Hunting bugs and tech startups with Python

00:00 What's it like building a startup with Python and going through a tech accelerator?

00:03 Well, you're about to find out. On this episode, you'll meet Alyssa Shevinsky from Faster Than Light.

00:09 They're building a static code analysis as a service business for Python and other code bases.

00:14 We touch on a bunch of fun topics, including static code analysis, entrepreneurship,

00:18 and tech accelerators. This is Talk Python to Me, episode 228, recorded August 7th, 2019.

00:25 Welcome to Talk Python to Me, a weekly podcast on Python, the language, the libraries, the ecosystem,

00:43 and the personalities. This is your host, Michael Kennedy. Follow me on Twitter, where I'm @mkennedy.

00:48 Keep up with the show and listen to past episodes at talkpython.fm, and follow the show on Twitter

00:53 via at Talk Python. This episode is brought to you by the podcast Command Line Heroes from Red Hat

00:59 and Linode. Please check out what they're offering during their segments. It really helps support the

01:03 show. Alyssa, welcome to Talk Python to Me. It's great to be here. It's really great to have you

01:08 here. I'm excited to talk about all the stuff that you're doing. There's so many different angles and

01:14 aspects of what you got going on. I think it's going to be interesting for everyone. We're talking about

01:19 going through a tech accelerator, starting a software business, building on top of open source,

01:25 starting working with Python as a core way to build a business, things like this, and some others as

01:31 well. So a lot we have to talk about together. These are some of my favorite topics. So hopefully,

01:37 it'll be a good conversation. I'm sure that it will. So let's start it off by just getting your

01:41 background. How'd you get into programming in Python? How'd you get here? I got into programming

01:45 basically like my first day of college. I took an introduction to the web. It was like computer

01:52 science 105. This was 1997. So just to set the perspective for people, right? Like the web came

01:59 out in like 93 as a proper browser, right? Like it was really that's like years, a couple years into it,

02:05 right? Oh, yeah. I don't want to say nobody, but it was extremely unusual to be doing the kind of tech

02:12 stuff that I was doing. And I loved it. But I didn't become a programmer at that point in my life. I just,

02:19 I got introduced to it. I thought it was cool. I had this, like really warm and wonderful computer

02:26 science professor and these friends who are computer programmers, and just kind of had this mental note

02:31 that if I ever wanted to go into programming, like they would have me and it was geeky and it was fun.

02:37 And over the next few years, I just kept being friends with all these developers. And then I got

02:43 this job. And I wasn't thinking too hard about it. Just my friends are at this startup called Everyday

02:48 Health. And I joined and for the first year, I worked with the founders to set up the customer service

02:54 infrastructure. And then I wanted to go back home to New York. And I got promoted to the tech team,

03:00 kind of like as an accident. There's this moment where they needed someone to do QA.

03:05 And I was just around. It was like for New Year's Eve and like Christmas when no one wanted to work.

03:10 And I was good at it. Then they like threw me on the tech team. And there I was suddenly,

03:16 you know, shipping new software every three months. And I just fell in love with it. It was just,

03:21 I'm still in love with it. Like there's a short list of things that I love. And making software is

03:26 really like one of the, I can think of very few things I love more. And I got into Python specifically

03:32 once I started doing talks. And I just looked around and pretty much applied to any open call

03:39 for papers. And I fell into PyCon Canada. And it was like, whoa, these people, they're warm and wonderful.

03:47 And this conference is like really deep and interesting and covers a lot of ground. And that just became

03:55 my home in all of these ways. And I went and I did like every Python conference that would have me.

04:01 And I had this talk on the history of women and computer science that also included like all the

04:07 contributions that women and non-binary people made in Python. And like all these events really wanted

04:14 that talk. So I kind of went on this worldwide tour going to Australia and London and all over giving

04:20 this talk on Python community.

04:23 That sounds so fun to be able to dive into that. And I totally know what you're saying. I had the

04:28 same feeling with PyCon and the community and just like, wow, this place is special, you know?

04:32 It really, really is. I mean, I could go on and on about how and why I love Python and the Python

04:39 community, which I guess is appropriate for this show. But Python is a really good learning language.

04:45 Like there's so much that's great about Python. And I saw myself as someone who was still in some ways,

04:53 like a beginner as a developer, you know, and like very sophisticated in some of these other aspects.

04:59 Like I have all this deep security knowledge and I know a lot about the process of shipping software.

05:03 But I like that I could go to a Python event and kind of follow along with the talks there and like make

05:09 a really meaningful contribution. And I still like that Python, that it's a good first language for

05:15 people. I like being part of a community where you can tell beginners, oh, come here first.

05:20 Yeah. You know, what's really interesting? And I do agree with that for sure. I met so many people who

05:25 were hesitant to go to events like that. And then they're like, well, I'm not really a developer

05:31 enough to come to that. I'm not like a super pro. I've only been doing this for a few years or it's

05:35 not my main thing. I'm mostly a doctor or whatever. And they're all just, you know, this is amazing.

05:40 I'm so glad I decided to get over that and come. I think that's really wonderful. But, you know,

05:46 also there are a bunch of people who it's not just a beginning language for them, right? It's like a

05:50 professional language they've been working with for a long time. And what I think is special about Python

05:54 is you can be effective with Python with only a partial understanding of it, right? Like you,

06:01 if you don't know what a class is, right? If you don't know what a class is, a generator,

06:05 a meta class, a database, you can still write scripts. You don't even know what a function is

06:10 in terms of creating them and you could still use it. But at the same time, you can grow all the way

06:15 into building Instagram or YouTube or, you know, you name it, right? And so I think that that's really

06:21 special about it.

06:22 Yeah. It's a very powerful language. We are using Python at our company at Faster Than Light.

06:27 and our CTO is, you know, a very senior Python developer, but it gives me a little bit of a

06:34 lens into what you could do if you were junior. And we certainly see a lot of projects where people,

06:39 you know, like it's a high impact language across the board for lots of people.

06:43 I think it's definitely special. There's a lot of languages that are great for building pro apps. There's a lot of good beginner languages, but there's not many that do

06:49 both. And I think that's a lot of, a lot of what makes that special and why it makes sense for

06:53 beginners to come and yet still have like this full rich ecosystem that we do, which is, which is great.

06:59 So let's talk about what you do day to day. You're doing some pretty exciting stuff right now.

07:05 Yeah. I think what I do is a mix of these like really, really dull, not glamorous things. Like

07:13 I'll sit and I'll do taxes and accounting and like build a leads list. So like I'm in an Excel

07:20 spreadsheet, just like putting in names and emails and LinkedIn because for whatever reason, I want to

07:26 connect with, with those folks for the business. And then just the most glamorous stuff. So we're part

07:33 of the Techstars London accelerator now, and I meet the most remarkable people, you know, so I have

07:38 introductions pending to like the chief executive officers at, you know, really large, like banks

07:44 and corporates. We just met the CTO from Ikea. I guess for me, that's glamorous, right? Glamorous is

07:50 like, I met this really cool developer. It's geek glamorous and geek famous, which I think is pretty awesome.

07:58 Yeah. I've also traveled all over the world, which I think meets a lot of people's definitions of

08:03 glamour. It's interesting because how many people think of, I'm going to go learn software development,

08:09 which is often from the outside perceived as like, those are the people that kind of go into the dark

08:14 room and no one talks to them. And they're kind of, you know, it's kind of a solitary thing. And the

08:19 result is like all this glamorous travel and all these experiences that a lot of people who thought they

08:24 had a glamorous job maybe are not actually getting out of it, right? Like, I think there's

08:28 a lot of interesting stuff. I had similar stuff. I, you know, traveled all over the world teaching classes and,

08:33 you know, got to hang out in amazing places. And I'm like, wow, how did, you know, writing code get me here?

08:39 But it does. And it's great.

08:40 Yeah, I think that says a lot about just how powerful it is to be able to make software these days, because

08:47 you can take it in either direction. And so if you really want to just stay home and work on interesting

08:54 projects on your own terms, writing Python code is a really good way to do that. And when I think about

09:00 a lot of developers, I know, that's exactly what they do. And if I wanted to do that, I could.

09:05 And then there's also this other side of it where if you want to travel the world, software development,

09:12 and specifically Python, like, is a great avenue for that. I just think it's so exciting. It's a very good

09:18 time to be a nerd. Yeah, that's definitely a true statement. So you said that you do some very

09:25 incredible stuff that's traveling around, but also all a lot of boring things. Being CEO of Faster Than

09:31 Light, like, you know, I can definitely relate to some of the stuff you're talking about, you know,

09:36 running Talk Python and the training business, and all that. There's a lot of meetings with business

09:43 partners, I definitely do a lot of accounting and taxes. And the one of the things I think that stands

09:49 out really big, that I think a lot of people are not initially prepared for is marketing. And that

09:57 kind of stuff, you know, like, how do you go from working in QA to understanding what you need to do

10:06 around marketing? Because to me, like, building a software business, it, it's interesting, technically,

10:12 it's challenging, technically, but those are kind of table stakes. And then you've got to get users and

10:18 break through the noise and get people to care. So how did you get those skills? Because yeah,

10:23 they're not really taught in any computer area.

10:26 that happened over a very long period of time. So like 2004, I'm a QA analyst. And then 2008,

10:35 I tried to do some just like digital marketing consulting. And I started to learn a few things

10:43 there. And I did okay. I had some like small businesses, a guy who was selling sneakers on the

10:48 internet, and I like, managed his AdWords and social media. So you know, I started small and worked my way

10:55 up. And really, I've just been hustling so hard, like learning new skills and leveling up over the

11:02 last 10 years, where in 2011, I tried to do my first startup. And that didn't really go because

11:09 people didn't have a lot of confidence in me. And I there was a lot I still had to learn. Back to like

11:15 2013 2014, I'm starting to learn a little bit more. And I've gotten some press attention.

11:20 There's this process where I learned, like how you talk to the press and how you get noticed.

11:25 Yeah, where initially, I've never been able to figure that out. That's very tricky.

11:29 Oh, I'm happy to talk about that. It's probably out of scope for this.

11:33 Yeah, probably. Maybe.

11:33 That was one of the first things I learned. So want to like, you have to do or be something

11:40 interesting, and then figure out how to tell the story to the press in a way that reflects the

11:46 message you want to share. And then the big thing I learned was that in order to really break out,

11:51 you either need a big audience, or you need someone with a big audience sharing things.

11:55 I had all this envy from the founders who I saw who got traction and things went viral. And I just

12:02 studied that a little bit obsessively to figure out like, how do I become or do that? Because

12:08 I loved making software, but you it's not enough to make the software people have to use it.

12:12 And then I kind of figured out how to be the person who has an audience. I'm not the person with the

12:18 biggest audience. But you know, 13,000 people on Twitter, I can get attention in the press,

12:23 there's different things that I learned how to do. But that was, I guess, the TLDR there is that was

12:29 over 10 years of like, really studying it and trying things and eventually, like building up credibility

12:36 and building up an audience up to the moment where people come to me now. And they're like,

12:40 hey, I've got a job posting. Like, oh, cool. Like, I can be helpful there. Like that. That's

12:47 not to remind myself of like what it used to be like, when I didn't have that. So I appreciate

12:52 where we are.

12:53 Yeah, absolutely agree that that's a huge part of the hidden success story of a lot of these types

13:00 of things is there's that initial audience that care to this initial group. Obviously, that is part

13:07 of my story with the podcast and whatnot I'm doing there. But you know, more mainstream examples would

13:13 be like 37 Signals and Basecamp, right?

13:17 Oh, I love them.

13:18 Yeah, I do too. And even like, almost Ruby on Rails, like, as a thing itself, right?

13:23 Those guys did a ton of writing. They had a huge blog following. And I feel like

13:28 their products are really good. But there's a ton of, you know, project management products.

13:32 I think that their writing and their blogs and their philosophy actually was a big secret to their success.

13:38 I don't know.

13:39 I'm happy to hear that. I think about that all the time. So I've been going through what they call

13:45 mentor madness at Techstars London. That's a process where from nine o'clock until around one o'clock,

13:53 we meet with all these mentors from Techstars. And it's like pretty wonderful. And they're all there

13:58 to be helpful. But they also all ask questions about the businesses. They're trying to figure out

14:02 which startups they want to work with the most. And it's good for us to practice or learn how to have

14:08 good answers for that. And one of the things I get asked all the time is like, what's your moat,

14:12 right? Like technology moat only lasts for so long. And I think like the only really good answer

14:19 that we have, other than just like continually trying to stay on top of product innovation,

14:24 is that kind of brand moat, right? So like, I have to go out there and evangelize code quality. And when

14:31 you think of code quality, like you'll think of me and our team. And I'm excited about that,

14:36 because I think it's really important. Like I'm happy to think about going and spending the next several

14:41 years, kind of convincing and sharing and getting people really excited about shipping better code.

14:47 But I also think like, what will make us different from other companies? It's like, well, if you think

14:53 of us as the experts for that. So I think about that idea a lot. And I'm kind of happy about it.

14:59 Yeah.

14:59 On the one hand, there's something kind of crappy or like not great about the idea that the best

15:04 products don't win, like, feels like in a fair or just world, like the best products will just win

15:10 by default.

15:11 Yeah, that's a harsh lesson. And I agree that that is not true, even though it should be.

15:15 So I grew up in Queens, like with a single mom, and just in this environment where I felt like,

15:21 I'm not making the rules. You know, like, I don't make the rules, but I have to figure out the rules,

15:26 and kind of accept them, if I'm going to move ahead and achieve things. And so I think that's

15:32 part of just like me being a sane person in this whole startup ecosystem. But I also think it's

15:39 like part of me to the extent that I'm successful in the things that I set out to do. Because I just

15:44 I'm just like, okay, like, these are the rules. This is what it is, right? It's like, we can build

15:48 the best product that's never going to be enough. It's like, we just have to accept that and then figure

15:53 out, okay, if we have this thing, we want people to play with it and try it. What does that mean?

15:58 Yeah.

15:58 Yeah.

15:58 Well, yeah, you definitely have to be able to legitimately see all the ways that things are

16:05 working all the rules. And then you can try to break them or try to be different. But you got

16:09 to understand the playing field first, and then then you can start to get out there.

16:14 This portion of Talk Python to Me is brought to you by Command Line Heroes. For the Free

16:19 Software Foundation, making a free, as in speech, version of the Born Shell was critical for their

16:24 operating system. Enter Brian Fox. Command Line Heroes, an original podcast from Red Hat, is all

16:29 about the people who transform tech from the command line up. Episode 6 dives into the origins and evolution

16:35 of the Born Again Shell, aka Bash. Bell Labs' Born Shell was the default for Unix. The Free Software

16:42 Foundation, however, needed to create their own version for their not Unix operating system without

16:47 using any of the Born source code. Get the story and subscribe to Command Line Heroes wherever you

16:53 get your podcasts, or just visit talkpython.fm/heroes.

16:58 So one of the really interesting things that I think you're doing is going through this tech

17:05 accelerator, the startup accelerator, Techstars. How do you decide to come and do that? There's a lot

17:10 of ways to start your business, right? You could just bootstrap it from the ground up. You could try to

17:17 just go around and pitch VCs. You could do one of these accelerators. There's a bunch of options.

17:24 What led you down this path? That's such a good question, actually, because it's so personal,

17:30 and I feel like there's no right or wrong answer. And there's even a company inside our accelerator

17:35 that doesn't really want to raise money and they want to bootstrap. Good for them. I think they're

17:40 going to be very successful there. But for me, I thought it would be good for us to raise money

17:45 you know, and like, just hire people to do the things that aren't our strength. You know,

17:50 when I talk about like, I'm doing all this back office stuff, like, I have this fantasy where

17:54 Sunday, someone else does that. And I have the same fantasy. Yes. I know. Right. So, you know,

18:01 it's like, what is it? What's your dream? I love the idea of us getting big enough where

18:05 I can really go around the world and just like evangelize code quality in our brand and like hire

18:11 great people and have someone else who's doing like a lot of the operational stuff, which,

18:15 you know, as companies get bigger, the CEO job does become more like representing and holding the

18:20 vision and hiring and fundraising. Like, that's what I really want to do. But because we're a

18:25 three person company, I'm going to do everything. So I had this fantasy that we became a bigger company

18:30 and we could just do the things where we're really strong and hire other people to do the other stuff.

18:34 That means you have to become a big enough company. You have to raise money. It's actually really

18:38 hard to raise money without like other people vouching for you. And some of that is just the

18:44 dynamic of how, I don't know how people work. It's such a big difference. If I go up to someone,

18:51 I'm like, Hey, I have a company and I would like you to write me a check. And then they're like a

18:56 little on edge. Like, who is this strange person? Like, that's not a normal way to approach a person,

19:00 like a VC, like it's just not normal. And it's not how things are done in Silicon Valley versus

19:05 now Eamon, who is the managing director at Techstars London will like tell VCs he thinks are a fit that

19:14 like, there's this amazing company and, and you have to meet them and they have a round, but it's going

19:18 to close soon because you know, like it's going to close soon. So you have to talk to them fast. And

19:23 then they come in and they meet me. They've had experience with you too, right? The folks at Techstars

19:27 and they can say, you know, actually, no, they're not crazy. I've been working with them for a couple

19:31 months. It seems like they've got a solid plan. Like it rather than, you know, this one, the reason

19:37 I brought up the marketing side of things is it's so much easier. I'm not gonna say easy, but easy

19:44 or much easier compared to 10 years, 15 years ago to create software companies and to get them out to

19:50 the world. But that means there are so many other, there's so much noise and so many other people trying

19:56 to vie for the same attention. I think it's, in some ways it's harder to run a software business,

20:03 but it's easier to create software, which is interesting. So I think any of these times that

20:07 you can have just a little recommendation or something is really important.

20:11 I think about that also because my CTO, Brett Thomas previously built and sold Vendicia.

20:17 And when he started Vendicia, it was about 16 years ago. And that was a point in time when it

20:24 was just, everything was slower and there was less competition, but he had to build everything from

20:29 scratch. And so he's coming on now and like building all this stuff and we're like, chat with us on the

20:35 Slack or a Zoom call. It'll be like, it's so cool. Like, you know, there's some new technology,

20:39 whatever it is that does this thing that he used to have to build from scratch. And so we're really

20:44 thinking about that day to day because he's learning all these new things and implementing

20:49 them. And it's like, it's really cool to see. And it reminds me of how the ecosystem has changed.

20:54 But the hard part is it's really hard to stand out. I think it's very hard to build a successful

20:59 business these days. And everyone thinks that they can and lots of people try. And it's actually like

21:05 really hard and sad to build a business and fail. That was another reason I wanted to do the

21:10 accelerator is like the downside is they take a little equity, but the upside is like we have

21:15 customer introductions and just all these people on our team now, right? Like the whole

21:20 tech stars network, which is just this very powerful worldwide network that has the motto give first,

21:27 which is very nice. And they seem to really mean it. Like it's warm and wonderful. And in fact,

21:32 one of the co CEO of tech stars came into our office this morning in tech stars London, like I met him,

21:39 I was really fanish. And for me, that's like a life changing thing to show up and you have all of

21:45 these people backing you because entrepreneurship is just actually very lonely. We'll get together

21:50 about once a week, all the CEOs in this batch. And some of them are not technical at all. And so you have

21:58 like Banjo is this company and they send like letters to children about this cat that's traveling

22:06 the world. And so it's not like everyone is also coding in Python or thinking about Python, but we all

22:12 there's this camaraderie where we're all thinking about the same like entrepreneurship challenges.

22:18 And that's been really nice.

22:19 Yeah. It looks a little bit different than say like Y Combinator or something like that,

22:24 where at least from the outside, I get the feeling that a lot of that is like super tech

22:28 focused, right? They're trying to create Airbnb or Uber or something to that effect.

22:33 Yeah. I think YC has like what they're looking for. And in some ways, like I got into this because

22:39 of YC. I mean, I've been in startups since 1999, but I came to Silicon Valley and I met Paul Graham in

22:46 2011. And I waited in line as he talked to nine people before me. And he told all of them that they

22:53 should not do whatever they were doing. And I was like, Oh, and then I got there and I was like, I'm

22:59 gonna do a Jewish dating site. And here's how I'm gonna do it. And here's my plan. He was like, you should

23:04 go do that. And I was like, Oh, my goodness, Paul Graham said I should go do my startup. And then I went and I

23:09 tried to do it. And I felt really motivated by that support. Yeah. So, you know, I always have to be a little

23:15 bit grateful to Paul Graham. But I also feel like just I'm like not really aligned with a lot of YC stuff.

23:22 Like they're really, they really want you to be in San Francisco. And like, I think I'm really excited

23:27 about this idea that you can be anywhere in the world. And I think that speaks to some of what we

23:33 talked about before, right? Like being a software developer, some of that should be this freedom of

23:37 all we need is a Wi Fi connection and like a zoom link. And like, yeah, communication is hard and people

23:44 are hard. But I think it's worth it to try to make that work. Yeah, I definitely appreciate the

23:48 thinking about let people be where they want to be. And I think a lot of opportunities to hire

23:54 interesting people get lost because somebody in a small town doesn't get the opportunities to meet

24:00 the people and make the connections. There's probably some opportunity to connect people who are not right

24:05 in the center of these tech hubs. Although London is a pretty good place to be as well. I love that town.

24:11 And it's got a lot of interesting tech going on there.

24:13 It's nice for me. I'm like on a new adventure. And I think you and I spoke earlier about being,

24:22 you know, 40 and over and still starting a company. And I'm a good example of being older and still being

24:29 an entrepreneur, but also like still being on my adventures, right?

24:33 Yes, absolutely.

24:34 I want to go to London. And I wanted to go to London for personal reasons. But it's also a really

24:40 good decision for the company. And so the two things work together. There's a lot of reasons why I mean,

24:45 just London is like a huge business hub. Like actually, Shoreditch is this really cool tech hub. And

24:52 it's been really interesting to be here.

24:54 Yeah, for sure. I've definitely spent some time in that part of London. And I know what you're talking

24:58 about. It's great. I want to talk about this idea of being over 40 and starting a company. Because I

25:03 also hear this around the context of just becoming a programmer at all. A lot of people feel like you're

25:08 over 40. You've missed your chance, right? Like, for me, and it sounds like you pretty much as well,

25:16 right? Like if, if you wanted to start a business, you should have done it in 1998. Right? The dot com

25:21 when we were, you know, in our 20s, or that would have been great, probably. But I don't know that even that's

25:27 necessarily a good idea. I think you get a lot of experience working in the industry. And then you have

25:33 something meaningful to contribute other than just lots of energy and some ideas, right? Like, if we look at what

25:41 you're doing with Faster Than Light, and Bug Catcher, you told me your story about how you started in QA,

25:46 right? And that was kind of your launch into this whole tech world way back when, and you've been

25:52 doing it for so long. And now you're starting this company in this and you've had all this experience,

25:56 right? If the first year you got into it, and you started this company, like how, how much experience

26:01 do you really have? And I think there's actually a lot of opportunities for people who are 40 and older.

26:07 Yeah, 100%. I have so much to say on that. The first thing is we run a security company. And the

26:14 whole premise is that we've seen a lot, we've done a lot, we know what we're doing, and we'll be around

26:21 for a while, and you can trust us. So there are certain types of businesses that are hard to start

26:27 when you're 21. So you can take advantage and leverage, you know, whatever experiences you have.

26:32 And then I see some younger entrepreneurs really struggle. So for example, they'll get maybe like

26:39 10 different pieces of advice from advisors or investors or mentors. And then they're like,

26:44 Oh, what should I do? It's like, I'm 40. I know what we should do. And if I don't know,

26:49 I'll sit down with the team and we'll talk it out and we'll figure it out. And there's this confidence

26:55 kind of easiness that can come with being older and having a sense of who you are and what your

27:00 values are. And that helps a lot in entrepreneurship. When you look at the businesses that have been really

27:06 successful, a lot of them were started by older people. I think about my own life, right? So I did

27:13 get started early in tech startups and in companies. But I also did a lot of meandering. Like I was a

27:22 journalist and a yoga teacher. And then, you know, I went on this tremendous spiritual quest. I spent a

27:27 year in like the Jewish equivalent of a monastery, like a yeshiva for women in Jerusalem. Like I did all

27:34 this stuff that helped me really grow as a person. And then at 31, I did my first like C Corp startup,

27:43 trying to get VC funding. And I came into that with the self-awareness and like all these qualities

27:50 and character traits that I didn't have at 21. And that I also, I don't think other people have if

27:56 they just kind of followed doing some consulting job or not really pushing their boundaries of who they

28:01 are. So I feel like the adventures and the challenges I had in my 20s, I brought them into my

28:08 30s. And that's one reason why I came up so fast as an entrepreneur. Because I came to Silicon Valley

28:13 in 2011. And two years later, three years later, three years later, I was on the cover of the New

28:19 York Times Sunday business. Wow, that is fat. That is incredible. That's awesome. That's fast. So how did

28:24 that happen so fast? Because at 31, I had like a good 10 years of really getting to know myself,

28:33 and really just figuring out like how to show up, like really show up.

28:38 Yeah. It's really interesting your story. And I totally agree with it, right? Like,

28:43 let me do some quick math. I guess I was around 42 when I started my business now. And it's,

28:51 I don't look back and say, I wish I started earlier for most, most of the time. I wish I had

28:57 started earlier only and starting earlier in the trend of what I'm doing, right? Like if I had started

29:03 10 years earlier, it'd be easier to create like online video training, because fewer people were

29:08 doing it, right? But that's not me as sort of my age. That's just opportunity timing, you know?

29:14 Well, and now is the right opportunity for something that 20 years from now will feel really mainstream.

29:20 And so I think there's this challenge of just looking at the moment you're in and trying to make the most of

29:25 that. That's hard. But I think as you get older, those things get easier.

29:29 Well, and then you have that, you have the perspective that you've been around for a while,

29:33 you've seen the trends, you see how stuff plays out, you can make better bets on that.

29:38 This portion of Talk Python To Me is brought to you by Linode. Are you looking for hosting that's fast,

29:43 simple, and incredibly affordable? Well, look past that bookstore and check out Linode at

29:48 talkpython.fm/Linode. That's L-I-N-O-D-E. Plans start at just $5 a month for a dedicated server

29:55 with a gig of RAM. They have 10 data centers across the globe. So no matter where you are or where your

30:01 users are, there's a data center for you. Whether you want to run a Python web app, host a private

30:05 Git server, or just a file server, you'll get native SSDs on all the machines, a newly upgraded

30:11 200 gigabit network, 24-7 friendly support, even on holidays, and a seven-day money-back guarantee.

30:17 Need a little help with your infrastructure? They even offer professional services to help you with

30:22 architecture, migrations, and more. Do you want a dedicated server for free for the next four months?

30:26 Just visit talkpython.fm/Linode.

30:32 There's another aspect, too, on the development side, which is I really like working with senior

30:37 programmers. So I like working with junior people, too, but in a different capacity. I have two interns

30:43 right now, and they know that they're interns, and they do intern-level work. And so they're learning,

30:48 and they're growing, and I'm mentoring. And I think that's really, really important, actually. And I get a

30:53 lot out of those relationships where they help me a lot by expanding just how much I can do in a day

30:58 and kind of being cheerful and supportive and all of that. But for architecting software and getting

31:04 it shipped on time and on deadline and without bugs, like, Brett and Reuben are both over 40. They have

31:11 both been doing this for over 20 years. And I have so much confidence if there is a problem relating to

31:18 back-end engineering, like, Brett will just fix it. If it's a really hard problem, it will take longer

31:23 than if it's not a hard problem. But he will solve it. And if there is any CSS problem or,

31:29 like, JavaScript, React, front-end, like, Reuben will figure it out, and he will do it.

31:34 And I have hired people who were more junior in their careers, and they just didn't have that. So

31:39 junior people are wonderful. We have to mentor them. We have to support them. We have to bring

31:43 them into our organizations. But we also have to appreciate that senior people have a capability

31:48 that comes from that, you know, all that experience.

31:51 I totally agree. So let's talk a little bit about your business that you're building and this whole

31:58 side of security, basically finding security problems in software, right? So let's start.

32:07 There are so many.

32:08 Yes.

32:09 It's not hard.

32:11 I'm sure it's not. So let's start with just the overall idea and the name of what you're building.

32:17 Yeah, we are Faster Than Light. And that is our goal. Our goal is to be faster than light at static

32:24 analysis and other security tools.

32:26 Yeah, awesome. So primarily what you're doing is you're trying to democratize and speed up

32:32 static analysis of code, right? So I've got some software, and I've written it, I put it on the

32:39 internet. But who knows how long it's going to stay safe up there.

32:43 That's a mistake. Don't do that. Take it, undo it. Revert, un-pull.

32:49 So I can run my software, whether it's Flask or Django or whatever, through your tool, the source code

32:56 through your workflow, and it'll tell me things that are potentially wrong with it, right? Like,

33:03 for example, if I'm running Flask in debug mode, and then I just put it on the internet.

33:08 Don't do that either.

33:09 You know, there's the VexoEg debugger that you can just open up and see what's happening and

33:16 issue commands, all sorts of craziness may just be on the internet for people to find,

33:21 right? And there's literally tools that go around and look for that kind of stuff and have a catalog,

33:25 right? Like Shodan and some of these tools will just like, show me all the, you know, sites that have

33:31 this open and I can just talk to it. So you want to know about that?

33:34 Yeah, I think we're seeing a lot of that. I think the Capital One hack that happened recently is a good

33:39 example where they had something misconfigured and the hacker got in. Like this sort of thing is very,

33:45 very common. It can happen to anyone. Part of my mission, what I'm trying to do here with the

33:50 whole team at Faster Than Light is just make it easier and faster and simpler for people to test and ship

33:57 more secure code. And I like static analysis as a way to get into that because it's really

34:03 accessible to anyone. It's something that an individual developer can do. So on the one hand,

34:08 it's something that like big corporates do and like, that's good because it means like we have a business

34:12 model and know like we can eventually kind of stay in business. But for individual developers,

34:18 like I think that's where my heart is because it's a way for you to level up as a developer and

34:24 just ship higher quality code. Well, there might be some kind of problem with the software that

34:29 you've written. Maybe you don't have someone doing the code review, you wouldn't know anything about

34:33 it. But if you put it through some sort of static analysis like this, it'll say, oh, did you know

34:38 that you are sending commands to the shell and you're not sanitizing user input? You're like, wait,

34:44 I needed, is that a thing I should worry about? I didn't even know I needed to worry about that.

34:48 Right. So it can help you learn a lot about these things just by discovering like a problem that you

34:53 didn't even realize was a problem. That actually can be a way for someone to like come into security

34:58 for the first time, like scan your code, see what issues come up and then learn about those issues

35:04 and how to fix them. Right. So I would love to eventually create like content and stuff on our

35:10 website and videos about how to fix these issues. So hopefully that'll be coming down the pipe soon.

35:17 But in the meantime, there's a lot of information available. And if there is a pretty serious

35:21 security issue, you know, you should fix it. The tools are helpful for that. We're building on top

35:27 of open source tooling, which I'm actually really happy about because these existing open source tools

35:32 are actually really, really good. It's just that they're a little bit of work to set up and to use.

35:38 And for me, I'm kind of impatient about doing that kind of configuration. And I think for people inside

35:44 companies, like you just have so much to do, right? Like you have too much to do in a day.

35:49 So we built a tool that saves you the trouble of the configuration. And it's free. We certainly we have

35:55 a free tier. At some point, we'll put a paywall up, but we're always going to keep a free tier for

35:58 developers. So for us, we think that what's useful for developers is just making it like a super,

36:06 super fast to test your code. So what we've done in terms of interface is we have a command line tool

36:11 coming next week. And we have right now a website interface where you just upload your code. We run

36:17 bandit against it. And then we give you a PDF with the results. And then we hope you'll go and you'll

36:22 fix things. Yeah, that's cool. I guess you can message me or grab. Yeah, yeah, for sure. So the command line

36:28 tool sounds really nice and pretty obvious for the upload. Do you like zip a folder and upload the folder

36:35 or something like that? Or how does it? Yeah, how's that work? You can just drop a folder in.

36:40 And that's part of what like we flatten the dependencies and we make it kind of easy for

36:44 you to just like drop all the code in. Right now we can run tests against give or take like a thousand

36:50 files, which is actually like a lot.

36:53 Yeah, for Python code, that's a lot actually.

36:55 It is a lot. That's well, that's part of what we want to do. I'm very impatient. I was like,

37:02 it should just all be like instantaneous and make it as easy as possible. Like everyone should just

37:07 test their code and not have to wait for the scans to run. And I think I'm a little bit unreasonable

37:12 in what I'm hoping to do here. And that's some of that is like Brett has set the bar really high

37:16 because there's a lot that he's capable of getting done. So we are building this parallelization tech,

37:22 which is exciting. And it's going to run the scans in parallel. I'm very excited about that. That'll

37:28 make things very, very, very fast. And that should be live in a few weeks. But in the meantime,

37:33 the site works, you can go to bugcatcher.fasterthanlight.dev and upload your Python code and test it. And if you

37:42 have questions about the things that come up, like you don't know what the errors are, how to fix them,

37:46 my DMs are open on Twitter and we can figure out like, what's the best way to get in touch. But I

37:51 just, I want everyone, please test your code. And if I can help you test your code, let me know.

37:56 Yeah, that's, it's a great service that you're providing. I mean, people can go and set up

38:01 the tooling, but to be able to just drop it in there and get an answer and not have to think about

38:06 learning how to set up something like Bandit or something like that. It's, it's really nice. I'm sure

38:12 there's a lot of folks who go, we should probably test this for security, but I haven't.

38:16 done it right. But if it's a matter of just dropping it in, one thing that comes to mind for me that

38:21 really interesting is some form of like GitHub integration. Yeah. That's on the roadmap.

38:27 Yeah. Yeah. So like if I'm going to accept a PR, it would be great. I have capabilities and GitHub

38:33 to plug it into continuous integration, build pipelines or flake eight or something like that.

38:38 But just like one more like, Oh, and you know, faster than light gives it the green check. So

38:45 from a security perspective, nothing super obviously broken.

38:48 Yeah. I can see the usefulness of that because we run into a lot of issues, right? Like just accepting

38:53 pull requests or kind of accepting things that are upstream. And it's been actually really cool to see

38:58 like you've got a sneak here in London is doing stuff for testing like upstream things in open source. And

39:05 there's a lot of awareness around that. But pull requests and for sure, just your own code, like the biggest,

39:11 how do they say, you know, like the dangers in the house, like the biggest risk is the code that you're writing yourself.

39:18 You're the biggest risk.

39:19 The call is coming from inside the house. That's right.

39:21 That's right.

39:22 That's right. The bug is coming from inside your basement.

39:25 Yeah. Interesting. So this is analyzing your code. Do you all do anything around dependencies? Right. So

39:32 I write some code. It depends on package X package X depends on three more. Do you do anything

39:40 around tracking or analyzing that kind of stuff? I mean, you probably don't download and analyze it,

39:45 but do you have any warnings for issues that are like downstream or upstream, I guess, rather?

39:50 No, right now, sneak is probably the first company that comes to mind for that. And there might be

39:55 others. What we do is like, we'll analyze whatever you throw at us. Yeah, sure. And we're increasing the

40:00 capabilities and also our speed. And so, you know, you could just once we have a little more speed up and

40:06 running in terms of the parallelization that we could offer, like you could just dump all of that

40:11 into faster than light. And we will run, you know, find bugs and bandit. And like, we're going to be

40:18 including, you know, JavaScript scanners and like all these different things. And so, you know,

40:23 coming down the pipeline, just like drop it all in and we'll scan it. But you'd have to go and like

40:28 grab all of it and give it to us. Yeah. Well, one of the problems with these kinds of tools, I think,

40:32 is sometimes it'll tell you you shouldn't do something like, but in this case, it's okay. I know

40:39 actually what's happening means this value will never come from user input. It's only going to

40:45 come from what we type in the CMS, for example, or whatever. Right. And you're still going to get

40:51 that warning that, you know, you're not escaping this and like HTML encoding. You're like, that's

40:55 because I don't want to, you know what I mean? Right. And I see if you would add that to like all

40:59 the dependencies, you would just get a huge number of false positives as well. And it could just be like

41:04 overwhelming. You know, I talked to a lot of people who say that they would do static analysis,

41:09 and they need it to be faster. Like, okay, good. We can do that. But they also just want to see the

41:14 top 20 bugs or they don't want to see the noise. So we're able to show you just the top bugs because

41:19 we have this interface. And so it's pretty easy for us to give you settings where you choose that.

41:23 In terms of saying you don't want to see certain errors anymore, like banded and a lot of the open

41:28 source tools already have like pretty good features for that. And then of course, like we can do that

41:33 too. And I think that's part of the challenge with static analysis is like,

41:37 right now, you always need a human to do the review. And part of what makes static analysis

41:42 so frustrating is it's just it's like a spell checker. And there's like all these things are

41:46 just like, I just none of these are relevant. But then there's the two things that it catches that

41:51 like you really needed to catch those things. And so it's still not optional. But I think a lot about

41:56 like, how do we reduce all of that noise? We have an annotation feature, which we're pretty excited

42:01 about. We don't talk about it much. It's like it's not deep tech. It's just like the ability to write

42:05 notes. But if you are sharing your reports with other people, it can be kind of neat.

42:11 Like, just make a little note like, okay, it says that there's like an API key there. It says that

42:16 like, there's this problem, but actually, it's fine. It's safe. Like we're aware of it. And like,

42:21 please don't not buy us for like, please don't yell at us about this. Because that's one of the big

42:26 problems, right? It looks like there's bugs sometimes when everything is just fine, because

42:30 the code is written safely.

42:31 That's another interesting thing. If you might be licensing your source code or your software,

42:37 or you're actually being acquired, or something like this, a lot of times, those situations will

42:44 require that your code go through a whole bunch of different auditing and security checks, right?

42:49 And so it would be great if you as you built your software, you already mostly removed all those

42:56 things and kept track of them, right? Yeah, it'd be good to not be surprised in those moments. And

43:00 actually, acquisitions can be really difficult. And that's like the type of thing where the acquisitions

43:06 take a lot longer than people expect. Yeah. I don't think a lot of your listeners are in that

43:10 situation. But if you are, I guess like good for you. Yeah, these are good problems to have for sure.

43:14 But I guess maybe another way to look at it is if you take finished software that's been around for a

43:18 long time, that's pretty big and complicated, and you throw it at static analysis, it can be kind of

43:23 overwhelming. If you use it from the start, it's a couple issues here and there, and you address them

43:28 as they go. But if 10 people have been working for a couple years, whose job is it to go back and fix

43:33 all those problems? And that can be really overwhelming. Yeah, I was just talking about that

43:38 with my friend Alex, an ECO at StepSize, and they deal with tech debt. And part of their thesis is you

43:44 want to handle the tech debt a little bit at a time. Yeah. So it's manageable. And he was saying,

43:49 you know, static analysis is maybe the same thing, like, just keep doing it regularly. And then it

43:54 doesn't become overwhelming. But yeah, I think if you were gonna scan like a million lines of code,

43:59 and I'm talking to a pen tester right now, he has a million lines of code that he has to scan. It's like,

44:04 that company is going to be sad. That's just a lot.

44:07 Yeah.

44:08 So I think we're security people. And part of the message from security people is like,

44:13 please do this all the time. I don't know how to not be annoying about that. I want to make it fun.

44:17 And I guess, wish me luck.

44:19 Yeah, good luck for sure. Well, I do think minimum friction is part of it. That's why I was thinking

44:25 of like, in automatic integration with GitHub, when you check in and stuff, because then,

44:29 oh, yeah, you don't have to even ask anyone to do it. It just happens automatically,

44:33 they get a little like check marker or warning or whatever. And you can ignore it or not. But it's

44:38 like, right, it's just happening right there all the time. And I think that would actually help a lot.

44:43 Yeah, I think that's right. That's on our roadmap for September. But it's always it's always nice

44:47 when something that we think is important, you know, someone like you also thinks is important.

44:51 And I we've been thinking about it as like, when you check in your code, you'll get that feedback.

44:57 But I love the idea of integrating it. So you can scan the pull requests as they come in.

45:01 Because that's like, you don't want to bring in, you know, bad pull requests.

45:05 Yeah, for sure. And then there's so many of the tools that happen kind of automatically,

45:08 if you had to go then check out the pull requests, and then you'll run it locally,

45:12 or then upload it somewhere like it just just had that integration, like that friction,

45:15 it would be gone be great. So let's talk about some of the issues that you would find running

45:21 through your system. Now, you already said this basically runs on top of bandit for Python,

45:26 Python and find bugs for Java. So yes, most importantly, your service is making this

45:33 easy, giving you the reports to share it, making it fast, all those kinds of things.

45:38 So understanding what you could find is pretty much at the moment looking at what say bandit can find,

45:44 right? Right. Although I think we're going to bring in other tools. Of course. And that's

45:49 exciting. But like bandit is really comprehensive. And you look at, you know, what are the range of

45:54 things you should be worried about in Python? And people say, Oh, like Python is a safe language.

45:59 It's not like C. But actually, you know, okay, fine. Like it's not like C, but you can still get

46:06 possible SQL injection vector through string based query construction. All right, right.

46:11 Exactly. Little Bobby tables would work in Python just as well.

46:17 A flask app appears to be run with debug equals true and allows the execution of arbitrary code.

46:24 There are a lot of these bugs. And if you don't run the analyzer, like it's very easy to write bugs.

46:29 Actually, some of the well, what I was thinking about when I talked about the junior developer not

46:34 knowing they're doing something wrong when they are is probably the first thing that comes to mind is

46:38 SQL injection, right? Where you just construct SQL strings out of static SQL strings plus variables

46:44 where the values of the query filter bits go and like that's always really bad. So you would find that,

46:49 of course, the flask debug true, obviously bad. It's very easy to tell if, you know, app.run has debug

46:57 equals true in it. So that should never be there. But then there's other stuff that's more subtle,

47:02 like auto escape, for example, in Jinja and flask.

47:05 I am going to let you talk for a minute while I go plug my laptop in. I am at 4%.

47:10 Oh yeah, no worries. No worries. So like, I didn't know that Jinja did not auto escape

47:17 the inputs. The reason is because I usually work with Chameleon. I don't work with Jinja that much

47:24 as often. And I don't use it in that context. But it turns out that if I've got some structured HTML,

47:32 and I just convert to a string, you know, double curly bracket, it will come back out as whatever I put in,

47:38 which is super bad if that is user input, right? If I'm in a forum, and I type in curly bracket script,

47:47 do this bad thing, then when that gets viewed by or rendered by Jinja, it's basically some form of

47:56 injection attack, which is not good. So checking for things like auto escape equals false. And it

48:02 even shows you how to turn it on. I think these are all really interesting. Let's see what else.

48:05 What else do we got there? That's, that's pretty interesting. There's stuff about sending commands

48:10 to the shell. There's all sorts of things that I think are really worth, you know, flipping through

48:14 that list and definitely running that against your code.

48:16 Yeah. And one of the things that we do is just prioritize, you know, the highest priority bugs

48:21 show up at the top. I think Banda probably does that as well, if you just run the tool and get the

48:27 output. Yeah. And so you can just find like, one of the things that static analysis is it can give you

48:33 suggestions for like formatting errors, like maybe you don't care about that so much. But you'll see like

48:39 the highest priority errors are security related. And I think I'm actually really excited for junior

48:46 developers to take those as a way to like go and learn some security things. And for senior developers,

48:52 we run our own code against our tool after we built it and we found stuff and we fixed it.

48:59 And so like bugs, it can happen to you.

49:02 Yeah, that's pretty awesome. It's I love these sort of meta experiences where like your tool analyzes

49:09 your tool or, you know, your language writes your language, the compiler and runtime for your

49:16 language or something like this, right? It's, it's always fun to see that in the tech space.

49:20 The first code that we ran was ours.

49:23 Nice. That's really cool. So let's talk really quickly about the business model for what you're

49:27 building here. I think, you know, some folks that are thinking about software business,

49:30 you'll probably find your thinking on that interesting. So you said there's going to be

49:34 a free tier for individual developers to do some level of analysis, but then also,

49:40 yeah, maybe something bigger for like enterprises or just give us your thoughts on how that comes

49:46 together.

49:46 Yeah, it feels really important to me and not just me. I think there's a lot of conventional

49:51 wisdom around this that if you have a developer tool, like you have to make it accessible to

49:55 developers. And in our case, it just makes a lot of sense to have at least,

50:00 we have to figure out exactly what does it look like, but like some kind of free tool

50:03 so devs can use it and play with it. And because like, we actually really want people to write

50:08 and ship better code. Our parallelization deck is really expensive. So we're not going to give

50:12 that away. But like, you don't really need that if you're one developer uploading, like a reasonable

50:18 number of files, you don't need to have it go and like super speed. And there's this concept

50:23 of like, just build it and give it away, like for free with no business model and just lots of VC

50:29 funding. And that just feels really a little bit dishonest to me. Like if people figure out how to

50:34 make that work, I think that's cool. Like cockroach labs just raised a bunch of money and they seem to

50:39 be doing like a really good job of balancing, like having started off as a free open source tool and then

50:45 figuring out an enterprise model.

50:46 Yeah, that's interesting. Yeah. Just so people know, cockroach labs, they create a thing called

50:51 cockroach DB, which I haven't had a lot of experience with it, but it's supposed to be like a globally

50:57 distributed, redundant database server. That's about all I know about it. But yeah, they're definitely

51:02 I saw this raised a big round as well.

51:04 Yeah. And I think they seem to be doing a really good job. And I've met with some folks from cockroach

51:09 labs and I like them a lot. But for us, like for me and Brett and Reuben, we looked at like who we were

51:14 and who we wanted to be. And we're like, we just think there's something really honest and really

51:18 sincere about just making software and charging for it.

51:21 I think that is so undervalued because so often, you know, the get a bunch of money, get a bunch of

51:28 users and we're going to figure out how to make money from them. It sets up a lot of bad incentives

51:32 to not put users first.

51:34 Yeah. Well, and it runs counter to like security industry thinking. You know, I think a lot of

51:40 security people are very aware of like being the product and not like the user. Like you look at

51:47 all these ad driven businesses. It's like, okay, like does Twitter think I'm the user or do they

51:52 think I'm something else? Like, I don't know. Like you don't know always it's confusing. And so we

51:57 wanted to have this simplicity where like you pay us and you know, you're the user. And if it's a free

52:05 tier, then it's like, we just want developers to like love it and say nice things and give us feedback.

52:10 And I think there's a certain honesty in that too, where it's like, okay, like not everyone has a

52:16 ton of money and, but you should still be able to try it. Like you shouldn't have to pay money just

52:20 to try it. And we are really excited to give some things away for open source. So we have to figure

52:26 out like, what's the scope of that. But if you have an open source project, like we really want you

52:30 using the tool. So like as much as you need for like who you are and we don't want to charge you for

52:35 that. So we've talked about that a bit internally and we want to charge enterprises like a ton of

52:40 money. Like, so that's also, and I feel just fine about that. Like enterprises have a lot of money and

52:44 they are wasteful about it. And we just want to help them to like be secure and actually like use

52:50 services that work and that are efficient. So I like that model. Yeah.

52:55 Well, around the enterprises, you know, I, a couple of thoughts. One, I feel like so many companies,

53:01 I don't know what the percentage is, but it's gotta be in the, you know, 99% plus they take so much

53:08 benefit from open source. They build so incredibly much on open source and they give back almost zero.

53:17 Like that's such a problem, right? Like a bank that makes a hundred billion dollars a year. Could they

53:23 donate a million a year to open source? Sure. They could do they, maybe they employ a core developer,

53:28 which is great, but they could do a lot more and it would be in their interest to do so. And the other is

53:34 the consequence of failure at that level is really high. You mentioned Capital One, you can look at

53:40 Equifax. You can, if there are these security problems, right, it's really bad. So it's also worth

53:47 their money. Yeah, yeah, exactly. So it's, it seems like totally reasonable to me.

53:50 Yeah. And I think what we'll want to figure out as a company is how do we give back to the open source

53:55 tools that we build on top of. And while we're a three person team, like that's a little tricky.

54:01 We had an intern who was going to come in and like give back and like contribute and do pull requests

54:06 to bandit and find bugs. And then the intern had to drop out. But that was like one idea I had. I was

54:13 like, okay, we'll bring in people and their whole job will just be to give back to these tools that

54:17 we're on top of. Yeah. That seems really good.

54:19 Yeah. So we're really early in that. But I think like we're thinking about it and we care about it.

54:24 That's a good start. And as we find bugs, like as we use these tools and we find issues in the

54:28 documentation or like actual bugs, we can do pull requests. But also now like larger enterprises or

54:36 even just smaller businesses can use those open source tools a little more easily. And I feel pretty

54:40 good about that. I actually, I love all the business model stuff. And I'm, I'm actually really happy with

54:45 our business model. I like the idea. Like we are like, we make stuff and you buy it, we hope,

54:51 and we appreciate it. And that helps us stay in business. And even if we do take funding,

54:57 like that funding is to grow. It's not confusing us about like our business model isn't that VCs pay us.

55:05 That's definitely a short term one. Yeah. So I think that's a really genuine model. And I think that's

55:10 nice. Thanks for sharing that. So we're about out of time, but I do want to give you a chance before we

55:15 call it a show. So you just give a quick shout out to your book, Lean Out. Oh, yeah. Thank you.

55:20 Yeah, you bet. So the title is Lean Out the Struggle for Gender Equity in Tech and Startup Culture. And you

55:26 talked a little bit about that earlier. Do you want to just tell people quickly about your book?

55:29 Yeah, Lean Out is stories from over a dozen different people, women, genderqueer people in

55:35 tech and startup culture, just sharing, you know, what it's like for them. And one commonality that came

55:41 out in these stories is that making things is easy, or at least relatively easy, and fitting in is hard.

55:48 And that's a lesson and a moral that I think speaks to all kinds of people and can be, I think, a bit of

55:56 comfort for people as they navigate startup life or corporate life, whatever it is. I think a lot of us

56:02 have that in common. And if you're feeling that, if you're feeling like, culturally, it's a bit of a

56:08 challenge, like Lean Out can be like a really warm read for you.

56:11 Yeah, for sure. Yeah, it's interesting that it's essays from a bunch of different folks sharing

56:15 their stories. So I'll definitely put a link people can check it out. And if they're interested in the

56:20 show notes. All right. Well, before I let you out of here, though, I got to ask you the two questions

56:24 I always ask, please. Yeah. So if you're going to write some Python code, what editor do you use?

56:28 Ah, that's a good question. I'm not writing any code right now. That's, I'm going to disappoint

56:33 everyone. I used to be a fan of sublime. This was a while ago. And then Visual Studio.

56:38 Yeah. All right. Very cool. Yeah. I feel like VS Code has definitely seemed to capture the sublime

56:44 crowd pretty heavily these days. So definitely cool. And then...

56:48 Yeah. Oh, just on that, on that, I think a lot about like what IDE will integrate into first. Again,

56:54 this is like coming from, you know, I'm like, so in the like product mindset, as opposed to the like,

57:00 I'm coding mindset. And so I think it's probably Visual Studio with the hope that Microsoft would

57:05 give us some help there.

57:06 Yeah, that would be certainly cool. And it definitely like ties back a little bit into the

57:10 enterprise side of things, right? It's pretty popular with that crowd. So cool, cool. All right. And then

57:17 do you have a notable PyPI package or Python library you want to give a shout out to?

57:22 Oh, just we love Bandit. I love Bandit. That's just any shout out has to be to Bandit.

57:27 Awesome. Very cool. All right. Final call to action. People are interested in static code

57:33 analysis, maybe even joining something like Techstars. Like what can you leave them with?

57:38 Please try out Bugcatcher and let us know what you think. That would be great. That is bugcatcher.fasterthanlight.dev.

57:45 And if you are interested in Techstars, just I'd love to chat with you about it. And there is Techstars London

57:52 will be opening up soon. All kinds of Techstars around the world. I'd be happy to introduce you.

57:57 It seems like it's a good fit. Super. All right. Well, it's been really interesting to chat with

58:01 you about what you're up to. Thanks for sharing your story. Yeah. Thank you. You bet. Bye. Bye.

58:05 This has been another episode of Talk Python to Me. Our guest on this episode was Alyssa

58:11 Shevinsky, and it's been brought to you by Command Line Heroes and Linode. Command Line Heroes is a

58:16 podcast telling the story of developers. This season is all about programming languages and starts off with

58:22 Python. Of course. Subscribe at talkpython.fm/heroes. Linode is your go-to hosting for whatever

58:30 you're building with Python. Get four months free at talkpython.fm/Linode. That's L-I-N-O-D-E.

58:36 Want to level up your Python? If you're just getting started, try my Python Jumpstart by Building 10 Apps

58:43 course. Or if you're looking for something more advanced, check out our new async course that digs

58:48 into all the different types of async programming you can do in Python. And of course, if you're

58:53 interested in more than one of these, be sure to check out our Everything Bundle. It's like a

58:57 subscription that never expires. Be sure to subscribe to the show. Open your favorite podcatcher and search

59:02 for Python. We should be right at the top. You can also find the iTunes feed at /itunes, the Google

59:08 Play feed at /play, and the direct RSS feed at /rss on talkpython.fm. This is your host,

59:15 Michael Kennedy. Thanks so much for listening. I really appreciate it. Now get out there and write

59:19 some Python code.

59:19 Bye.

59:20 Bye.

59:21 Bye.

59:22 Bye.

59:22 Bye.

59:22 Bye.

59:22 Bye.

59:22 Bye.

59:22 Bye.

59:23 Bye.

59:24 Bye.

59:24 Bye.

59:24 Bye.

59:24 Bye.

59:24 Bye.

59:25 Bye.

59:26 Bye.

59:26 Bye.

59:26 Bye.

59:27 Bye.

59:27 Bye.

59:28 Bye.

59:28 Bye.

59:29 Bye.

59:30 Bye.

59:30 Bye.

59:31 Bye.

59:32 Bye.

59:32 Bye.

59:33 Bye.

59:34 Bye.

59:34 Bye.

59:35 Bye.

59:36 Bye.

59:36 Bye.

59:37 you Thank you.

59:39 Thank you.

59:40 Thank you.