Paul Vixie: I think that that problem would be avoided. Earlier I talked about how in the early days of the web we didn’t have crypto that was fast enough to support – the crypto hardware fast enough to support HTTPS, and so we just sort of didn’t do it… Until you needed it, and then you bought some hardware to assist you with that. And nowadays, I’m thinking about a number of different NIC vendors who make PCIe x16 cards that you can stick into your server, that will do a lot of the offloading for you. Check sum computation, segmentation, reassembly, and so forth.

[00:42:05.27] Now, if you need to operate at 100 gigabits a second, or coming now soon 400 gigabits per second, if your CPU has got other things to do than shoulder every octet through the bus, then you can get a very smart NIC, and driver support for it, and - you know, as we all know, Moore’s Law will continue giving us its annual gift, and the time will come when you don’t need that hardware anymore, and you’re just doing that with your CPU, because you have so many cores, so much cache, and so forth.

So I think any protocol, in order to succeed at all, would have to be the kind of thing – it’d be very difficult in the short term. But in the long run, it’ll just be the way everything works. And so I don’t see that hardware support is going to be called for in any of this. What will be called for is some hard decisions. I mentioned earlier that fragmentation kind of doesn’t work, and it got worse on IPv6. It worked a little bit in IPv4. It doesn’t work at all now. And packet size [unintelligible 00:43:14.10] on our WiFi is Ethernet cells. [unintelligible 00:43:18.20] And that is 1500 octets. And I knew one of the people whose name was on the Ethernet patent. He was my mentor at a mini computer company back in the late ‘80s. His name is David Boggs. And I had an opportunity to listen to him talk about the old bits, talk about being at Xerox and inventing Ethernet, and [unintelligible 00:43:45.20] And so I’m in a position to know secondhand that the intent was the packet size would continue to grow, so that as we got faster at networking, we would also get larger packets. And he was genius in a lot of ways, in this and every day, but his idea about this was every time the clock rate gets you 10x, in other words you go from 10 megabit to 100, to 1000, to a gigabit, or I guess a gigabit to 10 gigs, and so forth - every time you get 10x o’clock, you should probably give about a third of that to packet size, so that the number of packets in a given unit time doesn’t also go 10x. Your packet count and your packet size each go about a square root of 10 [unintelligible 00:44:39.00] And had we been doing that all this time, a lot of things would be simple, that are currently very hard. We certainly wouldn’t hear that fragmentation didn’t work if the packets we could send had gotten larger over time. But they didn’t. And the reason they didn’t is that the Ethernet market relies on backward compatibility. When somebody adds 10 gigabit networking to their office network, they don’t make everybody switch at once. They just say “New ports will be 10 gigs, but the old ones will still be one gig, and we’re going to run a network bridge, a layer two bridge to connect the old one to the new one.” And that won’t work if the packet sizes on the new ones are so big they can’t be bridged backward to the one that made the market exist in the first place.

So Ethernet is effectively trapped at 1500 octets for all time to come. Yes, a lot of us have turned on what we call jumbograms, so 9100 bytes, which turns out to be a very convenient size [unintelligible 00:45:44.00] So if you’re running jumbograms, your NFS is going to be faster, your [unintelligible 00:45:53.15] is going to be faster… Everything you do is gonna be faster. You just can’t use that when talking to people outside your own house, or your own campus. Because there’s no way to discover whether your ISP can carry packets that big, or will at the far end.

[00:46:11.03] So because we don’t have that, because we didn’t do what Boggs inevitably thought was the intelligent obvious thing that everybody should do, give one third of your [unintelligible 00:46:20.29] to packet size, anything we do with DNS in the future is going to have to take that into account. And that in turn means we’ll be making the assumption “Well, I guess we could probably send about 1,400 bytes plus room for all the headers and stuff that was added”, and now we’ve gotta find a way to connect several adjacent packets together, so that we can do essentially application-level fragmentation. Or else we’ve got to deal with the handshake overhead. So I predict, knowing the IETF culture as I do, if we start now, then within no more than four years we will come to an agreement on that sinful issue.

Adam Stacoviak: It was OSCON. That’s right. We met in 2017 way back there, and I got his card. I took a picture of it recently and I shared it with him… Like, “Did I get your card from like so many years ago?” It’s just cool how things work out. Anyways… I even asked him like “You know what - we’ve gotta get jack on Founders Talk at some point. Let’s make that happen.” And obviously, Jack is an A-list type, if you want to A, B, C-list folks, which I don’t necessarily do, but just to give… Jack is a major player in tech, from Twitter, to Square, to now Block, and cryptocurrency, and decentralized thinking… Like, he’s a big thinker, and the moves he often makes are larger moves, with large waves. And so Jack Dorsey - sat down with him for the main stage at Square Unboxed, because my friends at Square helped make that happen. He’s like, “Hey, you know what? We can make a fireside chat happen at Square Unboxed.”

And so we took that conversation knowing that that was meant to be for Square Unboxed, but also for Founders Talk… So this is like three layers later. Then it also appeared on the Changelog, which is where this list goes from, right? And got even more listens. I mean, it was great, so that’s one of my favorites; just as a bucket list kind of thing. Like, it was a great conversation… I didn’t get to ask Jack every single thing I wanted to, because it was kind of bridled, in the fact that it was meant for the main stage of Square Unboxed, so it had its guardrails, so to speak, of the direction of topic. If Jack is listening, or anybody else from Square Block, I want to get him back on Founders Talk, so we’ll have a different conversation, a deeper conversation… Although the conversation did open up with his hacker heart, which I think was super-interesting.

[01:10:03.18] Just because, you know, when you get to that level, you often get removed from the code, and get often removed from the things that matter. Maybe he shouldn’t be writing production code, but at the same time, he still tinkers with Rust, and fun things around crypto wallets and whatnot, hardware wallets, and fun things like that. So that was one of my favorites, just because - Jack Dorsey.

Ron Evans: So crossing this barrier between – you know, a lot of people look at hardware and think, “Oh, I could never do that.” Well, the funny part is if you talk to electrical engineers, they say “Oh, software - yeah, it’s really hard.” [laughs] And I’ve seen this a bunch of times with lego-first robotics teams, which is a fantastic high school robotics program that’s been going on for a number of years. A bunch of people from NASA and a lot of other people are involved in it.

I noticed the teams would kind of bifurcate. They’d have the hardware people and the software people, and the hardware people would be assembling the robots, and the software people would be like, “Hey, can you hurry up, so I can write some code?” And a lot of the work that we want to try to do is to make it so that it’s easier for people to get started and to realize hardware development is very much like software development - nobody starts from scratch; you copy and paste your way in. It’s just a different set of tooling.

[32:05] If you were designing a circuit from scratch, it is the equivalent in hardware of writing your own crypto algorithm in software. You probably shouldn’t be doing it. And if you should, you already know. So our approach is really quite the opposite, to make it as easy as possible. Even the simplest things that you take for granted are things that the novice does not know. So you can’t make assumptions, because even those assumptions are barriers for people to do things with them.

The Internet of Things as a term is not one that I’m especially fond of… The term ‘hacker’, it’s been adopted by popular culture - like the term ‘drone’, for that matter - so I have to go along with it, but it’s a very, very powerful set of technologies to instrument the real world. So who’s going to be the beneficiaries of that instrumentation?

Well, if it’s a traditional closed source, siloed sort of world, it’s not going to be the people who are being instrumented. So if we want – you know, very much like Douglas Rushkoff’s Program or Be Programmed, well the stakes just went up by several orders of magnitude, because now you literally can’t hide, because the whole world is being instrumented. So what are we gonna do about this? Well, we’re software developers; we’re gonna program our way out of it. And how are we gonna do that? Well, open source - that is our set of philosophies, which are then of course represented by an enormous set of code that - depending on the licensing and such - you can draw upon for different purposes.

We’ve tried to make it possible with Gobot for developers to actually use Gobot to build commercial things and sell them, because open source is not about a bunch of companies just not having to pay for things. That doesn’t work. That’s how maintainers get burnt out, feel taken advantage of, become resentful, retire from the work that they’ve done, and we’re all at a collective loss.

We’re very lucky at Hybrid Group because we get to do a lot of open source development that we’re paid to do.

Jacob Hoffman-Andrews: Yeah, you’re definitely right, it’s a lot of work. I’ll go through a bunch of the stuff, and I should clarify a lot of this is not done by me. There’s a whole team that spent a lot of work doing this.

To be a certificate authority doesn’t mean much. You could become a certificate authority today. You can create a CA certificate on your own machine and issue your own certs, but nobody would trust them. If you loaded that on a web page, people would get a warning when they reached it. So you need your root CA certificate to be in trust stores. That’s in operating systems, or browsers, or things like Java; on Linux there’s usually a package called CA Certificates that ships down a bunch of these trust anchors.

[\00:24:10.08\] The problem is even if you were to convince all of those (we call them) root programs - the programs that manage who gets to be a CA and who doesn’t - even if you convince them all simultaneously to let you in today, there’s all the older software that doesn’t yet trust your root CA certificate. The usual way around this is what’s called cross-signing. You get somebody who’s already a CA to sign your root CA certificate or an intermediate, and essentially vouch for you and say “This organization knows how to safely issue certificates and based on our existing presence in these root stores, certificates from them should be trusted.” That’s step one - finding somebody to cross-sign for you.

Let’s Encrypt was very lucky to find IdenTrust, who was willing to cross-sign for us. Even if you are running an operating system that was built years before Let’s Encrypt existed, your browser will still load Let’s Encrypt certificates successfully because of that cross-signature. Now, in order to get that cross signature, you have to meet a certain number of requirements and pass a certain number of audits.

First, obviously, you have to generate your keys and your certs; you wanna generate those keys in an HSM (Hardware Security Module). The whole point of a hardware security module is to store crypto keys in a way such that even if somebody hacked you to bits, they still wouldn’t be able to make off with the keys; they might be able to trick your HSM into signing something incorrectly, but they wouldn’t be able to go make a copy of your private key.

So once you’ve generated those certs safely and written down all the steps you took – or rather, first you write down the steps you’re gonna take, then you follow them all on what’s called a “key ceremony”. You do it all on video, and you have auditors check that you did it all [unintelligible 00:26:20.26]

Adam Stacoviak: Obviously, we left out Spiral from the deeper conversation. We touched on the open source nature of it, the Bitcoin wallet, the hardware to mine, all that stuff… But it began at Square Crypto. And obviously, I did some research in terms of where it began, for this, and you had said “What’s the biggest thing we could do for the Bitcoin community?” and one of your co-partners, Mike, had said “Hire five open source developers and just let them do fun stuff.” Can you talk about the inception of Square Crypto and how that’s evolved in Spiral and what you’re doing there?

Adam Stacoviak: Obviously, we left out Spiral from the deeper conversation. We touched on the open source nature of it, the Bitcoin wallet, the hardware to mine, all that stuff… But it began at Square Crypto. And obviously, I did some research in terms of where it began, for this, and you had said "What's the biggest thing we could do for the Bitcoin community?" and one of your co-partners, Mike, had said "Hire five open source developers and just let them do fun stuff." Can you talk about the inception of Square Crypto and how that's evolved in Spiral and what you're doing there?

Evan Weaver: And we were kind of surprised… There were a few other companies that set out to solve this same problem around the same time, in particular Cockroach and Yugabyte. But they also found – a different technology than us, but they also found the market wasn’t really ready for this kind of interface model. But their solution was to fall back and build another SQL database. And that’s fine, I guess; there’s 30 cloud PostgreSQL things you can use, and it’s hard to differentiate among them… But if you can carve out a niche, you can make a business there.

We didn’t wanna replicate those old interfaces; we really wanted to build an interface which was for where the world was headed, where the new stack was being built; for people who were building this dynamic edge and mobile and SPA browser applications…

[48:11] In particular, we fit well with blockchain and crypto stuff. There’s no commitment to SQL in that world. People are looking for the newer, better language, the newer interaction model, and these kinds of things. It’s easy to adopt Fauna if you already use GraphQL in your organization in particular, because we offer a native GraphQL interface.

I think one mistake people sometimes make is they’re like, “Well, how do I migrate my existing Postgres cluster to Fauna?” You can if you really want, but it’s not what we’re really designed to be. We’re designed for new workloads and for augmenting the existing systems. So if you have a big Postgres cluster, whether it’s in the cloud or whatever, leave it alone. That’s okay. If it works, great. But maybe you don’t wanna continue investing in it, you don’t wanna run the risk of altering tables, you don’t wanna deal with provisioning more hardware for new use cases and that kind of thing. Use GraphQL in a federated system, like Apollo, to augment that with Fauna, and put your new data, your new applications, your new product features in the new stack, and let the old stuff alone. That’s more the Fauna model.

Anthony Eden: Cryptocurrency has become normalized now, right? Crypto is normal.

Anurag Goel: Exactly. Anyway, slight tangent… So yeah, so not having any of those emails, and having a work email makes sense. But we also have a lot of people using Render for specific things while working at large companies. We have people who have signed up with Meta.com, and we have Alibaba.com, and all these other… Even Amazon and Google… These are paying customers. People have signed up with their work email, who are not actually running a large thing from Google or Amazon on Render. It doesn’t make sense to do that. But they’re using – so these might be like data scientists, who want to run something in Python and they just can’t get the support they need from their DevOps teams. And this is very common in large companies, where you have enterprises where their main application is handled by the DevOps team, but then people want to build other things, whether it’s data scientists, or sales engineers… Even marketing engineers, they want to do stuff that they want to put out in the world, they want it to have a URL that other people can access, and they just don’t get the support that they need from DevOps, because DevOps couldn’t be bothered, and they’re a bottleneck, because they have all these other needs that they need to fulfill from the main application. So we get a lot of people like that.

But fundamentally, the people who we’re most excited about today are early-stage startups, because Render is a great fit for them. When you’re a startup, you want to move fast, and you want reliability, and Render gives you both of those things.

And then the second sort of serious customer segment is what we call tech-enabled businesses. So tech-enabled businesses are those where the core competency isn’t actually software. What they’re doing is something like they’re building a mortgage CRM, or they’re a law firm and they need technology to achieve a specific goal. Or they are in some cases also like a crypto company that needs something specific, and they need to host it online. But they’re not in the business of hiring DevOps engineers. They might not even be able to hire DevOps engineers. And so they are very, very happy with what Render and products like Render provide.

And then I think we’re increasingly seeing what I was talking about earlier, where there are these teams within larger companies that end up using Render because it gives them the same speed of iteration, velocity. We also just launched things like SSO, and SCIM…