Changelog & Friends – Episode #31

Yeeting stuff into public

with Jamie Tanna

All Episodes

Jamie Tanna (who has a website) joins us to discuss the indie web, living with ADHD, sharing his salary history with the world & building DMD – a dynamite open source tool to help you better understand the use of dependencies across your org.

Featuring

Sponsors

VercelZero configuration for over 35 frameworks Vercel is the Frontend Cloud makes it easy for any team to deploy their apps. Today, you can get a 14-day free trial of Vercel Pro, or get a customized Enterprise demo from their team. Visit vercel.com/changelogpod to get started.

SynadiaTake NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.

Fly.ioThe home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Notes & Links

📝 Edit Notes

Chapters

1 00:00 Let's talk! 00:37
2 00:37 Friends vs Friendlies 👀 01:00
3 01:37 Jamie's BMC Remix 02:09
4 03:46 Tracking podcast listens 02:24
5 06:10 The indie web 02:49
6 08:58 Adam's iTunes analogy 01:52
7 10:50 Blogumentation 08:56
8 19:46 The IndieWeb 02:49
9 22:34 How Jamie's website works 03:21
10 25:55 Writing pains 04:54
11 30:49 Sponsor: Vercel 02:43
12 33:33 Jamie's public salary 04:46
13 38:18 Adam's public salary? 05:32
14 43:50 Consequences & regrets 07:04
15 50:54 ADHD 04:52
16 55:46 Memento (Spoilers?) 01:58
17 57:45 Sponsor: Synadia 05:10
18 1:02:55 DMD 04:28
19 1:07:23 TNT! Dynamite? 01:09
20 1:08:32 Changelog's DMD 03:37
21 1:12:09 Any users? 02:26
22 1:14:35 Gaining trust 08:51
23 1:23:26 Going beyond 1x 03:06
24 1:26:32 Bye friends 02:02
25 1:28:34 Outro (join ++!) 01:20

Transcript

📝 Edit Transcript

Changelog

Play the audio to listen along while you enjoy the transcript. 🎧

We are here with Jamie Tanna, longtime listener, community member, blogger… I’ve been publishing your stuff in Changelog News over the years, it seems like at this point… And one of our voice mailers for last year’s State of the ’log. Jamie, welcome to Changelog & Friends.

Thank you. It’s great to be here.

Not that I’m saying he’s not a friend, Jerod, but I was thinking maybe he wasn’t really a friend. It’s more like this is Changelog & Friendly.

I don’t know. [laughter]

Because he’ll become a friend during the show potentially, right? I was thinking about that on the way here. What do you think about that?

I feel like he’s been like a community member; hanging out in the Slack…

Right. We haven’t held hands yet though, so…

Well, he lives across the pond. It’s not easy.

You hadn’t with Gerhard, for ages…

[laughs]

That’s true. It took us a long time to shake his hand, and give him a hug, so…

True. Yeah, gosh…

But Changelog & Friendlies - you know, it’s got a ring to it. Maybe we could have a sub-show…

I guess you’re looking for a new subtitle. Turning friendlies into friends…

There you go.

Oh, I like that. That’s actually not that bad.

What I would like to hear, Jamie, is how it feels to get your very own Breakmaster Cylinder remix… Because you are a recipient of a remix. I’ve never got one for myself, but… It’s gotta feel good, doesn’t it? How did it feel, hearing your voice all remixed?

It was very cool. I mean, the fact that for the second year running I ended up submitting my voice note late for State of the ‘log was just impressive… I’d asked like a month before the deadline “When is the deadline?” and I posted an update… So yeah, I’m just still surprised that you managed to squeeze me in. That was very cool. And then, getting my own remix was pretty cool. I haven’t yet set it as a ringtone, but maybe that’s the next step.

You should.

Is Jamie’s sweet robot dance makeup music - that’s Jamie’s, right?

That was the other Jamie. That’s Jamie Curnow.

Jamie’s was the very last one, because he submitted late…

Remind me what it says.

We’ll see if we can play it. Do you want the remix, or the message?

The remix.

Remix: [02:35]

Thank you, Jamie. That was amazing. I bet your dog’s pretty sad. I know my dog absolutely needs the Adam tank filled up every single day. The dog begs me to go to work with me, because for now I go to a separate office… And my dog could not not be walked… And then at the same time I need to cook. And I’ve never sat in a room for five days straight laughing at Changelog podcasts. [laughter] So you’ve got me beat, but I appreciate that.

I’m just dedicated that dedicated…

Okay, I take it back. You’re a friend now.

There we go.

Just like that.

We already did it. We haven’t even gotten into show yet, and we already turned a friendly into a friend.

Too easy.

Too easy.

And I was digging into my site history, and I’ve found at least the first recorded time I tracked a listen to Changelog was 2016. So I’ve been listening for a good chunk of time…

Oh, wow. Dang.

So you track your listens?

I do. It’s something I started a couple of years ago. I was starting to track every time I listen to a podcast; our publisher listened to my website, and as part of that, I then have a history of all the things I’ve listened to. But because I was only doing that from like that point of time, I also had like a loader history… So I found a way to take Podcast Addict’s SQLlite database, reverse-engineer some of the data out of that, and backfill that to my site as well. In fact, I’m just now trying to charge up some my old phones to see if they’ve got any history on them…

And go further back.

…I can backfill. Yeah.

Interesting. That’s dedication.

I love it, but I also wonder why… What drives you to want to do that, even so much so that you’ll go into the history and like dig it out of a database? Why?

So in 2018 I found out about the IndieWeb community. Communities all around like owning your data, not relying on other platforms… So some of it is – like, IndieWeb as a thing is quite cool. But it’s also just like interesting for me to have that data. So for instance, coming up to today, I was able to easily go back and say “The first time I definitely know I listened to a Changelog podcast was the 27th of August”, and it was Requests for Commits #4. And that was actually the first podcast of the Changelog I listened to. It’s also interesting, because that gets syndicated to the Fediverse… So if people are interested, they can see the sorts of things that I’m listening to, they can find out about new podcasts, as I’ve listened to them, and stuff like that… Which I find quite cool. It’s just a passive way of sharing it. And then also, because I have all that data, I can go in and I can work out “Actually, in the last year, I have listened to five days’ worth of Changelog.”

[05:56] Yeah, exactly. And then you can make sweet robot dance makeout music with that information, you know? It’s amazing. So okay, that is cool, I admit it. And it makes sense, the dedication, the syndication… So IndieWeb - this is the idea of own your own data, publish through your own website, and syndicate elsewhere, or blast out… I guess there’s a couple different ways of doing it, but that seems to be the main one.

Yes. So there’s a really good article titled “One year in the indie web”, and this is the one that I usually recommend people read, because there’s a really good distinction there between IndieWeb, with a capital I and a capital W, versus indie web all lowercase, or with a space between indie and web. So there’s a lot of people who think indie web is “I need to do these particular things to be part of the indie web.” Whereas at its base, it’s just you own a URL, and you publish content to it. It could be that URL is in front of Substack, or Medium, it could be in front of wordpress.com, or it could be infrastructure that you are hosting in your home lab, and you’ve got a load of stuff for that. But then as well as that, it has also morphed into things like owning data across different services.. So one of the things you reference is POSSEE, Publish on Your Own Site, Syndicate Everywhere Else, or Elsewhere. And so that is a lot of what I do, or what I try to do, which is in the before times, before Twitter’s API got taken down, I would reply to people’s tweets from my website, and so I would actually go through a lot more pain and effort to reply to someone’s post… Which kind of showed that I actually did care a little bit more, because I would – so using the Twitter app, I would share with an indie web app, I would write my reply, and then hit Send, that would go to my website. In about 10 minutes, my site would have rebuilt. It would have sent a notification to an app called Bridgy. And Bridgy would then say “Oh, cool. This has replaced something in Twitter, so I’m now going to send an API request to Twitter, and I’m going to syndicate that post. And that will then appear on twitter.com.” And in all that time, someone’s probably not bothered by my reply anyway…

I was gonna say, it’s a good way to lose an argument, you know? By the time your reply comes in, they’ve moved on; they don’t know what you’re talking about.

But I’ve also found it quite good, because it means that a) those sorts of arguments do calm down a little bit, because… Yeah, I’m going to be taking like hours to reply to you. In fact, there was a time where a couple of friends of mine messaged me and was like “Why have you just replied to my tweet from six months ago?” And I had a bug in my site software that it wasn’t actually sending those notifications called webmentions for a while… So suddenly, I was replying to posts from like six months ago, and… Yeah. Not great.

That’s a good response though, “It was a bug in my software.” This reminds me a little bit, somewhat - so go with me here - of back when I was religious about updating the song titles in iTunes. Back whenever you used to manage your own mp3 library. And it’s not exactly a one to one, but I wonder if this indie web - which I totally agree with; I love the indie web. RSS feeds… That’s what we do for a living. We ship mp3 via RSS somehow to the world, and we don’t care about tracking. I mean, we do to some degree, but just enough to know that they’re signal, not noise. But it kind of reminds me of this world where you pay attention to the details so closely, but others may not, and so the world doesn’t really get populated with others like you, who care so deeply about the older layers. Do you feel like that? Do you feel like the indie web has a possibility of being more thriving because there’s more folks who are so purist like you are? And am I wrong on my iTunes naming? Because I mean, I used to be crazy about it before they would do it for me… And now just there’s Spotify, and other things, so…

[09:57] So yeah, I do you see it as a bit of a parallel. So I definitely wouldn’t say I’m one of the purists. There are a number more in the community who will do a lot more work for some of this stuff. And for me, some of it is just like the muscle memory of doing it… And a little bit of “Well, I’ve been doing it for this long. Sunk cost fallacy. I have to keep doing that.”

For sure. Yeah, that’s what I meant by iTunes. I was like “Man, I’ve been doing this renaming for so long… I am going to keep doing it.”

So for instance, on websites like Lobster and Hacker News, and even things like LinkedIn, I don’t have POSSEE setup, so I will just reply… And it is kind of nice to sometimes just reply, and it be done… But also, I find it really useful to look back on things. So for instance, I have ADHD, and as part of that, my memory isn’t great. I blame the ADHD for that. So something in 2017 I started doing was called Blogumentation. So it’s blogging as a form of documentation. And I very recently started my personal website, and as part of Blogumentation, it was a case of “I’ve just learned a thing, or I’ve just done a thing, and it was kind of awkward to like Google around for and find a solution for, so I am going to be that person who writes a blog post about it.” And even if it doesn’t help anyone else, it will have helped me, because I would have written about it, and next time I can go back to that. And it partially - or I definitely see this as like a really big positive for me as someone with ADHD, is I now don’t have to try and remember how to do the thing. I can now just vaguely remember, “Have I written about the thing?” and then I can go and find that in my website. Or I don’t even need to do that far. I can just search through my site, and I can say “I’m sure recently I was talking to someone about this, like, how to do contract testing with Open API”, and I can search through my site, and then I can find a reply that I posted somewhere. And I find that really useful, because – so part of the Blogumentation was triggered by a discussion with Scott Hanselman, who had a site called Keys Left, which counts down the number of keystrokes you possibly have, based on stats, how many keystrokes you have left until you die of natural causes. And in this podcast, he was talking about “I don’t want to waste those keystrokes on something that –” Like, if he gets a dozen emails about “How do I do this thing?”, he wants to be able to write that reply once, and then save the keystrokes, and put them towards something more useful. And I very much have internalized that of “Let me try and reference things that I’ve already written.” In fact, you can see behind me on the video I have my URL in the background, because it’s very much like my personal brand.

One of my friends for my birthday the year before last got me a T-shirt, which says “I have a website, jvt.me”, because I would just talk about it so much that it was like that sort of fun thing. And another friend of mine from a previous company, he built a website called DidYouKnowJamieHasaWebsite.co.uk… Because it was just so common that I would talk about my website, and I would share links to things… And a lot of it was coming from the place of “I’ve written about this thing. I have helped solve the thing, so here you go.”

I have a lot of thoughts about that… I agree absolutely on the Blogumentation front, and on the – as a completionist, it appeals to me to have everything always… But –

Here come the but.

[13:48] Well, I actually I pushed back on you about the same thing, Adam, at THAT Conference, when we were talking about letting the LLMs know all of our thoughts. Just like write everything down. And I think at that time I said “Is there no value in that which is ephemeral?” And I used to be like “Always be recording, always be publishing. If it’s not forever, it’s not meaningful”, and I’m starting to just like change my perspective on that. Maybe the kids are changing it for me… Because you know, the younger generations value ephemerality more than we do, because they’ve grown up where like everything they do is documented and tracked by themselves, or by their parents, or by the NSA, or whoever it is. And I just feel like there’s room in life for both things, where there are some conversations that don’t need to be documented. There are things that – a reply on LinkedIn can just disappear into LinkedIn’s database somewhere, and doesn’t necessarily need to be cataloged for you or for your language model to remind you of later… And picking and choosing what I should keep and what can just go away I think is part of the process, but I’m just kind of like letting go a lot more than I used to. I’m like “Does this conversation really need to be published?” Or just - I ran into somebody in the street, and we talked for five minutes about our families, and we moved on with our lives… And that was just a really nice, human thing. And maybe I said something there like “I have a website”, or “I wrote about this”, but beyond that, I don’t think it needs to have artifacts to be valuable.

Yeah. Well, I’m with Jamie on one front, because I’ve just had a conversation with somebody for the first time; we’d been looking forward to meeting each other, and we met each other at a mutual party for the Super-Bowl. It’s a very popular thing here in the US… And the conversation was around nerdy things. And I guess this person’s a lot like me, where they don’t meet other people that can go deep nerd on Linux, and Unix, and BSD, and ZFS, and whatever. Whatever the fun tinkering things are. There’s not many homelabbers out that you can meet just like randomly in the street, so that’s the point. And this person’s a professional in IT around the Windows system primarily. And through conversation, we were talking about our setups at home lab, and whatnot… And I’m like “Well, I really don’t do this, but I did podcast with Matt Ahrens, one of the co-creators of ZFS…”

You named dropped on him?

“…a couple years back, and a lot of people liked it, so you should go check it out if you’re really wanting to go deep on it. It helped me out a lot.” And then a minute or two later we were talk about something else, I’m like “Well, I also talked to…”

So you’re the “By the way, I have a podcast…”

“We also talked to Allan Jude recently about FreeBSD, and all the BSDs, and like the whole history there, and it was really cool, so you’d probably enjoy that, too…” So I kind of felt myself like self-referencing things I’ve done… Because we do document a lot of things that we nerd out about. That’s just natural for us. But I get you on that point. I think the point you’re trying to make, Jerod, is that there is value in just simple humanity. Not journalistic, or “must be recorded to then share later” aspects. And that’s – I don’t disagree with that. I fully agree with that.

Right. And having a filter. You know, I have lots of thoughts throughout the day, as you guys do, I’m sure. Most of them aren’t worth keeping, you know? And we make those choices. Adam, I know you have lots of ideas… Some of them you write down, other ones you don’t. And knowing where to draw those lines is just something I’m more, I guess, cognizant of, than I had been in the past, where I was more like “If it doesn’t live forever, it’s not of any value.” I didn’t understand Snapchat. I’m like “Why would you want to take a picture that just disappears? It doesn’t make any sense to me.” And now I get it. I guess I’ve just evolved a little bit.

I don’t get that either. I just can’t get it.

I get it now.

I was never there, so I don’t get it.

Fair enough. But yeah, we should get Adam a T-shirt, “By the way, I have a podcast”, similar to your “I have a website.” [laughter]

Yeah, that would be cool… And I don’t really – I don’t like doing that though necessarily. When I meet people, I’m not like – in this case, it was proper. It wasn’t like boasting, or self-promoting. It was like literally “Hey, we’re talking about this, and this happened. So if you are curious at all about ZFS, this is a great resource, of many you should check out. It enlightened me, so you should check it out if you are so inclined.” It wasn’t like “Let me slap you in the face with my podcast.”

[18:02] And I guess it is hard to drive that balance of - you both have talked to loads of interesting people, you’ve got loads of interesting thoughts… People can learn a lot from that. But also, does it feel like I’m just pushing you to consume all my content? Yeah…

So I would say if Jerod and I were “influencers”, then when we did that, it would be disingenuous. But because we are definitely not “influencers”… We might be influencers with a lowercase i, just because we tend to think –

Like, we’re also indie web with a lowercase i.

Right. Precisely. So I think if we were the true version of what people call influencers, then it would be icky. But because we’re not, we’re just normal human beings who just happen to have done something so long and so consistent, and I suppose over time so well that more and more people have joined our tribe… I read Seth Godin’s book way back in the day, and everything we’ve done has been a version of what he prescribed in that book around tribes. It’s such a good book. I love Seth Godin. He’s got such amazing writing. The Dip is amazing, Tribes is amazing… I think it’s called Tribes, if I can recall correctly. But it was around this, like “Hey, there’s a subset of people out there who find what I think is interesting, and overtime what I find interesting evolves, and I bring more and more things into that. Like [unintelligible 00:19:15.13] I love barbecue. I geeked out with a sponsor the other day… We were done with our conversation, we hung out for another 30 minutes, talked about Weber kettles, we talked about how we tweaked our stuff… And the conversation was totally over, but we were just there, now, talking about barbecue and our favorite recipes, and methods etc. And that was what it was. And that could have totally been a podcast, but it was just a conversation, which was cool.

Yeah, there you go. There’s some value there. I do like the indie web thing. Is IndieWeb – I know you said it’s like a proper noun, and also there’s like a lowercase version of it. Is the proper noun a community? Is it like a group of people that identify and self-identify? Do they get together? I feel like there was an IndieWeb conference of some sorts… Can you tell us about that? Have you been part of any of those events, and stuff?

So the short answer, yes. And the podcast. [laughter] Yeah, so the short answer - yes. So IndieWeb.org is the main page for the IndieWeb community. So it’s more along the lines of like capital indie web… But the idea is, it’s meant to be a community for people doing indie web-related things. So there are indie web camps, which are the conferences… In fact, in just over a month, or just under a month, there’s one in Brighton in the UK… But they have them all over the globe. I’ve been to a couple, and they’re quite good… Because you basically come in and you don’t have to have built your own website, you don’t have to know anything about it. There’s a few sessions at the beginning of the day, where it’s like “What actually is the indie web? Why is it actually important to even just like own your URL, and not constantly be twitter.com/whatever”, or now x.com/whatever. Then people go around and share their websites… So you have like demos of “This is what my website looks like.” And then there are breakout sessions where you can talk about different things…

Some people are very interested in like owning their location data. For instance, instead of using something like Foursquare, they will use their website. And then there’s also interesting conversations around like privacy, things like that… Because often, a lot of people who are sharing their location data in real time are cis het white men who are not generally affected by “Oh, someone knows my location. They’re now going to stalk me.” So there’s a lot of interesting things around that, and trying to make that data less invasive. But also interesting, because you may want to be able to know “Here are all the places I checked into in the last week”, because you may want to like draw a map of places you’ve been, stuff like that.

[21:59] That’s cool stuff. I feel like I’ve always been – I guess I identify with the indie web. It seems like that community, everyone that I’ve met so far are very inclusive. They’re not like drawing lines like “You are or are not indie web.” That’s not the point. The point is like to promote the stuff that you’re talking about… And I’m a longtime believer in own your own domain, publish on your own website, syndicate etc. And like Adam said, that’s what we’ve been doing for years here on changelog.com. We have a website as well, Jamie, Changelog.com. [laughter] And yeah, it’s cool stuff. How far do you go in with – so you’ve got Fediverse implementation or integration… Do you do webmentions? Those are always something that indie web people bring up. We’ve been adopting some of the new podcasting standards, podcasting 2.0 spec, which integrates stuff that’s kind of like webmentions, like cross-app comments, which is very much using – is it just Mastodon? Or is it the Fediverse? I don’t know. It’s using these kinds of things to try to create, for podcasting, some of the stuff that I think Activity Pub is starting to create a little bit for social and for syndication. What all does your website do?

So my website is a static website. It’s built with Hugo, and as I mentioned, it takes like 10 minutes to deploy, because –

It must be big.

I’ve just got so much content in it, and I also – so for instance if I’ve liked a post, I want to mark that up with what that post actually is. So instead of just have it like “I liked Changelog.com/friends/whatever”, I want it to be like “Listen to Changelog & Friends, the episode with Jamie Tanna”, sort of thing. So as part of that, I also need to fetch information around what that post is. So in the back, I’ll be looking at “Does it support microformats?”, which are an indie web markup around HTML, which lets you in your HTML elements basically say “This is the post content. This is the title of the post.” So it’ll look for things like that. It will also look for things like Open Graph metadata and fall back to that… So it can do a few things to try and gauge what that is.

That then, as I say, takes a long time to build, because there’s a lot of content in it… It’s – yeah, got a lot of files. And I’m also using GitLab CI’s hosted runners, because I’ve gone through pieces of trying to host it myself and speed it up, and then just being like “This is still costly, and time costly as well.” So I’ve been playing around with lots of different options. And then about webmentions - so yes, I do support webmentions… So once my site deploys, finally, there’s then a web hook that is sent to one of my services that I run… And that then looks at the sitemap for the site, and says which things have changed recently, and then it’ll go through each of those pages, find any links, and send out webmentions to the world, which then on most of my posts will hit something called Bridgy Fed. So Bridgy is a service run by Ryan Barrett in the IndieWeb, who tries to bridge lots of different social networks. And so Bridgy Fed is the Fediverse version of that. And so I don’t have to manage or understand any of the Fediverse stuff, I can just send a webmention and Ryan does all the hard work with the community building Bridgy Fed to understand what my website looks like, using things like microformats. And it will then translate that to an Activity Pub piece of content, and that will then get sent out to all the people who follow me elsewhere. So people directly from their Mastodon, Akkoma, wherever - they can follow my site natively, get the same content as if you were just browsing it on the web, which is pretty cool.

[25:56] Now, when you’re writing, do you have some sort of alternate setup where you don’t have to rebuild? Are you just rebuilding the current blog post? Because I know that I used to use Jekyll quite a bit, and it was a minute or two to build the whole site… And yet while I was writing, there was times where I would just rebuild the same file, other times I wanted to see how that affected some sort of aggregation page, or tags page, or this other stuff, and it got to be very annoying at one to two minutes, just to work on it. But at 10 minutes, and with Hugo, which is a much faster generator, your site must be very, very large. Does it ever get annoying while you’re writing to have all these machinations? Or is that just not happening?

Oh, so I also started with Jekyll… And I got to a couple of minutes and was like t”This is really painful.” Move to Hugo. And over time, it’s got worse and worse. So my solution for writing is don’t try and preview the post… So I just do not run my site locally; it’s a pretty horrible solution to it…

Really?

But I’m fairly used to what Markdown rendering looks like for my site… So if I’m doing significant changes on the theming, I will then run it locally. But what I will do is I will delete most of the site’s content, or get Hugo to exclude building most of the site’s content, which that means that it is a lot quicker, a lot easier to run. It’s definitely not a good experience most of the time, and over like the last 18 months I keep going to rebuild my website from scratch, and make it a dynamic site… But that’s a massive thing to do, and I don’t really have time. Or I can’t make time when I have so many other things I want to be doing, and need to be doing, that then makes it really tough.

I don’t know how you can write without previewing it. I just have to see what it looks like… Even though I kind of know what it’s gonna look like, I still want to see what it looks like. Like, the final version.

There’s satisfaction in that.

Yeah. And I don’t do like a draft, and then edit it… I literally edit as I write, which is one of reasons why I despise writing… Because that’s just a painful way of doing it. But I have never been able just to write, and not be like “Well, that’s a bad sentence.” I just can’t do that. People can do that. I don’t know if you can. They just write their thoughts; they’ll spit all of their thoughts out, and they’ll be like Draft 1. And then they’ll go back and edit it. I’ve never been able to do that, because I can’t leave the crappy stuff in there. So I’m editing the whole way. I’m also previewing almost each step of the way… So even knowing what Markdown is gonna look like on the website, I’m still like “Nah, I just want to see it.”

Which is kind of funny, because you just talked about the ephemeral idea, which - crappy writing, unedited stream of thought is kind of like embracing ephemeral, in a way…

Sort of, yeah.

So I would encourage you to revisit that idea, considering your new change of thought…

I should try it. I should try to write an entire blog post without stopping, and just see if I can actually get that done.

I think so, too. While you were talking there - the audience couldn’t see it, but I was like shaking my head yes, and then I was like “No, maybe not…” Because there’s definitely times I throw things down and I appreciate it going back later… I’m like “Wow, this reads terribly, but I get the idea.” And it’s not published, but it gives me new position, because it’s old Adam’s thoughts that I’ve forgotten, that I go back and revisit, that lead me to new thoughts… But I was bold enough to at least write it down, even though it sucked in the moment… So I can appreciate it about my past writing, when I’ve written.

So I know a number of people who write draft posts on their websites… So it’s publicly-visible, but it has a little banner that says “This is draft post. It may contain errors. I may not have fleshed out ideas.” And that’s quite a nice way, because you’re very much saying “I have written this thing. I know it’s not great, but I’m happy hitting Publish.”

That takes some guts.

It does. And one of the problems with writing, and writing publicly where lots of people are going to read it, is that “Oh, is someone going to complain about this comment?” Or “How many people am I going to get well-actually-ed by?” So I kind of have like two modes of writing… So my first mode is like Blogumentation style, which is I’m just getting the thoughts out of my brain, so I can forget about it. And in the future, I can come back to it and learn about it again. Or I have posts that I definitely do want, or I’m planning on other people reading. And some of those posts take weeks of going back and re-editing and everything… And yeah, I’m fortunate that I don’t mind too much about hitting Publish, and people’s thoughts on it… But it still does take a while for some of the big posts that I write, especially when I know it could be particularly spicy, and people are gonna have big thoughts…

Sure.

Break: [30:45]

Well, you’re not afraid of being in the public, because another thing that you’ve done famously is publish your salary over the years… Which has gotten a lot of attention, it’s helped some people… Tell us a bit of that story, and then we’ll talk about it.

Yeah, so I’ve been posting my salary publicly since 2021… And part of it was I was leaving a job, and I had just gone through the job hunt… And I’d been talking to a number of people privately about salary, and what the job market was looking like… And it was a particularly good time. Not the most recent ridiculous job market, but it was a pretty good set of roles out there, and I was very happy with the salary increase I was getting at the time. And I very impulsively was like “You know what - I’m gonna post about this.” And I did not check whether legally I could do, which thankfully, I was fine… But yeah, I was like “I’m talking to enough people about this”, and back to like number of keys left and everything, I want to make sure that this isn’t an ephemeral thing, and this is something that people can refer to, and people don’t need to come up and ask me about it. Because in the UK, people aren’t happy talking about money. I think it’s a fairly global phenomenon, where people are just not going to talk about it, and therefore companies get away with massively underpaying people, being very unfair, or even just people not realizing that they’re actually doing pretty well for themselves.

And yes, so I posted my salary… I went back through my history; I had fortunately only had a couple of jobs, so I had all of this stuff available. I was still in the job I was at, that I had been for five years… So I had five years of finances that I could just download and upload. And yeah, it’s been very good, because it has helped a lot of people. I’ve directly had people I do and do not know message me to say “Thanks for posting it.” But also, in the last few years I’ve had at least about 45,000 to 50,000 hits on that page. I sat “at least” because a lot of people strip things like analytics, which is good… So it’s probably a lot more than that.

That’s cool. I can definitely see how it would benefit people, and I see absolutely the benefit inside the same org people; like people talking about their salaries inside the same org. Because then you realize “Wait a second, you’re making that much? They’re paying me half that, and we do the same job. Let me go talk to the boss.” That’s an obvious win. I still think it takes a lot to put yourself out there. I know that I personally have always been just like “How much money I make is nobody’s business but my own”, and how much money you make is not my business, either. That’s just been my default stance on life. And so it’s interesting to see you willing to do that. Has anybody followed your lead?

Yeah, so since I posted mine, I know at least five or six people who’ve posted it directly off the back of me posting mine. So that’s been quite nice, because it’s been a mix of different people, of ranges, levels… And some people who work on like consulting, so have a slightly different income stream to just salaried employees… And then even since posting it, I’ve found people who had already been posting theirs. So for instance, Xe Iaso, they’ve been posting theirs for some time… So that’s been quite good, because it gives a little bit of difference… Whereas the people I know are all UK-based, and around the same sort of area… So things like cost of living, everything’s fairly standard… And for a lot of other people it’s interesting.

The other thing I’ve found particularly interesting is, for instance, in my previous job, Deliveroo - so I joined with a salary of 90,000 pounds, and this was during the period where companies were going wild for engineers. They were willing to throw out a lot of money. And about a year or so later, there was a round of promotions, and people who were promoted to the same level as I was when I joined we’re getting 10% less on salary. And it’s things like that that if you didn’t have this data very publicly, or people talking about it, you miss out on some of that context. A lot of companies do have salary bands, and that makes it at least a little bit better. But I’ve also seen job adverts which are “This salary range is anywhere between 60k and 250k.” And it’s like “That’s not a helpful range.”

[38:15] Right. It’s wildly different, yeah. What do you think, Adam? Would you post your – let’s say you and I went back to being W-2 employees and you had an annual salary… Sharing that publicly - would that feel like something you’d be willing to do? Would you hesitate? Would you “No way”? What are your thoughts?

I guess it depends on how frequently I move jobs, because I know that that’s one thing when you move a lot, or even - I suppose “a lot” is not always an accurate way to describe it, because a lot could be every six months to a year or so… And that can be used against you in some ways, like on your new way in. Like, one of the questions that’s a meme on TikTok, which is “Okay, so what was your previous salary?” And then the person responds “I signed an NDA.” You know what I mean? It’s a funny shtick they do; it’s a comedic thing, in a way. So I feel like I’m of your camp, Jerod, where I don’t – I feel like what I make is my own business, and what you make is your own business… And I think the reason why is obviously societal. I think it begins with that when people know certain details about your person, they can begin to assume, they begin to - not so much cash judgment, but they begin to sort of determine who you are and what you can do based upon what they think they know about you. And then the biggest thing it really - it’s your finances. Because that’s one of the number one resources that we all leverage to progress in life, in some way, shape, or form. And so that’s the resource for which many people are judged by. Like “How much money do you make? Oh, well, that’s why you drive that car.” Or “Oh, that’s why you have that home” or “Oh, that’s why you value these things”, or “Oh, that’s why X, Y or Z.” So I’m like maybe no… But then I also see the benefit in it. I just don’t know if I could be in that camp. I see the benefit, but I don’t know if I can participate in the camp that says “Okay, let me do this.”

I want to contrast this though, because you mentioned this in the preparatory stuff, and this is something I knew about Oxide, is they, Bryan Cantrill and Steve Tuck, when they founded the company, they were like “Okay, we want to sort of pay ourselves a good enough salary. We don’t have to stress so much about money. It’s not so much that we’re making – our company may be valued at x, and on paper we’re worth more, because over time Oxide begins to have a higher and higher valuation”, but their salary is 175 a year USD. And when I met some folks recently at All Things Open, I was surprised to learn – this is when I first learned, I learned face to face that everyone in the company makes the same amount of money as the two founders. And so they said “We want to pay everyone the same.” And so I think in that context, Jerod, that might be interesting for us, you and I as Changelog, to say “This is how much money we make.” Now, it would really be amazing if we paid everyone else the same thing we pay ourselves… But that’s not exactly true. So that might be embarrassing to be like “Okay, there’s a there’s that divide there”, so to speak.

At the same time, we’re also the ones taking all the risk, and riding the wave of down years, up years etc. So I get that. But we’re not building an Oxide company. In that light, if I were building an Oxide and I had similar possibilities and ambitions that Bryan and his team do, then I would probably do that. That sounds like a good thing for the morale, and a good thing to market, like we’re talking about it in this moment, because it’s cool. There’s a marketability to it.

I think as well – so Buffer in the last few days, they’ve also announced that they’re doing similar. The way Buffer does it is they have everyone’s salary as public, which I think I’m less a fan of… So I really like the way that Oxide does it, where everyone gets the same, and it’s very stable, and nice, and equal, or equitable… Yeah, equal, not equitable.

[42:03] At Buffer you have the risk that you can go and look someone else’s salary up… Like, I have absolutely made the choice that I am happy with for the rest of my life, because I’m not planning on doing this, for the rest of my life, people will see what I’m paid. But to be able to know that one of your friends works at Buffer and just look up their name, and look up how much they’re getting, I’m not as much of a fan. And I believe there is an opt out for employees… But it’s the sort of thing that – you know, I don’t recommend everyone try and post their salary publicly, because very few people can do it. It is a very privileged thing to be able to do, and to be happy doing. But if people are at least talking about it privately with their friends and family, that is really the important thing, because companies get away with underpaying people… And layoffs and things are generally because people aren’t talking about things. People are feeling that they’re being like pitted against each other, when really it’s the workers who do the work to make the company what it is… And it’s really important for people to get fair pay, fair share, and… Yeah, I absolutely think more people should be talking about it.

At Deliveroo we didn’t really talk about things like this… So aside from me joining and sharing my salary, and a few people talking to me after the fact, we didn’t really talk about salaries until redundancies happened. And at that point, people were much more happy to talk about things, much more happy to talk about “Here’s what I got on my performance management reviews…” It’s a shame that we had to go through such a horrible position to feel that we could actually share those things that make everyone more equal, and make it easier for us to be better people.

So two questions. One, did anybody at Deliveroo, especially upper management, take offence, or were they upset that you did that?

So legally, we’re protected in the UK. So fortunately, there’s nothing they could officially do. However, it was one of those things that I am probably - not quite tarnished, but I’m sure there will be companies who will look at me and be like “No, not that guy.” There were comments from Tina Fey over the last couple of days about not saying what you think about films, because you never know when you’re going to work with that director, stuff like that. I am sure that there are going to be impacts of that, where people know that I will be willing to share my salary, because I am protected to do so… And it is, in my opinion, the right thing to do for me. But also, I think - yeah, I speak out a lot, in meetings and stuff… I was happy voicing the opinions that I would be happy lending my voice to asking questions that I knew other people would be wanting to know… And I know that not just at Deliveroo, but at Capital One, where I was when I posted my salary - I know that it does make things difficult for me, because I had handed in my notice, I had them posted that, I have miscategorized something as a counteroffer when it wasn’t… And I know that definitely did ruffle some feathers. And that was on me, misunderstanding the wording in something… So there’s things like that, and as I say, I’m sure there will be companies who look at me and are like “I don’t think we want someone like that.” And that’s fine. I’m happy if that’s what they want to do. Hopefully, it doesn’t mean that I can work literally nowhere, because then I will definitely regret it.

Well, that was gonna be my second question, was if there are any regrets whatsoever… And it sounds like there’s some trepidation about potentially becoming persona non grata utterly, at which point you’re like “Well, that wasn’t very smart.” But beyond that - I mean, you’re gonna continue it for the rest of your life, so you can’t regret it very much, if at all.

[45:59] Yeah, so I still absolutely plan on carrying on with it. I did recently add on-call pay as well, as a separate page on my site, just because it’s interesting, because different organizations have different things… And I feel it’s something that - I may regret it in 30 years, holding myself to it for the rest of my career… But yeah.

He has the blowback, I think… Being too open - there’s not so much anonymity, but a certain privacy level of life has its benefits… Especially, like, you don’t know what the future is going to be. So if you’re open now – I know you’re sort of pre-committed to this conversation, and now here on the call, you’re like “For life, I’m going to share my salary.” You’ve laid that down. And in two years from now, something you do could make you super-famous. Maybe that’s cool. Maybe that’s part of like your brand at that point; you’ll just embrace it. And that’s cool. But maybe somebody – like, I’m actually… Jerod knows this, he makes fun of me; I say, absolute things, because I feel so strongly in the moment, and I make like a long-term forever commitment in a way with something I’ll say, and then later on I’m like “Well, my idea run that changed, so now what I said in the past is no longer accurate.” So I try to not be so absolute about things.

My wife and I have a funny thing between us, we always say “Always and every time”, because early in our relationship we would say “You always do this”, or “Every time…” Just these absolute things, that are just totally not true. It’s just our irrational, in-the-moment selves saying things that are not accurate and true about the other person… And then that’s now become like our love language in a way, because we make fun of our old selves, essentially, by saying “You always do this every time”, we always say it back to the just jokingly… But this absolute idea that you’ve done it forever, I wonder how it’ll play out for you long-term, I suppose… Because you’re pretty young… How old are you? Are you willing to share your age?

[laughs] Wouldn’t that be fun if he’s like “I don’t want to share my age…” [laughter]

So you’ve got a lot of years left in your life, right? Keys left for you is pretty big. Probably in the – I would say probably 400 million keys, is my guess for you.

Oh, that’s a lot.

Well, I just did my own keys left, and I know my age, and I just did some division there… So I assume that his is probably double-ish mine… Or at least one third-ish mine.

You’ve got a lot of typing to do.

Yeah, it’s a lot of typing.

But I guess on the topic of regret, and things… So since 2020 I’ve been posting week notes… So every week, on Sunday evening, I write a blog post about what has happened in the week. And I started it just like before COVID, and it was interesting, because certain things changed, and I’m looking back at that… It wasn’t until about six months, a year ago, when I started hearing about some my extended family reading my week notes that I was like “Oh, that’s a bit weird…”

That’s kind of like your diary in a way, right?

But then I was like “Why am I finding this weird?” I have been posting publicly on the internet things about my life… So why do I care that my extended family had been reading it? …let alone someone several countries away, who I’ve never met. And that was like an interesting inflection point of rethinking what sort of things I have been sharing publicly. And so there’s definitely some things that – so I also have a private journal that I do post a bit more stuff into that… And I keep my week notes a little bit lighter on some things, because - yeah, I have a fair few readers. I don’t know exactly how many, but there’s definitely people who have messaged me like “I’ve also watched that film recently.” And I was like “A little bit weird, but…”

So they were in your week notes…

But yeah, also, I’m posting it publicly…

[49:51] Right. It should not be unexpected, because you are literally publishing it for people to read… But yet sometimes it still is unexpected… Especially when you know them. It’s actually a weird disconnect when it comes to strangers and when it comes to people that you know. I get more self-conscious about something that I make, especially if it’s like my work, when somebody that I know or that I care about is going to consume it or judge it, or whatever… But I ship stuff out to thousands of people every day to do the exact same thing, you know? And to me, them judging it is fine. It’s like “Okay, like it or not. Hopefully, you like it.” But if my wife thinks something sucks, I was like “Well, I didn’t make it for you specifically, but… If you don’t like it, that hurts”, you know? And so it’s just weird. It’s like, we disconnect strangers from people that we know. Yeah.

Can we go a personal layer deeper on this one?

For whose person? Jamie?

For you, Jamie? Yes, for you.

Our guests, our friend.

It’s up to him.

Not our friendly, our friend. So you mentioned you have ADHD, and you mentioned that you have the inattentive type… And you mentioned that you have memory challenges. I think it’s mostly in the short-term, not your actual long-term memory. And what I know, because I was the host of a show called Brain Science for a bit, and I’ve studied neuroscience to some degree - not at all a clinical psychologist, nor a doctor of any sort, but just a layman who’s curious… And that this is common for someone that has your diagnosis. It’s called memory breadcrumbs. And so I think you do it – I’m assuming this, I want to hear your response… I think you do it, one, for therapeutic reasons; it’s helpful for you to have this habit, to do this. It’s part of your ritual and routine in life that gives you peace, to sort of put this out there. Then as a technologist, you value the exhaust, the output of that for future, because you can - again, I can vaguely remember I wrote about this, XYZ, and then pull it up, and don’t have to leverage your memory anymore… You can sort of leverage your handicap in a way… And then also, the personal journal is probably super-therapeutic for you. There’s certain things you probably learned over time you can’t involve in these weekly notes… But that this is essentially like your response, kind of like a coping mechanism, or a fight or flight kind of response in a way to your diagnosis, that this is actually memory breadcrumbs for you. This is a way for you, and how it’s helpful for someone like you, to put down what they learn to remember, and I’m just curious how you feel about that. Is that pretty accurate? Have I pegged that?

Yeah, so I’ve never heard the term memory breadcrumbs, so thank you for that. I’m gonna go and search around on that. And yeah, it absolutely sounds like what I’m doing. On the technical side it is - yeah, leaving those breadcrumbs for myself to try and remember what I was doing.

For the week notes, it was more just a “I’ve seen some friends doing this. I wanna see what it’s like”, but it has definitely become this therapeutic thing where every Sunday night is week notes night, and it gives me a chance to reflect on the week. A lot of the time it’s interesting looking back, and I don’t often read my old ones, which is also kind of ephemeral… But I’ll read them while I’m writing them, and then I won’t look at them for years… But something interesting is like looking back and seeing “Okay, so the things that I was most bothered about that week - it was like a technical problem that… Who cares, in the big scheme of things?” Or I’ll do things like I’ll note the different media I’ve watched in the week… And that’s interesting, because I can see every so often “Oh, I’ve actually only watched three things this week.” So I’ve either not really watched a lot of TV, or I binged something a lot. And that’s also interesting to look back on. But yes, to go back to your original question, because ADHD’s sidetracking me… Yes, you did diagnose that fairly well.

[53:52] Do you think it gives you a position of gratitude better? Because I feel like the reason why journaling is helpful is not just in the therapeutic process of espousing your own thoughts, and putting them down on paper, or digital paper, whatever the medium really is… But that it also maybe helps you reflect, like you said, reflect on what happened this week… And you may not go back and read the other ones, but you’re probably taking track each week mentally, “Okay, this week’s different than last week”, or you see progress in the moment as you write it down… Does it give you a chance to sort of have a deeper gratitude for what’s going on? Or does it give you contempt? Like, what does it help you feel better or less about?

So I guess when I said journaling, it’s not like proper journaling… It’s more just like talking about things that have happened in the week. And there’s not always like a lot of reflection… Sometimes it is just “These are the things that happened, and that were of note for me to have remembered during the week to write down…” But yeah, sometimes there are definitely trends, and there’s things like “Oh, I’ve been very busy with work this week. I’ve been trying to deal with a complex problem, and therefore my personal life is maybe a little bit more chaotic.”

I think it was last week, I was at the State of Open Conference in London, and in the lead-up to the conference I spent a lot of time mentally blocks to write my slides for the talk that I was presenting there… And so a lot of my free time was kinda like “Oh, I should really be doing my slides, but I don’t really have the brain power to do it, so I’m just going to do nothing. And I’m not going to do like a load of other life admin, I’m not going to do a load of other personal projects, I’m just gonna not do anything. Because if I had the brain power, I would do that.” So yeah, it does give some reflection on things like that as well.

Are you a big movie fan? Do you watch a lot of movies?

Are you a Christopher Nolan fan by any chance, the director Christopher Nolan?

There’s a movie he had done called Memento. Does this ring a bell to you?

I haven’t seen it. I’ve heard of it.

Okay. Well, I won’t ruin it for you… But it definitely involves memory. And it kind of involves time, because it really – it goes about the plot of the movie differently than any other movie you’ve ever seen before. It’s very groundbreaking in the way it tells the story. But loosely, this person has memory challenges, and loosely, this person uses their own notes to guide them through the next steps. And sometimes these notes aren’t really accurate, because they have memory challenges. So they remember them one way when they write them down for the future selves, these memory breadcrumbs, so to speak… But then in the moment, because they have short-term memory loss, they –

You’re saying too much, man. You’re saying too much.

Well, I’m just giving you some stuff.

[laughs] I’m over here like “Dude, this is one of the best movies of all times.”

Did I give it away too much?

I may not remember it.

That’s very vague, I think. I was pretty vague.

You should just go watch it.

It’s different than ADHD, for sure, but it’s still the idea of memory breadcrumbs, and like leveraging the things you write down to remember the things in the future.

We’re gonna have to blow the spoiler horn before that whole section, though… We’ll remember that.

Do you think so? Gosh… Whatever.

Just in case…

Didn’t try to.

Oh, I know. You were trying not, but you just kept going, I’m like “Uh-oh… He’s starting to get more and more [unintelligible 00:57:11.06]

“Uh-oh… He’s going too far! Pull him back!”

Yeah. Reel it in, reel it in.

It’s a good movie. I would definitely recommend watching it… And I think given this conversation, you will appreciate the movie even more.

And we’ll know about it when we read your week notes.

That’s right.

Like “Adam was wrong. This movie is terrible. I hope he doesn’t read this.”

That’s right. That’s right.

Break: [57:34]

Well, we would be remiss to let you go and not talk about DMD, because this is a tech podcast after all…

Is this a tech podcast?

I don’t know… I mean, in the category in our RSS feed it says Tech, or something. I can’t remember what I actually put… Ostensibly, it is… DMD, dependencies, one of my favorite things; managing dependencies - not one of my favorite things. Dependency management data - a set of tooling for knowing all about your dependencies, right? Querying, researching… Tell us more. Tell us more.

Yeah. So dependency management data, DMD for short - very poorly named.

It’s not the best name, I have to admit.

I now have a T-shirt with it on, so I’m kind of like bought into that now…

You’ve stuck with it? Right.

Yeah. But I like it, because it’s kind of a reflection of my inability to name things well, and think of catchy stuff… But yeah, so dependency management data is a project I was building while I was at Deliveroo… And it was coming up to Hacktoberfest, and I was a big proponent - and still am a big proponent of open source, of giving back… And aside from issues that maintainers have during Hacktoberfest, I’m still very pro “Let’s get some more Deliveroo engineers contributing”, because everyone should be trying to at least contribute to that.

And one of the questions I was asked a number of times was “Well, which project should I contribute to? Because it’s hard to know where to start with open source.” And instead of sending a “Good first issues” list, I was like “Let’s look at the dependencies that Deliveroo has”, and let’s say “Of all of these, these are the ones we use the most. So maybe have a look at these ones.” And Deliveroo is like a very good data-driven organization, s I was like “Okay, I’m gonna get some data to actually show that.”

So I ended up building some very horrible hacky scripts, which would take output from GitHub’s Dependabot graph and it would then parse those and spit it out into an SQLlite database. Over the next few months I realized that actually this is quite a useful thing - being able to have a database of all your dependencies, and being able to query them, and being able to add additional insight is actually really powerful… So I started playing around with EndOfLife.date, which is an API for looking up common end of life or deprecation dates… So for instance, how long is Node.js supported? I don’t think they have any physical hardware… But as lots of programming languages, they are very open to supporting new things… And so I was starting to add this data and realized that this actually shouldn’t be a thing that just sits within Deliveroo. It’s something that I can absolutely see other people getting benefit from. And I was spending a lot of evenings and weekends on the idea anyway, so I started an open source project for this called DMD… And it has just passed its anniversary of its first birthday, so I’ve been spending just over a year… I think one in three days of the last year I have been committing to the project. So I’ve spent a lot of time working on it.

[01:06:16.14] And as well as like being able to just have a list of those dependencies, and being able to say things like “Where are we using TerraForm in the organization?” Or “Which Go HTTP servers are we using, and how many a different team’s using?” You can also do things like looking up OpenSSF scorecard data, to say things like “Of the dependencies, my most critical application in our business support relies on, how many of those do zero code review? And how many of them are just yeeting things into prod?” And it turns out, it’s quite a lot more than you would think.

So having a lot of that data is really useful… And both my time at Deliveroo, and now at Elastic, we’ve been spending a lot of time using that data to make some really interesting decisions, and interesting understandings of our data… Yeah, you can find some very interesting things. And I’ve said interesting about a dozen times there.

It’s very interesting.

So interesting. Yeeting things into prod. I like that. Well on the name - so DMD. DMD is cooler than what it stands for, you know? Dependency Management Data. If somehow you could fit a recursive acronym in there, then that’d be really cool. If you could still maintain the DMD… But, free piece of marketing advice - there is an excellent AC/DC song called TNT.

…which you could repurpose. Because DMD… TNT… You could attach yourself to that. Don’t change the name. Just give it a little bit of excitement, a little bit of explosion. A little bit of hard rock to round out the soft edges. What do you think, Adam?

I think it’s dynamite.

Do you know that song? Yeah, thank you.

[laughs] Sorry about that. I had to bring it in.

I loved it. I loved it. Does it matter what stack you’re using, or anything? Is it agnostic?

Yeah, so that’s a really good question. So first of all, the Changelog’s data is all in there…

Oh, no.

So you can actually go in and have a look.

Oh, can I?

Okay, I like that.

So would you like to see which of your dependencies are end of lifed/deprecated/have security issues?

Absolutely.

Please. Yes.

It’d be very interesting.

We’re shifting left here, don’t you know?

We have to put the brakes on hard. I don’t know about shifting. [laughter] Brake, hard left…

So for instance, in this list, you can see you’ve got a couple of non-standard licenses, which just means that deps.dev the API, or one of the APIs that Dependency Management Data uses couldn’t understand the licensing. We’ve got a few packages that have vulnerabilities… And then you’re also using Go 1.20, which has been end of lifed for seven days… Like, how are you not already on the latest version?

What’s wrong with us…?

[laughs] But yeah, so one of the good choices I made around dependency management data was trying to do as little work as possible. So instead of me trying to understand the different ecosystems, and all the data that they use, and how the different package managers work, I’m outsourcing that to someone else. So the original version used Dependabot, but the data that I was getting from that didn’t include a lot of things that we use at Deliveroo… And we’re just starting to roll out RenovateBot for dependency upgrades… And as part of that, I noticed that Renovate had a) just like a load of support, for a load of different things… But it also spat out a big blob of JSON, which contained all the packages it knows of… So what I’ve done is I’ve added a very small wrapper on top of Renovate, to basically dump out that dependency tree.

[01:10:18.26] So for instance, you can – so another link I’ve just dropped in the Google Doc… So yeah, one of the reasons for using Renovate meant that I could support dozens and dozens of different things out the box, for very little work. So for instance, because Renovate understands Mix, the Elixir dependency management tool, I actually have all the details of all the versions of tools that Changelog is currently using. And from that data, you can then look up things like which version of the OAuth libraries are we using, do any of our dependencies have some pretty poor repository health? …things like that. So out of the box it supports a lot of things, depending on which tools you use to extract it, but then you can also plug it in with things like a software bill of materials, SBOMs… So if you’re using a platform like Snyk, you can export the data from Snyk, you can still leave Snyk managing that, and you can just import that data into DMD. So you still get the visibility, you just don’t have to do the data collection part.

Super-cool, using Simon Willison’s dataset underneath the hood, huh? I’ve seen that on the homepage…

It is very useful. And yeah, user interfaces, user experience, just like design in general, is not my passion… Which a lot of people have seen over the years. So having the dataset project as the database browser was amazing, because I didn’t have to do anything. It’s really useful. And as you’ve seen, you can share URLs with people, and it pre-fills the query… So this is really useful internally, where you want to send it to someone, you want to say “Hey, your service users load of insecure dependencies” - you can just send someone a link, and they can get that, instead of sending them like 300 lines of SQL. And it’s like “Go to this URL, and then paste it in.”

Yeah. Super-cool, man. Have you gotten much pickup? Have you gotten people using it?

So I’ve definitely got three companies who are using it right now, two of which I’ve worked at… So it’s not as fun…

It’s grassroots marketing. Just one job at a time.

Yeah, there’s definitely at least one company who I have not been there to set it all up. So that’s been cool. And I have talked with a number of other people, I’ve been doing some conference talks here and there, so I know there are people trying it out who maybe haven’t told me they’re using that. Yeah, I’m trying to just get more people using that, understanding some interesting things… Because in my opinion, this is better than any of the other offerings that other platforms have. But also this coming from a very specific view, and I don’t have a lot of VC funding, so I can’t do as much as they can.

Do you have any VC funding?

I do not.

Just to be clear…

Right. “Not a lot”, he means none. Well, now you have a grassroots marketing idea… That’s free, by the way. I’m not gonna charge you for that. The TNT AC/DC tie-in is really gonna, I think, take this over the top. [laughter]

That’s brute force, actually, not grassroots.

We’ll see.

There’s opportunity here, right?

I think so.

I mean, could you turn this into a product?

So it’s absolutely something I’m thinking of. For instance, I was listening to Changelog $577, with Nadia, and a lot of things I was like “Oh, this is an interesting idea.” So recently, I have been listening to a number of podcasts around building open source businesses… So there’s the Business of Open Source, with Emily Omier, which is really interesting, around like different companies who’ve tried to do it… And it’s something I’m actively thinking about. I haven’t yet done anything on it, aside from a bit of hacking around with things. Some of it - I think organizations probably want to be in control…

[01:14:08.04] So saying “Hey, attach this GitHub app for this thing that some random developer you’ve never met, and just give them access to your source code for everything.” A lot of organizations probably aren’t going to be up for that. So I’m trying to look at making it easy for self-hosting. For organizations to bring it in, and it kind of just to work. And yeah, so there’s a few options there that I’m looking at around how to make that easier.

Yeah. Well, to be clear, at one point Sourcegraph was just some random developers… And at what point Socket.dev was just some random, well-known developer, Feross Aboukhadijeh, and they both have GitHub apps that is part of the install process. I know that was one thing I talked to Quinn Slack about on Founders Talk, was “How did you get these enterprises to trust you with their data?” He’s like “That was the hard part. That was like the biggest hurdle.” But once they did, it wasn’t that challenging to prove the value. So I think if you can prove that value and prove the trust, then I think it gets a little easier. That’s the true hurdle; the dip, really, for that one. Or a different way around it, really, you know? Well, good luck to you on that… I mean, I want to hear more, for sure, but good luck to you on that. It’s a fun battle, it’s a worthwhile battle.

And it is one of those things that the sorts of use cases it’s unlocked have been, honestly, game-changing for at least me. At Deliveroo one of our platform teams kind of pivoted what they were doing, because they could suddenly do so much more with this data… But they were able to understand, say, which TerraForm modules our team’s using, and at what versions… They were able to easily see. Or they were able to run a fairly straightforward SQL query, because not everyone’s gonna find SQL straightforward. But they were able to write that query with the dataset UI, and just see across the board which teams are doing different things.

And then I’d also ingested things like ownership information… So it would actually say “Oh, and it’s this team that owns that.” Then teams could break it down by different things… Over like the last month or so I’ve written a number of case studies on the website around like different use cases that it has been used for… And it’s things like - we were in the middle of an incident at Deliveroo; it wasn’t like causing any problems, but it was a proactive incident raised… And we’d noticed that there was one of our Docker sidecars for Kafka consumption was susceptible to a race condition. And one option would be to try and just like grep through lots of different codebases and find what was affected, or it was like a seven-line SQL statement that we could just do, because we had all the data there. It’s things like that, that until you have that data, you probably can’t see some of that benefit. But once you have it, and you can start interrogating those sorts of things… And as you say with Sourcegraph, it’s being able to actually think up those sorts of questions when you didn’t have anything there before is difficult. But then you get access to it and you’re like “Oh, actually, yeah… I can now do a load of things that were never available.”

That’s why I think those examples you have, and just like the sample questions are a useful thing… Because you help the person dream, realizing – because otherwise, I’m kind of like “Yeah, I’ve got data on lots of stuff. I kind of know my dependencies”, and there’s tools built into Hex, for instance, that will say what’s outdated. It’s like “Yeah, that’s probably good enough.” But it’s like “Yeah, but can you ask this question? Can you answer this? Do you know this about your–” And all of a sudden you start to think, “Oh, okay…” You open, you broaden the imagination of the potential user. And so I think the more of that you can do, as well as the TNT tie-in, which is gonna be just my groundbreaking… [laughter]

[01:18:05.22] Jerod, give it up, man… It’s becoming not dynamite.

[laughs] I don’t know, that might have been my best [unintelligible 01:18:11.03] yet.

Just kidding. Keep going, man. I’m just razzin’ ya. Yeah, I think it’s like a version of, a subset of what Sourcegraph offers, is answering questions about your codebase.

And you’ve got to have certain queryable knowledge, which isn’t always on everybody’s purview… And there’s a version of this that’s like in the camp of Socket, which is kind of why I mentioned both of them, because they both require to have the user’s trust of their data, and their codebase… Which is obviously part of the battle. But I think your aversion – you’re like a lovechild in a way, but like a smaller lovechild. And I don’t even know the full tool, but it’s a version of maybe a hatechild. Who knows, Jerod…?

I don’t know, man…

I’m going with love, okay…? It’s a version of what both of those tools do, but not to their full circumference, because Sourcegraph has obviously done some really cool stuff with insights, and their dashboard they do with that… Which I think is pretty cool, too… Which is kind of what you’ve done here, in a way, but this is more of a hacker’s version of it, which is command line and whatnot. But I think there’s something here. I would encourage you to pursue what a good next step might be to productize this. Maybe there’s people who are like “You know what, Sourcegraph’s just way too big. I need something that’s simpler.” And maybe there’s people who’s like “You know what, I don’t need the security aspects of Socket, but I like some of the things it does.” Because Socket is all about dependencies, but from a security lens. And even from a “Is this repository active?” and answering certain questions about the repository, the dependency… Has the committers or core team members changed recently? Things like that. That’s kind of what Socket does, in deeper levels, in more alerts and awareness. But that installs as a GitHub app. That’s like one of the most popular ways. I know that because they’re a sponsor. They’re not sponsoring this one here, but they’ve sponsored us before, and we know Feross. That’s how – one of the main ways people interface with Socket, is via the GitHub app.

Yeah, and I guess I’m also trying to avoid going after – like, I don’t want to try and compete with people like Mend, and Snyk, and the big companies doing that sort of thing.

Why not?

Because I think for some of it, it’s – I believe they’re still going to get business.

That’s always true in competition.

So I don’t see it as able to compete for some of the things, and I don’t want it to try and compete for some of the things. Like, say, the security aspect.

For sure.

I think that’s a fairly saturated market, and there are lots of people who have a massive share. But there aren’t many people doing things like “Give me a list of dependencies that haven’t had code review recently. In the last 90 days, how many of those dependencies have yeeted stuff into prod, without any code review?” There’s things like that, that I can add some interesting views on that data, while also giving the ability to add your own stuff into it, while also being able to play nicely with things like SBOMs produced by other tools, so you can use existing platforms.

Yeah. Keep doing it, man. Don’t stop. Even if you have to overlap a little bit. I think there are certain things that obviously like Snyk is just a Goliath in the industry… But at the same time - and I’m not trying to poo-talk by any means… I think what I’ve heard negatively about Snyk is not that they’re bad, but that they report on CVEs. It’s like known vulnerabilities. It’s not predictive, it’s reactive. So I think if you can get – you’re kind of like teetering in the predictive realm, because you’re able to give insights that are not easily foreseen otherwise… Like “Has there been PRs in the last 90 days on X number of my dependencies?” They may not say that you have eight bad dependencies, they may just say “These may be ones that you should question or look into personally, or use other tools that give you more insights beyond this.” Because it’s a smell. You’re identifying code smell, or dependency smell of sorts. There’s definitely something there. Keep going.

[01:22:13.00] I am definitely planning on – I’m not putting it down anytime soon. It’s been – yeah, a massive passion project, and I’m oping to go a lot further with it.

Yeah, I think maybe Jerod might be onto something there with his TNT stuff, you know?

Yes…!

Because you can bring in more iconography and stuff like that around – you know, if you have bad dependencies, that’s a blow-up moment, right? That’s a dynamite situation. It’s a bad thing for your codebase to have said dependencies. So maybe… Maybe you could pivot to TNT, versus DMD. I don’t know.

I’ll have a look at the licensing fees for using TNT as a song.

Well –

Well, there’s always BMC and renditions, you know that, right?

Great artists steal, Jamie. Great artists steal. [laughs]

That’s right. You can always do a rendition of the song. It could be like the song, not the actual song.

It’s an homage, you know? It’s fair use, it’s an homage. And ask for forgiveness, not permission… I mean, that’s the IndieWeb way, isn’t it? I just made that up. [laughter] This message is not vouched for by the indie web.

Yeah. Well, I’m glad we’re friends now, versus friendlies… This is so much cooler than the friendly aspect.

Yeah. It’s been cool, because - yeah, I’ve been listening to you both for years. Although, one thing that is interesting is listening to you at like one time speed… So I usually listen on 1.7 times. So I have actually listened to a couple of podcasts at one time to prepare…

Just so we wouldn’t disappoint you, you know, how slow we are in real life…

Oh, man… Wow. There’s so many people who listen to podcasts at beyond 1x. I just, I have honestly tried several times to just taste the sauce, and see if I like it, which I do not…

Taste the sauce… Are you talking about the speedup sauce?

Yeah. I’m like “Am I missing something?” And maybe I was telling Nick this, actually, because we were hanging out when he was here for THAT Conference recently… Nick Nisi, by the way. And I was like “Maybe your brain operates at a different frequency, a higher frequency than mine does, and so that allows you to listen at a higher speed, because you comprehend slightly faster than I do. Not that we comprehend differently, but that the frequency for which we comprehend is different.” Because I’m an artist myself, and I like the pure nature of the art, so I can’t change the way – like, I’m not watching movies at 1.5. I’m just not going to do it. It just ruins the whole thing. So I just can’t do that with anything else. Whether it’s a book, or a podcast, or anything. I’m gonna listen to it at the director’s intended speed, and as close as I can get to what the director intended, cinematically even, if it’s a film.

[01:25:02.22] If someone says “You’ve got to watch Oppenheimer in the theater for the first time, and then you can watch it anywhere else you want to afterwards”, I’m going to do my best to get to an IMAX theater, with a rockin’ sound system, or I’m just not going to do it at all. I’m a teetotaler in that respect. So that’s my mode. So maybe that’s – you just listen and comprehend at a higher frequency than I do.

I’ve had both experiences, because I listen to our stuff sped up, 1.75 to 2x, just because I’m listening to clip, I’m not listening to enjoy the conversation necessarily… And what’s funny about that is that I clip out of Overcast. And so I’m listening at 1.75x, but when I hit the Clip button, it opens up a brand new little clip widget thing, which does not have this speed applied to it. And so I actually get the fast and the slow version multiple times throughout a single episode. And that’s when we sound really dumb, Adam… Because we’ll be like talking – I’d be like “This is good.” And then I hit the button, and it’s like “Yeeeesss, I knnnoooowww whaaattt I’m taaaalkiiing abooouuuuttt…” I’m like “Man, I’m really slow.”

Ooooppeeenheeeeiimmeeerrr…

So that’s a very strange experience. I would not advise it.

Yeah, back to back speed is probably in – wow, that’s gotta be jarring.

It is jarring. So Jamie, sorry to disappoint you with our regular speeds of our brains…

It’s how we operate.

Hopefully, we didn’t lose your attention too many times throughout this conversation. We do appreciate you hanging out with us, and the work that you’re doing, your radical transparency with your salary… Definitely interesting and helpful for many people. Very cool. Your commitment to syndicating, and your website, your commitment to your website that you have is laudable… And this is a cool project, DMD. Check it out. It sounds like TNT, so you know it’s cool… And what else? Anything else before you say goodbye to our friends?

No, yeah, thanks very much for having me. It’s been really fun. It’s been nice to speak.

Shout-out to the multiple people who’ve requested to have Jamie on the show throughout the years. Most recently, it was Dan Moore…

That’s right, Dan Moore.

…who was a recent guest. And didn’t you – you pointed us to Dan, didn’t you?

I did.

Okay, did you guys cut a deal? Have you cut a deal? [laughter]

No, he messaged me after, being like –

“Listen… I request you, you request me…”

He’s not the first one though. Somebody else used the request form and submitted you a little while back… And so it was percolating. The timing was percolating. I had multiple requests, plus obviously known your work for many years. I thought, “Yeah, it’s time. Time to get him on the show.”

I think the issue with that one request though was they were recommending the TNT project he was working on, and it was incorrect, and we couldn’t find it.

Right.

It was actually DMD.

Exactly.

So… We couldn’t find you.

You need a redirect on that sucker.

That’s right. TNT.dev. Check it out.

Oh, that’d be cool.

Can you get that?

[laughs] We’re over here renaming his project…

He’s like, “I don’t even like the name. I’m just being polite.”

He’s like “I’ve got a T-shirt already, guys. I’m not renaming it. I’ve got a T-shirt.” [laughter]

I’m checking it for you real quick. Let’s close this loop at least, and then we’ll let everybody go. Check domain. Tnt.dev is already taken.

Ah… It’s a crying shame.

How about a different one?

No, that was the only chance we had.

That was it. Now he can’t do it. Alright… Goodbye, friends.

Bye, friends.

Bye, friends.

Changelog

Our transcripts are open source on GitHub. Improvements are welcome. 💚

Player art
  0:00 / 0:00