Feross Aboukhadijeh: Yeah, especially in a CLI, especially in dev tools. So that’s why vulnerabilities are good to get rid of, but it’s not the end of the world. In fact, you probably have multiple known vulnerabilities that you’re ignoring right now in your project, and just hoping to get to later, right? Whereas if you have even a single supply chain attack in your Node Modules folder, you’re gonna have a very bad day if that happens. You’re gonna have cryptocurrency miners running on your computer, you’re gonna have your environment variables being sent off to some random server to an attacker, you’re gonna have passwords being harvested from different apps on your computer, you’re gonna have your files being deleted… These are all attacks we’ve seen in the last few months, that are real supply chain attacks that have happened.

So this is kind of a different threat, because it’s so much more drastic; what happens is so much worse. And it’s also a thing where you don’t really have much time to react to it. So when a package is compromised, if you install it at any point after it’s been compromised, and before it’s been caught and removed from the npm registry, then you’re owned. It’s bad; you have to clean up your servers, you have to probably redo your whole computer and assume everything on it has been tainted… It’s not a good place to be.

So you don’t wanna have a very reactive approach, where you’re kind of like waiting for these reports to be written and get added to some database, and then check that database. That’s just too slow of a process. You’ll need something that actually can look at the code and figure out “What is this code doing? What is its behavior gonna actually be?” and to warn you if that behavior has changed in some way that’s really suspicious or indicates that it might be a compromise in some way, and then warn you before you run it; before you install it and before you run it on your laptop or on your production servers.

So that’s the difference. Socket looks for that, and it needs to therefore have a proactive approach. That’s very different from existing tools.

Justin Searls: But beyond a certain point, cognitively, we can only carry around so many in our heads. Like, if I’m talking to James about this and he doesn’t even remember writing that thing… Like, what we’ve seen when you take that to the extreme in npm is how critical security audits have become… Because all it takes is like a domain name expiring, or somebody coming along and buying a package from somebody else, and then like secretly injecting a cryptocurrency miner, or a keylogger or something… Taken to its extreme, what you’re really doing is you’re creating a chain of trust with a whole bunch of strangers. And you’ve got to be mindful of the fact that if you’re effectively opening yourself up to everyone, you could never hope to audit at all. Hopefully, GitHub Copilot will be security-scanning everything and it’ll catch most of the stuff. I would still never feel comfortable if I didn’t feel like I could get my arms around it, and look at every single one of my dependencies and have some idea of who maintained it, and what it was, and what it did.

Liz Rice: [58:13] Yeah. And then on the security side - so Falco was probably the first security project, certainly in the CNCF, that was using eBPF. This project from my former colleagues at Aqua called Tracy… And then in Cilium we have a sort of Cilian family, we have a sub project called Tetragon, which is allowing you to create low-level security primitives almost in Yaml form, and apply them to your Kubernetes cluster. And you can do really cool things with Tetragon. I get a bit overexcited about this, because if your kernel is modern enough, you can not just detect that something is potentially malicious behavior, a process is opening the wrong file, or connecting to a cryptocurrency miner, or whatever malicious thing that you’ve detected - you can kill that process synchronously from within the kernel. And what that means is the process gets killed - to me it’s not like you have to go and tell somebody and then eventually your process gets killed… It’s happening right there and then, and it stops the attack before it happens… Which is super-fun to demo. I love it.

Jerod Santo: Or inject your cryptocurrency miner and harvest the world… [laughs]

Preethi Kasireddy: Yeah, sure. That’s a great question. I’ll be honest, one of the things that I’m always excited by are problems that are not figured out, and blockchain is definitely one of them in the sense that there is this amazing technology that got created, but the actual applications and use cases have yet to be created, and there’s so much room for creativity and innovation. I’d say that’s one of the main reasons why I’m so attracted to this industry… Because I naturally have the entrepreneurial spirit, I wanna solve unsolved problems, and that’s one of the reasons why I’m gravitating to it. But at a more fundamental level, I think the technology itself is super interesting.

I think earlier you were saying how blockchain is interesting as a digital currency… I’d go a little bit further than that and say I actually don’t get excited by digital currency per se, because digital currency is just one application of the blockchain. There’s so many other applications that I think have potential that haven’t been created yet, and I’m more excited about those applications. In my opinion, it’s really hard for the current currency system in any nation – for example, take the U.S. For cryptocurrency or digital currency to replace fiat currency, that would take a lot. The government has a really tight control over the monetary policy and I just don’t see what benefits digital currencies provide today that would make people switch over, that would make the government friendly to this, and so forth… Because in the end, what digital currency is - it’s completely decentralized, completely open, completely censorship-resistant, which is not something any government really wants.

So for me, I’m more excited by what else blockchain enables. At a fundamental level, blockchain is a decentralized technology where it’s maintaining a ledger of transactions or basically state changes, and the state changes are cryptographically secure because they are maintained by something called the consensus process. This consensus process in Bitcoin or Ethereum is called proof of work, where a bunch of miners are there and they run a bunch of complex computations to validate these transactions, and they get paid for validating this blockchain. So the entire chain is decentralized, it’s trustless, because there’s no need to trust any central party to maintain this database or this ledger, and then it’s completely censorship-resistant because you can’t have really any central authority trying to censor it… And it’s completely secure, because it’s cryptographically secure. So with those primitives you can do just so much on top, and that’s kind of what I’m excited by.

Jerod Santo: [00:19:40.06] Right. And sometimes the other strategy - I can rationalize the other strategy, which is like, “I don’t know, let’s just ask for as much as we – we might need it eventually anyways. Just ask for more. And that way we don’t have to come back and re-ask later if we decide we need this thing…” And so, especially certain people who are data miners, they’re like “We may need – just collect all the data. We may need it in the future.” That’s easy to sell that in a meeting, I think.

Tim Banks: What do you think powered the first Bitcoin miners for old servers? People’s old desktops that [unintelligible 00:43:01.17] stuff like that. The notion of buying it means that when I’m done with it, I can sell it and get some of that money back. Is there a secondary market for it? Absolutely. There’s already a burgeoning secondary market for buying older or used GPUs, and servers, and stuff like that. “Perfect. Let me make some money off of this.” That’s going to be far more economical than giving the money to AWS, because I’m never going to see that again. You know what I’m saying? This is the difference between investing – this is the difference between “I’m going to do this thing as an investment and I’m going to get some money back on it”, versus just giving it away to somebody else. But this is not a day one decision. Day one decision is growth, and it makes perfect sense to be in whatever cloud environments can allow you to grow, right?

Justin Garrison: And miners meaning that people in the caves, not young children. [laughs] Just to clarify, as this is an audio podcast.

Samuel Goff: So a couple of things. First of all, when it comes to blockchain, specifically Bitcoin and others that are based on proof of work, not proof of stake, I have a real issue with… Because the energy intensity of the computation is so high that you could power multiple countries now. Right? And so what’s happening is a lot of dirty energy sources such as natural gas, coal, oil, things that, where increasingly, it is economically unsustainable, because grid-powered solar and wind have completely leapfrogged them in terms of cost efficiency. If you’re building brand new energy sources right now, by far, you can build anywhere from six to nine times more grid-scale, solar or wind, compared to nuclear, which is the second cheapest, or third cheapest, I should say… But everything else is more expensive by comparison. But the problem is, you go to an oilfield where they have these toxic gases, and they set fire to those toxic gases as a way of making it safe. Well, that’s wasted energy.

So what’s happening here in Texas is a bunch of Bitcoin miners set up in the oil fields, and they’ve harvested that heat energy, what would normally be just waste heat. And that becomes an additional revenue stream for those oil extractors, those oil companies. And so it basically takes what was a dying revenue model, a dying, industry, and it breathes new life into it, and it slows down our adoption of renewables. And it takes – basically, it vastly increases our risk of transforming our environment to a place where it’s going to kill people to go outside, whether it’s due to the extreme heat and humidity, or the extreme cold, because the natural conveyor belt that used to exist has kind of collapsed, or it’s sometimes collapsing.

Jerod Santo: Yeah, especially somebody like yourself, who is so much about zero to one; that’s what that free allows people to do, is get to one, and then pay from there. And so yeah, I was with you. I was definitely kind of like “Hm… That’s sad, but I get it. I understand.” I just saw an article yesterday, I think, that GitHub Actions is suffering the same fate… Because you get a certain amount of hours every month, or something, and the crypto miners are the spammers, or I don’t know what they’re doing, but they’re, of course, abusing that platform.

Jack Dorsey: Yeah, that’s by design. Again, giving back to the community. We’ll compete on our build quality, we’ll compete on our experience, we’ll compete on services like security. We wanted to find that lane and then stick to it, but everything else should be usable by everyone. And that I think is the opportunity, is we wanna open as much as possible. And again, we don’t know what we don’t know, and the more open you are, and the less constraint you have on what can be built, the more surprising and unexpectedly great things can happen. And that benefits the whole ecosystem.

[26:10] This goes back – in the seller case, certainly everything built by developers on the platform benefits sellers and benefits Square and Block. In the Bitcoin world, in the Bitcoin miners space, if someone just takes a design, takes the code and builds their own thing - it benefits the Bitcoin ecosystem. It doesn’t benefit Block directly, but over time, because the Bitcoin ecosystem is stronger and better, then Block is stronger and better. So that’s just the mindset. This platform that we’re discussing today started it all.

Jack Dorsey: Yeah, that's by design. Again, giving back to the community. We'll compete on our build quality, we'll compete on our experience, we'll compete on services like security. We wanted to find that lane and then stick to it, but everything else should be usable by everyone. And that I think is the opportunity, is we wanna open as much as possible. And again, we don't know what we don't know, and the more open you are, and the less constraint you have on what can be built, the more surprising and unexpectedly great things can happen. And that benefits the whole ecosystem.

[28:22] This goes back – in the seller case, certainly everything built by developers on the platform benefits sellers and benefits Square and Block. In the Bitcoin world, in the Bitcoin miners space, if someone just takes a design, takes the code and builds their own thing - it benefits the Bitcoin ecosystem. It doesn't benefit Block directly, but over time, because the Bitcoin ecosystem is stronger and better, then Block is stronger and better. So that's just the mindset. This platform that we're discussing today started it all.

Feross Aboukhadijeh: I’ll just second what Tobie said… I think we’ve been super-lucky with the types of attacks that we’ve seen so far. It could be much worse than what we saw in this particular attack. I think we’re starting to see these kinds of supply chain attacks happen on a much more regular basis. It’s sort of picked up in 2021, and it hasn’t really let go since. I see a headline about something like this every two weeks, it seems like; sometimes even more frequently. And if you look at the kind of packages that are being affected, they’re all these pretty headline-grabbing numbers in terms of downloads.

So the two packages in this incident were faker.js, which has ten million downloads a month, and color.js, which has one hundred million downloads a month. But we’ve also seen attacks against UAParser.js and COA, as well as RC… And all of those packages had at least 30 million downloads a month each. When malware makes it into one of these packages, through whatever mechanism - you know, in this case it happened to be the maintainer themselves who added the malware. In the case of the three I just mentioned, UAParser.js, COA and RC - those ones were actually a third-party who got access to the modules and added malware to them.

In all these cases I feel like the attacks have been pretty naive and caught pretty quickly. We’re not really looking at super-sophisticated actors here. In the case of faker and color it was very obvious that something had happened, because the packages were outputting gibberish code, infinite loops, sort of outputting the Unicode text – it was very obvious that something had happened to the package.

And then in the case of the three I mentioned earlier - all of those were pretty obvious as well. There were crypto miners added to the modules, so when you updated, your CPU usage would just go straight to 100% and it would be mining crypto for the attacker. So this isn’t like a super-sophisticated thing; it gets caught within a couple of days. Someone notices, the malware gets removed from npm, and then we write a bunch of new stories about it and people talk about it.

There have been hints at much more scary attacks. If you go back to 2018 with event-stream. The event-stream incident was much more sophisticated. A bit of obfuscated code added to one of Dominic Tarr’s packages when he gave up the package to another maintainer to take over after he was done working on it… And in that case, that was an attack that targeted one very specific company. And it was a no-op for everybody else. And so that went undetected for much longer. I just think it’s interesting that we haven’t seen anything that sophisticated since 2018, which makes me think either people just have forgotten that those things exist, or maybe we’re just not finding them, which is the much scarier thought.

Juan Andrés Guerrero-Saade: Yeah, of course. A lot of the malware on the web, the crypto miners, and even landing pages - JavaScript is really useful. When you think about an attack chain, if somebody’s gonna use an exploit or they’re using something very specialized, they actually really need to know a lot about you before they can use that. Like, I need to know what Mat’s computer is running, what browser, what sort of software stack I’m dealing with before I can try and kind of fancy exploitation. And JavaScript tends to be the go-to, first stage, like “Let’s land here. Maybe we don’t even serve you anything, but we take a moment to profile your system”, and the next step will be giving you something very specialized. So JavaScript tends to fuel a lot of the early stages of malware ops.

Mikeal Rogers: It’s a whole ecosystem. There’s a bunch of other blockchains as well, there’s chains that are very compatible, versus ones that have some difficulty with compatibility… It’s important here to separate what is a technical limitation because we just haven’t figured out what to do yet, but there’s an incentive to fix it, versus issues that are actual incentive problems. The players in this industry don’t want to do this, so it’s not going to happen. There have been things floated to do in Bitcoin that would be good for the people that use Bitcoin, but maybe not good for the miners… So that stuff in Bitcoin is probably not gonna happen, and may happen in some of these other chains that are being created.

Transaction fees - there’s nobody who wants all the transaction fees to be super-high, actually. The business model here is to mine new tokens, and the utility of those tokens is somewhat affected by how difficult they are to transact… So there’s a real incentive to try and get that down over time, rather than up, because that’s just not where you’re making money; nobody is making money on that. They wanna get it down.

The same thing with the power consumption. Nobody wants to pay extra power bills. Everybody’s trying to get the power consumption down. It’s just literally a technical problem that we’re iterating towards.

And Flow, for instance, like we just talked about, and NEAR Protocol for that matter - they already use proof of stake, and use way less power, and they have much lower transaction fees. Not because of that… Because of other reasons, mostly.

Anyway, if you look at the ecosystem as a whole, you don’t really have a transaction fee problem because you have all these other chains that you can use that have very low transaction fees… And if an asset gets to a certain price, you can actually move it to Ethereum. And not every protocol has worked out exactly what this is, but one of the really popular things right now is called Polygon; it’s the sidechains that are Ethereum-compatible, which means that they look more or less like Ethereum. And so if you ever want to transfer an asset from there to Ethereum, you can.

So there you can create assets for sub-penny, do all these transactions, and if some of them get to be like a million dollars and you really wanna put them in the more secure, stable, broadcasted network, you can then move them to Ethereum and pay that transaction fee. And I think the way to look at this evolving is that the way that you have to scale it is through more decentralization, not more centralization. So the solution is not to get everything into Ethereum and make Ethereum so good that it has sub-penny transaction fees, and is doing a billion ops a second, or something; that’s not realistic. It’s fine to just have these sidechains and to have the assets move around.

Protocol Labs, Juan Benet who started the company - he’s always had a lot of vision about how this stuff works in the future and about this protocol interop, and we’ve been working on standards and protocols that are just open source, open protocols that we implement. A lot of people, I think, for a long time, thought that we were over-engineering. They tended to be like “Oh, why don’t you just do your own custom thing, like we’re doing over in this chain?” And we were like, “Because it’s not about your chain, it’s about the compatibility between the things”, right?

Suju Rajan: I don’t think it’ll ever go away, but let’s not call us data miners…

Mat Ryer: I wonder if we’re gonna end up in a situation like with Bitcoin miners, where we’ve got all these machines that are just spending all the time crunching through, fuzzing stuff… [laughter] When we’ve got Fuzzcoin.

Jerod Santo: Oh, yeah… The miners.

Joel Grus: Right. Originally, I studied math and economics. This was a long time ago, well before data science was a thing… So what I did and what a lot of people with math backgrounds do is I went into quantitative finance - options pricing, financial risk, things like that. And I discovered I didn’t like it very much.

[04:10] I was working at a hedge fund, and it went out of business and I got laid off, and I was lucky enough - this was 2006 - to get hooked up with a startup called Farecast, which was online travel site doing basically price predictions on airfares. They’d use machine learning, and you’d say “I wanna fly from Seattle to Los Angeles on these dates”, and it would tell you “The best price is $300 on Alaska, and we predict the prices going up, so you should buy now” or “We predict the prices going down, so you should wait.”

They were doing a lot of machine learning before putting machine learning in consumer products was [unintelligible 00:04:43.02] popular. I was not doing machine learning, I was doing BI, writing SQL queries, building spreadsheets, things like that… But as time went on, I started getting a little bit into the machine learning side of things, a little bit into the Python scripting side of things, and just started to grow my skills in that area and learn by osmosis from some of the data miners, as we call them.

By the time it was 2011 or so and data science was just starting to become a thing, I said “That’s like what I’ve been doing, but better, and now there’s a name for it.” So I went on to become a scientist, and I sort of pushed myself in that direction, managed to talk my way into a data science job, and spent three years basically running data science at a startup called VoloMetrix. While I was at VoloMetrix I ended up writing a fair amount of production code, for better or for worse, because that was a startup doing analytics on enterprise collaboration data, so the data science kind of was the product. That meant that the data scientists ended up writing a lot of production code. And I found out that I really liked it. I liked building things. That was a lot of fun for me, so I wanted to look for opportunities to really grow out that skillset.

I had the opportunity to interview at Google, so I sort of crammed for a while, teaching myself all the computer science that I should have learned but never did, because I didn’t study computer science… I somehow passed the interview, I went to Google for a couple years and really kind of leveled up in terms of software engineering, writing code, building things. But after a couple years there I sort of felt like I wasn’t excited about the projects I was working on; building tools to help ad salespeople sell more ads, or writing back-end services in C++ to replace spreadsheets… Things like that.

I had the opportunity to interview at AI2, which is a research non-profit doing fundamental AI research, and I decided to move over here. I’ve worked on a couple different projects here; the first one was called Aristo, which is basically teaching computers to pass science exams… And now I work on a team called Allen NLP, which does fundamental NLP research, as well as we build a library called Allen NLP, which is a deep learning library for doing NLP research. So most of my job is working on building that library, supporting people using that library, adding features, adding models, fixing bugs, doing tutorials, giving talks, and so on and so forth.

Jerod Santo: I guess the other elephant in the room, Todd, for justifications - and you addressed this to us in the break, but please, for the audience sake, because I know that we probably have a fair amount of Bitcoin miners listening… So I think that is the other thing that has people putting their pinky up to their mouth…

Gavin Wood: [45:45] Nobody made a specific decision other than the miners themselves. Some of the miners just decided one way or another. Other miners, particularly the pools, actually put it out to a vote. They said to their members, “Which way would you like us to mine? Which flag would you like us to set?”, and the pool members would have voted one way or the other. I think one of the pools actually voted against the fork, so they voted to keep the exploit in place. But I think ultimately actually the pool decided to override them anyway, when it was clear that everybody else was going with the other.

Adam Stacoviak: Mineral water that gives you a physical and a digital uptick.

Kendall Miller: Yeah, it should just be compute and data. Okay, so a concrete example - a friend of mine… Just this morning in the CTO Lunches community, a friend of mine works at a very large, very regulated industry, and he’s a VP at this big company. And he’s arguing that their company can’t use any AI products, and it’s super-frustrating. I think just today Shopify tweeted something like “It should be a reflex to use AI. And that is the absolute standard for all of our engineers at this point.” So this friend who’s a VP is like “Well, how do I get to that when I’m in a company where I can’t use any of it?”

So there are some solutions that have come out that address it from his perspective. I’m going to start there and I’m going to come back to the infrastructure bit. But from his perspective, the things are “Who’s putting what, where?” And when you have a company like his, that’s big and super-well-regulated, and everything’s blocked, you know what people do? They pull out their phone and they type something into ChatGPT. So now they’re putting data that they shouldn’t be putting into the big public models that are probably – they’ve got the free version, so the big public models are training off them, so that’s the worst possible outcome.

So there’s a company, an old coworker of mine’s, one of the early engineers, that’s called SurePath AI. I don’t know if you’ve heard of this, but SurePath AI sits in between almost like a proxy for a big company like this, so that every single thing that goes to, say, ChatGPT, they can stop and say “Oh, that has PII in it.” And they redact it, so ChatGPT doesn’t even get it. So when you say “Hey, ChatGPT, who is Jerod from the Changelog?”, it’s going to say “Hey, you said, [unintelligible 00:50:48.04] name from the Changelog. Did you mean to give me a name? It seems more like a placeholder.” Like, that’s going to be the actual response from ChatGPT, because they’re going to intercept that.

Jerod Santo: That reminds me - here’s a pro tip that’s old, but maybe people haven’t heard it… Which is whenever you’re writing a Bash script, or you’re – if you’re not vibe-coding it; if you’re actually writing it yourself. Use the long form of the arguments in all of your commands. You know, there’s always a short form and a long form… And so the long form would be –file=, And the short form is -d, you know? And we get so used to the short forms, because it’s faster. It’s easy for one liners. But if you’re actually writing a script that you’re going to come back to later, it’s self-documenting to use the long form every time.

And so I use the long form in scripts. I’m fine with short form for your one liners and your command history… But force yourself to use that long form, because it’s so much easier to understand, especially if it’s like FFmpeg stuff. I mean, so many different flags, that mean so many different things. And you can come back and be like “Oh, I know what –file means.” Whereas -f, does it mean format? Does it mean file? Who knows? And now you’re in the man page. So… Rando, but you just inspired me to say that. I think there was an old Changelog post about that. Wasn’t there, Adam? Way back in the day.

Adam Stacoviak: Mine’s sooner… March 17th.

Ashley Jeffs: Yeah, it’s very counter to mine, I think, because mine’s very fumbly and clumsy, and I just kind of accidentally ended up where I am… Whereas his was very up and coming.

Jeff Smith: So let me do two things. I’ll take you through the use case. And so I’m now cherry-picking certain data points, and addressing it… But, I mean, the short answer on your question is it depends on your baseline, repeated listening, tilt your mood in a direction, based on certain behaviors you’re doing. So I would say short answer is it depends. And I can kind of walk you through how it works, and then it’ll be fun to get your response on it. And then of course - I mean, that can go into the AI, and what… Let’s start high level.

Music, like AI, artificial intelligence, it’s limited inputs, exponential outputs. If you look at music, there are 12 notes. You’ve got seven letters, you’ve got major/minors, but in the end, you’ve got 12 notes, and that gives you everything from Mozart to Megadeth.

Then you look at music behavior. People on average, like I said, listen to so much music. But then how they’re doing it, when they’re listening to it, their playlist, the repeat, and everything else. And so all that data is there, and we’ve built the engine to capture that, and then AI to analyze, interpret, decode for wellbeing.

And if you look at – I guess on the AI side, you’ve got the traditional to discern the mood of the user from the acoustic features (a lot of what I described from the songs) and then generative to customize messaging, and so what that output is. But if you look at an experience inside of a company, a use case - so you’re an employee at a company, you get an email from HR “Hey, we’ve partner with these rock and rollers of corporate wellness. We care about your personal wellness journey. Opt in with your Spotify, Apple, YouTube, get free perks along the way. Learn more about yourself. All data’s anonymized. We’re looking for trends on how to better serve you, your job and your wellness.”

And so like I said before, we wanted to tap into their current music listening, not create another app they had to download, but it’s just say “Hey, this is the behavior. This is how you’re listening to -” I think say Gregorian chants, and what’s going on in the background.

And so what happens is when that user opts in, there are two paths. One’s for the organization end. The data is anonymized, clustered… They’re looking for trends. This way, an executive/leadership team can look at dashboards, report outs, company-level, department, division, down to team. You don’t want to get to the individual to avoid any liability of selection. “Hey, Johnny [unintelligible 00:26:48.13] was listening to Kid Rock and he got fired.” You want to avoid the one-to-one. But they want a better solution for insights that are one to many. And then you have bespoke recommendations for how to actually intervene or serve those teams.

On the individual side, they’re offering more intel about their emotional buoyancy. After a few weeks, they get a weekly email, encouraging them to check out their E-score. So think of a WHOOP band for mental health. Your sleep score. What does that data point on you? What does it say about you? Because your interaction with music is unique. And they love that, because it’s a data point in their life and wellbeing.

And then we throw in that little added perk, because we do want them to feel seen and heard. “Hey, it looks like you’re feeling a little melancholic this week. Here’s [unintelligible 00:27:31.27] your favorite coffee spot.” How do you actually take that data, not only to be self-aware, but given tools for self-regulation, and everything.

And so when you look at that model, it’s very personal, yet anonymized on the organization side. And so we’ve always had that tension to make sure we have a strong firewall. But then as we work with them and as they listen more and more, it just get smarter, smarter, smarter. It’s fascinating.

[27:59] So to answer your question, I personally don’t know, if you were listening to Taylor Swift this afternoon and then the Wiggles in the morning, how you’re feeling. But I can tell you by running through Chrp for a few weeks, you will see a mirror of your emotion, which is fascinating.

Jerod Santo: So those are legit numbers then. I am on wireless here, and so I think mine’s capped by my wireless network card.