nice, all right, Well, the last part of the show is picks, and we did picks on Adventures in Angular as well, So picks are just anything you want to shout out about for the show. I'm going to throw out a couple of picks myself and then I'll let you go for it. One that's related to security that I enjoyed quite a bit is a book. It's called Ghost in the Wires, and I can't remember the name of the author,

but he was he was a hacker. He did like phone freaking and stuff way back in the nineties, right with a whistle or something. But he talks quite a bit about, hey, this is how we got past the

security with this company or that company. And it was amazing to me too, just how often the security breach happened because he got through to somebody and convinced them that he was legit as opposed to you know, some of these more automatable technological things that we talk about, and I think as we get further and further down the pipe of security, you know, because I mean we've seen major breaches from big companies, and you know, some of them

are, Yeah, it's technical. They didn't update their library or whatever. I think Equifax was Equifax, Yes, yes, you know, and it was because they didn't update their database engine or something. I mean, it was it was a dumb thing, right, But a lot of them is they get the name of somebody in the company, they called some call somebody else in the company and they say, hey, I'm Joe from this team,

and you know, I need my password reset to the server. And then they're in and so yes for me, Yeah, yeah, really effective technique. It's yeah, you see it everywhere. And the latest incarnation is this thing called CEO fraud where they convinced the financial department to wire like a million dollars to do an account and it's not a legitimate account, so off the money goes and yeah absolutely, yeah, So yeah, it's it's stuff like that that kind of gets me going, huh interesting. So yeah,

so I'm gonna pick that because the book was just way fun. And then yeah, as far as you know the cooking goes, I find a lot of recipes on allrecipes dot com. I have. I have a cookie recipe that I'm famous for that I got off of that website. And it's funny because people are like, wow, where'd you learn to make these? And I'm like, here's the app? All right, So so I really love that. And then yeah, I just I absolutely love having a smoker.

And it was a cheap deal at Walmart and I'll have to find the actual model, and you know, you can get one for like one hundred and fifty bucks. The suweed machines are also pretty inexpensive. I have an Enava, yes su Lead I haven't over as well, So yeah, it's pretty cool. So I'll pick those. Why don't you go ahead and throw some picks at us? All right, So let me big a security topic. Let me give a shout out to let's encrypt, which is a certificate authority

handing out certificates for everyone for free. So they automated the whole process and they make it possible for everyone to deploy everything over HPS. Basically, so even if you have a simple recipe website that nobody really cares about with let'son crypt it can deploy this over HPS with zero effort and with zero costs. So that's definitely a big step forward. So they're a driving force behind the growth of HPS from about thirty percent to seventy eighty percent we're at today.

So that's definitely a massive, massive effort and really much needed in today's world. And then for the cooking stuff, I want to give a shout out to a Belgian company called food Pairing, and what they actually do is they have like an an application where you can create recipes by pairing different foods together.

So essentially you start with like a main ingredient, like I want to do something with the shoulder rows, so you pick the pork meat and you start from there and based on the aromas they they have analyzed an in the lab that different foods and they will say like, okay, these foods fit well with pork, and you can start selecting like oh I want to use this vegetable or maybe this type of booze or I want to use this or that, and as you further go further down the line that the options become

kind of smaller because you want everything to fit together, or you might want some contrast in there, and they give you the option to select all of that basically from a huge list of ingredients. So I actually use that when I'm creating dishes for Christmas or something like I'm going to do this, like a piece soup, So what would go well with pea soup? And like, oh yeah, pork meat And then we dive into pork meat and it's like, Okay, what herbs would go well with that? And it's and

based on that you can really come up with some cool stuff. So yeah, that's that's actually pretty awesome. Nice all right, Well, yeah, I think we've covered everything. People know where to find you. Definitely you want to give us your website again? Just yeah, so it's Pragmatic web Security dot com. Everything is all right, and yeah, I'm just getting the links to my picks in the chat so people can sort of wind up in the show notes. But yeah, where we are looking for hosts and

sponsors for Adventures in Angular and some of the other shows. So if you're interested, you can just find me on Twitter. It's Chuck or sorry C max W cmaxw on Twitter. Just send me a DM. My dms are open and I'll respond and I'll let you know how to schedule a time to chat. If you have ideas for adventures in Angular as far as topics, people can let me know in the same way. And yeah, go check out my book, The Max Coder's Guide to Finding Your Dream Developer Job,

and that is now out in paperback. Of course, by the time this goes live, I think the audiobook will be out there too. So anyway, just throwing a bunch of stuff out there because I get asked about it. And yeah, people can find all that stuff there. Thanks for coming, Philip, my pleasure. Thanks for having me. All right, Well, next time I'm in Belgium, or I guess the first time I'm in Belgium, I'll let you know, and yeah, we'll see what we can

see when we can get together. Yeah, absolutely if I'm in the country. So it's always hard to but sure, give me a shout out and we'll see what happens. All right, sounds good? All right. Links in the notes as well, so you can link to that in the talknotes and everything is there. All right? Sounds good? Hey, max out everybody. Bandwidth for this segment is provided by cash fly, the world's fastest CDN. Delivery your content fast with cash Fly. Visit c A C H E F l Y dot com to learn more

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android