The Stack Overflow Podcast

Warning signs that hot startup hiring engineers might not last

Episode Summary

Ben and Cassidy compare notes on, the rapid collapse of, and why rigorous adherence to personal security protocols can make the FBI suspicious.

Episode Notes

Cassidy is co-organizing Devs for Ukraine, a free online engineering conference from April 25-26 to raise funds in support of Ukraine. Register today and donate if you can. is a hub for live TV, on-demand streaming content, and your own media library. 

Read the full story of Fast’s speedy shutdown.

Following the ultimate personal security checklist will protect your digital security and privacy—but it might also raise eyebrows at the FBI.

Today’s tech recs: Ben recommends TENS therapy, an electrical alternative to acupuncture (it’s tech, technically). Cassidy recommends Covatar for unique, personalized digital art like NFT avatars.

Today’s Lifeboat badge goes to user Joseph Silber for their answer to What’s a regex that matches all numbers except 1, 2 and 25?.

Episode Transcription

Cassidy Williams Different people will have different shows. One friend of mine collected DVDs for the longest time, tons and tons of years of DVDs. And nowadays it's very hard to find someone with a DVD player, so he put all of them in his Plex library, and so if he ever wants to share a movie with me I can watch it on Plex and that's the way we do it. And you can also put home movies on there and Plex even has its own live TV channels that I've tuned into on occasion. It's just nice to have and have so many options. And I like the aggregation of services, it does feel like we're kind of reinventing cable where just everything is all in one package.

[intro music plays]

Ben Popper Visit to register for an exclusive webinar on preparing your workforce to adapt to emerging cyber threats. Explore the multi-pronged approach they take at Skillsoft on Tuesday, April 19th, 2022 at 2:00 PM Eastern. Register at today. 

BP Hello, everybody. Welcome back to the Stack Overflow Podcast, a place to talk all things software and technology. I am your host, Ben Popper, Director of Content here at Stack Overflow, joined as I often am by my co-host Cassidy Williams. Hi Cassidy. 

CW Hello. Glad to be here. 

BP Cassidy is the Head of Developer Experience and Education at, which is a very cool company, especially in this day and age as so many companies are going remote and distributed. Speaking of international affairs, Cassidy, you are preparing a very cool project. I know you want to shout it out, so let's plug it. What are you doing and what's it all about? 

CW Yeah. So myself and Sara Vieira, we were talking and decided to put together a conference to benefit Ukraine amongst all the troubles that are happening over there with the Russian attacks. And so we honestly whipped this up in a couple weeks and it was great and she built the website and I basically wrote the blog posts and edited code here and there. And we got some people at Remote to help us and we made this event, and we've got some really awesome speakers. You can find people from the core team of React, from Vue. We've got back end tracks and front end tracks and we're trying to raise money that'll all go directly to NGOs in Ukraine that are going to be helping people get out and get the aid that they need. It's very exciting, in the first 24 hours that we announced it, we passed our goal of 15K donated, and so we increased the goal. And so if you want to check it out, it's a free conference and it's at 

BP Very cool. Yes, regardless of your politics, I think we can all agree, war is a terrible thing and it's great when help goes to people who need it, people whose lives have been dislocated or disrupted by the conflict. So that's pretty awesome. We will put it in the show notes and folks can check it out. When is it happening? 

CW It's happening at the end of April. So April 25th and 26th. 

BP Okay. I have some fun news that kind of ties back to a few things we've talked about before. GitHub can now autoblock commits containing API keys and auth tokens. So this is kind of on this larger trend that we've been talking about of to what degree do developers trust GitHub or NPM to take care of them? To what degree should they trust them, and to what degree should those platforms take some of the responsibility out of your hands? So, in your mind, how does something like this work and is this a win-win?

CW Yeah, I think this is something where I'm sure that they're doing all kinds of cool engineering under the hood for detecting what those kinds of keys look like, and I'm sure there's plenty of AI figuring out what a key might look like. But the fact that you can stop that from happening, I'm sure many developers are just like, "Well, you just don't commit keys. How would you do that?" I think many people have accidentally committed a key at least once in their life. So this is going to be great just for security in general for everybody. 

BP Yeah. When I was at DJI, we had some back and forth about a bug bounty program. It's all in public, so feel free to talk about it. And it involved some API keys and other things that should not have been left in a public AWS bucket, and that's another one that I think happens a lot. This is not for everybody, obviously. If you're just a basic user, it's not going to apply to you. It's for folks who are in like a GitHub enterprise cloud. You know, your company has opted in and it's scanning all your code, well now it can do these extra things for you. So yeah, we're moving on here in the news. Another thing that we wanted to touch on, I thought this was kind of fun. Obviously, it's not fun that they had to lay off some folks, but it's a big beautiful Airtable that their fellow co-workers and technologists put together. And instead of like a 'So sorry to see you go' blog, it's just a, "Hey, you can hire all of these people," and they've each got their own little card and their resume and everything like that. 

CW That's great. I was really surprised to see Fast shut down. It's a pun. It felt fast how fast Fast shut down, which is hard to say, because they were such a VC sweetheart for a little while, and I know some people who had worked there, had left there and stuff, so I'm not utterly shocked, but I'm definitely like, "Oh dang, that was quite the turnaround there."

BP I do think as a former sort of like business technology venture reporter, the tide is kind of going out. There was years sort of leading up to the pandemic where just the valuations got kind of bananas. There were a few like the WeWorks of the world, but then during the pandemic they got even more bananas. There were like billion dollar companies being minted left and right, and now there's been sort of a reversion to the mean where a lot of folks are not willing to give funding for that next private round at that eye-watering valuation unless you've got a pretty sustainable business model. It's no longer just, "Well, if you've got growth, here you go, blank check," kind of thing. That's the thing I think software engineers kind of get caught up in, I mean, some software engineers start their own companies or are very business savvy, but a lot of times you go to work for a company during a sort of a moment of hype or a moment of exuberance, and then there's the dot com bubble or there's kind of what's happening now, and that's unfortunate when that happens to people. 

CW It's wild to see. Some companies raise so fast and then some take a lot longer. For example, Remote, where I work, we announced our Series C today, and it's very exciting that we announced it, and I'm excited about that, can't complain. But it feels fast, and it's something where we had raised a Series B middle of last year. They're only two and a half-ish years old, they're not a very old company, so it was kind of a quick turnaround. Meanwhile, a company that I worked for a while ago, oh gosh, seven years ago, they just raised a Series C and they're a lot older than where Remote is, but they're at about the same level now funding-wise. And so there's no rhyme or reason to it, it feels like it's much more of an art than a science, depending on the company and what they do and what they bring. 

BP Well you had said I think on an earlier episode, that Remote went from 30 people to 900 people as employees, right? 

CW Fast, yeah.

BP And so then obviously if you're trying to fill demand, if the demand is there, you're hiring employees, well then, obviously after a year, that's 30 times the employees you had before, you need to be able to sustain that burn rate. Stack Overflow was kind of the opposite. I mean, they ended up going to like a Series E or something like that, but it took 12, 13 years to get there. And now we're in this crazy position, which I appreciate, of being owned by a public company that has a lot of money, but not being like a public company where the share price goes up and down and you stress out about that. 

CW Right. It doesn't affect your compensation regularly. 

BP Yeah, exactly. And like once a year, if we do well, our little company will be reevaluated and that's always good for employees and folks who worked hard. But it's not as stressful as, "Oh, everyone's decided tech stocks are bad and now all this house shopping I did is no longer relevant."

CW Yeah, which is actually happening with a lot of people I know. 

BP Yeah, it's hard not to get ahead of yourself and hard not to get excited. People in this world of software are extremely well compensated, and you say, "Well, I've got this stock option plan and it's clear that I'll be getting X amount of money over the next three years," and I'll go to the bank and they'll say, "We'll lend you money for a house based on this amount of money." But then if the stock price gets cut in half, all of the sudden the calculus on that loan can change. Okay, last one on the news side and then we'll jump into the topic of the day, Are you a user or know anyone who's a user? I know some people swear by Plex. 

CW I love Plex. I use Plex a lot.

BP Oh, okay. So I thought this was interesting. They want to be the super hub where all of your streaming services are connected to it, and I just go in and search once, it gives me universal search. This is something I do need. I have an Apple TV, it does okay with it, but I could certainly see it could be better. And then obviously the joy of Plex is, mix that with an offline or a personal library of stuff you own that isn't on streaming. This came up the other day. My son wanted to watch Clone Wars, an animated show that was only ever on Cartoon Network, and for whatever reason is owned by like Paramount and six other companies and so will never be on streaming. So I had to go find him a bunch of bootlegs on YouTube, but I could have also bought the DVD and then I could put it on Plex and then we could watch it whenever we want. So how do you use it? What do you get out of it? 

CW Honestly it's kind of similar, where a friend of mine, I have actually a few friends with Plex servers and I just kind of cling to all of them, where different people will have different shows. One friend of mine collected DVDs for the longest time, tons and tons of years of DVDs. And nowadays it's very hard to find someone with a DVD player, and so he put all of them in his Plex library, and so if he ever wants to share a movie with me, I can watch it on Plex and that's the way we do it. You can also put home movies on there, and Plex even has its own live TV channels that I've tuned into on occasion. It's just nice to have and have so many options. And I like the aggregation of services, it does feel like we're kind of reinventing cable where just everything is all in one package. 

BP You don't have to flip through channels to find what you want to watch, it's so annoying. 

CW Yeah, ugh, gosh! But I am excited for it because I tend to hop between apps where if it's something that I have on like Netflix, but I was watching Hulu earlier and then I wanted to watch Plex for this or something for that, Plex doing this and consolidating everything reminds me of the services like Movies Anywhere. Have you seen those ones? It's basically instead of subscriptions, it's movies that you own digital copies of, and it can combine like Fandango and Vudu and all of these other platforms, Amazon and stuff, where you can put it all in one place. And I have one of those accounts where I admit I don't own as many movies, but I have a few, and so it's nice to have them all in one hub connected into one place. Plex doing that, I like it. It makes my life a bit easier. 

BP Yeah, there used to be these awesome workarounds. I can't remember the name of the company, we'll have to look it up. But it was right around the time when Netflix was getting ready to do streaming and people still got DVDs in the mail, where they bought all the DVDs and then you could stream it from anywhere, and it was okay because they were renting it to you and then playing it. Like, physically the disc would have to start spinning somewhere and then they can stream it to you. It was this really funny piracy workaround. I think the other thing, obviously, if anything gets posted on Hacker News, the thread has to be negative. But a lot of people there were sort of saying the hilarious thing about Plex now is that it does in many cases require a cloud login and if you don't have internet, then you're not going to be able to access your local files. So folks were pointing out another one called Jellyfin. So developers have already moved on to the more pure version of Plex. 

CW Yeah, Plex does have like a pro premium account thing where if you do want offline access, you can get it, but you have to own the media. And so if I wanted to see my friend’s DVDs, for example, I'm not able to see those because I have a pro account, but if it were on my own server you can use that.

BP Very cool. All right, let us switch over to the topic of the day. I think this one, I'll just run you through it real quick and we'll sort of take a temperature check. And then maybe when we have more folks on the show we can dive a little deeper. But this was a security list, it takes you in some pretty deep directions across what you're doing, what you've got installed, how you do software, how you do hardware. But I thought it was kind of interesting as like a gut check. So, use a strong password. I'm going to say, yes, I do that, and sometimes I just use the auto-generated one. But when I use the auto-generated one that's like from Apple or Chrome, then I am using a browser to save my passwords, which is not safe. So I can't have it both ways there. That was the first sign that I'm not doing it right. Sign up for breach alerts. No way, man. Update my passwords periodically. Only if the system is forcing me to. Don't use a four digit pin. Well, sometimes people ask me to make a four digit pin. Should I just say no? What do people do? Avoid face unlock. Oh, that's an advanced category. I don't know, looking at this, I felt I'm not really keeping myself that safe. 

CW I do a few of these. I use a password manager and generate strong passwords and I try to rotate them somewhat regularly. I recently rotated passwords and forgot to connect my email accounts after that and lost like a month worth of emails, so I'm not great at it. But I do think that this is a generally good list of all the things that we should be doing. I feel like there's no way to be perfectly secure with anything, but you can just try to be as secure as you can be. I was just talking with parents and family members and stuff recently about what two factor authentication means and how you can do it. Because they had a neighbor that recently someone hacked into their bank account, and because they didn't have two factor auth, it was just a password, and it was a shared family password. There's a lot of things that you can do that will stop most things from going completely wrong. 

BP Yeah. 2FA is the best. 

CW Yeah. Two factor auth, you should do it. Something that I actually learned recently related to this that blew my mind, someone I know is working a lot with Word files recently and kind of hacking Word documents, which is a very specific thing to work on. But they learned a lot about how the encryption of Word documents work, and it's very secure. So much so that he got on a call and was ranting to me and saying, "If you put all of your passwords in a Word doc and made it an encrypted, secure, password-protected Word doc, that's just as good as something like 1Password, because of how secure it is. And I thought that was fascinating as he was talking about how it works under the hood.

BP Cool. Yeah, I bet it is because they probably have a ton of government contracts that go to a pretty high level, and they want those people to use Microsoft Word and Excel for their clandestine, top secret-tier-level-only information. 

CW Office 365 for the government. 

BP The one I love here was to understand your browser fingerprint. Because to me, this is always the one where no matter what you do, it's like the battle of nature and evolution. It's like there's the move and the counter move, the measure and the counter measure. Like, do everything you can to stop people from knowing who you are, use all this different stuff. But if you use the same device and the same browser in the same time zone every day, the data brokers will get you. They'll figure out who you are. They'll start targeting you with ads for shoes. I don't want to be like changing my phone out, you know? Or like rotating my device. I can't commit to that. But I don't know. 

CW I saw this thing, and I can't tell you where the article is from, it was definitely like an anecdotal thing. But there was this person and she was saying, okay, I'm going to follow, it wasn't this security checklist, but it was a security checklist. And she followed it to the extreme where she only browsed on VPNs and rotated VPN stuff. She only used privacy respecting browsers and only used search engines that were very private and stuff. And basically, went sort of off the grid while still being able to use the internet and stuff by using everything completely privately. And she ended up being contacted by the FBI because they were just like, "Who are you? And what are you doing?" Because she was so secure that it was suspicious. 

BP Right, right. Exactly. That's so funny. Yeah, you're trying everything you can to mask yourself and that just makes you– 

CW Suspicious, suddenly?

BP Exactly. So suspicious. All right. Well, yeah, I will share the link in the show notes if you want to leave a comment or send us an email, let us know how you scored. We'll do a little bit more of this when we have some more hosts on because I think this is a pretty interesting checklist, and it makes me realize that some of this stuff, like you said, is second nature for me because of my age. Whereas it's not for like my parents' generation and I wonder if people who are younger than us, some of this stuff is even more second nature.

[music plays]

BP All right. Let's jump to a lifeboat and a few tech recs and we are out of here. All right. Awarded yesterday to Joseph Silber, "What's a regex that matches all numbers except 1, 2 and 25?" That one seems more like a puzzle, but I will include it in the show notes if you want to do a little brain teaser. My tech rec of the week, it is called the TENS, not really sure what that stands for. It is a little box and you plug it in and then you put little patches on you and it stimulates your muscles with electricity. 

CW I just saw that recently, too. It seems interesting. 

BP It's kind of like acupuncture. What acupuncture does is increase blood flow to a certain place. So if you don't want to do acupuncture at home, because that seems kind of dangerous, you put it on some muscles that are sore, achy, or whatever, and it basically just stimulates them. That gets blood flowing through, blood flowing through clears out old stuff, inflammation, and brings in healthy stuff. So yeah, it's been really nice for my back and shoulders and I will include a link. It's technology, okay?

CW Yeah, sure. My recommendation is a service called Covatar, and it's something that's pretty neat. What it is is you sign up and request an avatar for yourself, and they will have an artist draw something for you, like a real human will draw an avatar of you. And you can request changes and stuff up to a certain point. And then you can use that avatar on various websites and stuff, and they have different versions of it where they can make graphics and comics for you. It's a really nice little service and I got one for myself and it's a good drawing, I'll totally use it. And I've already changed my profile picture on a few things to that. It's nice if you don't want to use a photo of yourself.

BP I love marketplaces that help creative people get paid. Do you go in here and pick an aesthetic like a genre? Or how do you decide that?

CW Yeah. You can choose a few different art styles that you prefer, and then they'll match you with an artist that does that art style.

BP Nice. 

CW Yeah. And they can do like various apparel and masks and things like that too. 

BP Yes, I see now. The anime version of myself coming soon. Excellent. All right, everybody. Thank you for listening, we appreciate it. I am Ben Popper. I'm the Director of Content here at Stack Overflow. You can always find me on Twitter @BenPopper. You can always email us, with questions or suggestions. And if you like the show, leave us a rating and a review on the podcast platform of your choice. It really helps.

CW I'm Cassidy Williams, Head of Developer Experience and Education at Remote. You can find me @Cassidoo on most things.

BP All right, everybody. Thanks for listening, and we will talk to you soon.

CW Bye!

[outro music plays]