WEBVTT 00:00:00.001 --> 00:00:03.360 What's it like building a startup with Python and going through a tech accelerator? 00:00:03.360 --> 00:00:09.080 Well, you're about to find out. On this episode, you'll meet Alyssa Shevinsky from Faster Than Light. 00:00:09.080 --> 00:00:14.820 They're building a static code analysis as a service business for Python and other code bases. 00:00:14.820 --> 00:00:18.940 We touch on a bunch of fun topics, including static code analysis, entrepreneurship, 00:00:18.940 --> 00:00:25.280 and tech accelerators. This is Talk Python To Me, episode 228, recorded August 7th, 2019. 00:00:25.280 --> 00:00:43.700 Welcome to Talk Python To Me, a weekly podcast on Python, the language, the libraries, the ecosystem, 00:00:43.700 --> 00:00:48.800 and the personalities. This is your host, Michael Kennedy. Follow me on Twitter, where I'm @mkennedy. 00:00:48.800 --> 00:00:53.920 Keep up with the show and listen to past episodes at talkpython.fm, and follow the show on Twitter 00:00:53.920 --> 00:00:59.140 via at Talk Python. This episode is brought to you by the podcast Command Line Heroes from Red Hat 00:00:59.140 --> 00:01:03.180 and Linode. Please check out what they're offering during their segments. It really helps support the 00:01:03.180 --> 00:01:08.460 show. Alyssa, welcome to Talk Python To Me. It's great to be here. It's really great to have you 00:01:08.460 --> 00:01:14.400 here. I'm excited to talk about all the stuff that you're doing. There's so many different angles and 00:01:14.400 --> 00:01:18.880 aspects of what you got going on. I think it's going to be interesting for everyone. We're talking about 00:01:19.120 --> 00:01:25.500 going through a tech accelerator, starting a software business, building on top of open source, 00:01:25.500 --> 00:01:31.480 starting working with Python as a core way to build a business, things like this, and some others as 00:01:31.480 --> 00:01:37.440 well. So a lot we have to talk about together. These are some of my favorite topics. So hopefully, 00:01:37.440 --> 00:01:41.840 it'll be a good conversation. I'm sure that it will. So let's start it off by just getting your 00:01:41.840 --> 00:01:45.560 background. How'd you get into programming in Python? How'd you get here? I got into programming 00:01:45.560 --> 00:01:52.080 basically like my first day of college. I took an introduction to the web. It was like computer 00:01:52.080 --> 00:01:59.240 science 105. This was 1997. So just to set the perspective for people, right? Like the web came 00:01:59.240 --> 00:02:05.700 out in like 93 as a proper browser, right? Like it was really that's like years, a couple years into it, 00:02:05.700 --> 00:02:12.200 right? Oh, yeah. I don't want to say nobody, but it was extremely unusual to be doing the kind of tech 00:02:12.200 --> 00:02:19.200 stuff that I was doing. And I loved it. But I didn't become a programmer at that point in my life. I just, 00:02:19.200 --> 00:02:26.040 I got introduced to it. I thought it was cool. I had this, like really warm and wonderful computer 00:02:26.040 --> 00:02:31.420 science professor and these friends who are computer programmers, and just kind of had this mental note 00:02:31.420 --> 00:02:37.460 that if I ever wanted to go into programming, like they would have me and it was geeky and it was fun. 00:02:37.720 --> 00:02:43.720 And over the next few years, I just kept being friends with all these developers. And then I got 00:02:43.720 --> 00:02:48.900 this job. And I wasn't thinking too hard about it. Just my friends are at this startup called Everyday 00:02:48.900 --> 00:02:54.380 Health. And I joined and for the first year, I worked with the founders to set up the customer service 00:02:54.380 --> 00:03:00.520 infrastructure. And then I wanted to go back home to New York. And I got promoted to the tech team, 00:03:00.520 --> 00:03:05.500 kind of like as an accident. There's this moment where they needed someone to do QA. 00:03:05.500 --> 00:03:10.560 And I was just around. It was like for New Year's Eve and like Christmas when no one wanted to work. 00:03:10.560 --> 00:03:16.080 And I was good at it. Then they like threw me on the tech team. And there I was suddenly, 00:03:16.080 --> 00:03:21.280 you know, shipping new software every three months. And I just fell in love with it. It was just, 00:03:21.280 --> 00:03:26.220 I'm still in love with it. Like there's a short list of things that I love. And making software is 00:03:26.220 --> 00:03:32.880 really like one of the, I can think of very few things I love more. And I got into Python specifically 00:03:32.880 --> 00:03:39.720 once I started doing talks. And I just looked around and pretty much applied to any open call 00:03:39.720 --> 00:03:47.760 for papers. And I fell into PyCon Canada. And it was like, whoa, these people, they're warm and wonderful. 00:03:47.760 --> 00:03:55.140 And this conference is like really deep and interesting and covers a lot of ground. And that just became 00:03:55.140 --> 00:04:01.540 my home in all of these ways. And I went and I did like every Python conference that would have me. 00:04:01.540 --> 00:04:07.320 And I had this talk on the history of women and computer science that also included like all the 00:04:07.320 --> 00:04:14.060 contributions that women and non-binary people made in Python. And like all these events really wanted 00:04:14.060 --> 00:04:20.080 that talk. So I kind of went on this worldwide tour going to Australia and London and all over giving 00:04:20.080 --> 00:04:23.120 this talk on Python community. 00:04:23.120 --> 00:04:28.160 That sounds so fun to be able to dive into that. And I totally know what you're saying. I had the 00:04:28.160 --> 00:04:32.860 same feeling with PyCon and the community and just like, wow, this place is special, you know? 00:04:32.860 --> 00:04:39.800 It really, really is. I mean, I could go on and on about how and why I love Python and the Python 00:04:39.800 --> 00:04:45.260 community, which I guess is appropriate for this show. But Python is a really good learning language. 00:04:45.260 --> 00:04:53.320 Like there's so much that's great about Python. And I saw myself as someone who was still in some ways, 00:04:53.320 --> 00:04:59.360 like a beginner as a developer, you know, and like very sophisticated in some of these other aspects. 00:04:59.360 --> 00:05:03.700 Like I have all this deep security knowledge and I know a lot about the process of shipping software. 00:05:03.700 --> 00:05:09.240 But I like that I could go to a Python event and kind of follow along with the talks there and like make 00:05:09.240 --> 00:05:15.420 a really meaningful contribution. And I still like that Python, that it's a good first language for 00:05:15.420 --> 00:05:20.220 people. I like being part of a community where you can tell beginners, oh, come here first. 00:05:20.220 --> 00:05:25.260 Yeah. You know, what's really interesting? And I do agree with that for sure. I met so many people who 00:05:25.260 --> 00:05:31.280 were hesitant to go to events like that. And then they're like, well, I'm not really a developer 00:05:31.280 --> 00:05:35.360 enough to come to that. I'm not like a super pro. I've only been doing this for a few years or it's 00:05:35.360 --> 00:05:40.080 not my main thing. I'm mostly a doctor or whatever. And they're all just, you know, this is amazing. 00:05:40.080 --> 00:05:46.160 I'm so glad I decided to get over that and come. I think that's really wonderful. But, you know, 00:05:46.160 --> 00:05:50.120 also there are a bunch of people who it's not just a beginning language for them, right? It's like a 00:05:50.120 --> 00:05:54.400 professional language they've been working with for a long time. And what I think is special about Python 00:05:54.400 --> 00:06:01.420 is you can be effective with Python with only a partial understanding of it, right? Like you, 00:06:01.520 --> 00:06:05.640 if you don't know what a class is, right? If you don't know what a class is, a generator, 00:06:05.640 --> 00:06:10.740 a meta class, a database, you can still write scripts. You don't even know what a function is 00:06:10.740 --> 00:06:15.260 in terms of creating them and you could still use it. But at the same time, you can grow all the way 00:06:15.260 --> 00:06:21.500 into building Instagram or YouTube or, you know, you name it, right? And so I think that that's really 00:06:21.500 --> 00:06:22.480 special about it. 00:06:22.480 --> 00:06:27.900 Yeah. It's a very powerful language. We are using Python at our company at Faster Than Light. 00:06:27.900 --> 00:06:34.460 and our CTO is, you know, a very senior Python developer, but it gives me a little bit of a 00:06:34.460 --> 00:06:39.100 lens into what you could do if you were junior. And we certainly see a lot of projects where people, 00:06:39.100 --> 00:06:43.460 you know, like it's a high impact language across the board for lots of people. 00:06:43.460 --> 00:06:45.920 I think it's definitely special. There's a lot of languages that are 00:06:45.920 --> 00:06:49.980 great for building pro apps. There's a lot of good beginner languages, but there's not many that do 00:06:49.980 --> 00:06:53.840 both. And I think that's a lot of, a lot of what makes that special and why it makes sense for 00:06:53.840 --> 00:06:59.760 beginners to come and yet still have like this full rich ecosystem that we do, which is, which is great. 00:06:59.760 --> 00:07:05.540 So let's talk about what you do day to day. You're doing some pretty exciting stuff right now. 00:07:05.540 --> 00:07:13.420 Yeah. I think what I do is a mix of these like really, really dull, not glamorous things. Like 00:07:13.420 --> 00:07:20.960 I'll sit and I'll do taxes and accounting and like build a leads list. So like I'm in an Excel 00:07:20.960 --> 00:07:26.660 spreadsheet, just like putting in names and emails and LinkedIn because for whatever reason, I want to 00:07:26.660 --> 00:07:33.820 connect with, with those folks for the business. And then just the most glamorous stuff. So we're part 00:07:33.820 --> 00:07:38.680 of the Techstars London accelerator now, and I meet the most remarkable people, you know, so I have 00:07:38.680 --> 00:07:44.720 introductions pending to like the chief executive officers at, you know, really large, like banks 00:07:44.720 --> 00:07:50.280 and corporates. We just met the CTO from Ikea. I guess for me, that's glamorous, right? Glamorous is 00:07:50.280 --> 00:07:57.500 like, I met this really cool developer. It's geek glamorous and geek famous, which I think is pretty awesome. 00:07:58.060 --> 00:08:03.900 Yeah. I've also traveled all over the world, which I think meets a lot of people's definitions of 00:08:03.900 --> 00:08:09.400 glamour. It's interesting because how many people think of, I'm going to go learn software development, 00:08:09.400 --> 00:08:14.940 which is often from the outside perceived as like, those are the people that kind of go into the dark 00:08:14.940 --> 00:08:19.500 room and no one talks to them. And they're kind of, you know, it's kind of a solitary thing. And the 00:08:19.500 --> 00:08:24.660 result is like all this glamorous travel and all these experiences that a lot of people who thought they 00:08:24.660 --> 00:08:28.020 had a glamorous job maybe are not actually getting out of it, right? Like, I think there's 00:08:28.020 --> 00:08:33.420 a lot of interesting stuff. I had similar stuff. I, you know, traveled all over the world teaching classes and, 00:08:33.420 --> 00:08:39.060 you know, got to hang out in amazing places. And I'm like, wow, how did, you know, writing code get me here? 00:08:39.060 --> 00:08:40.560 But it does. And it's great. 00:08:40.560 --> 00:08:47.080 Yeah, I think that says a lot about just how powerful it is to be able to make software these days, because 00:08:47.080 --> 00:08:54.780 you can take it in either direction. And so if you really want to just stay home and work on interesting 00:08:54.780 --> 00:09:00.760 projects on your own terms, writing Python code is a really good way to do that. And when I think about 00:09:00.760 --> 00:09:05.700 a lot of developers, I know, that's exactly what they do. And if I wanted to do that, I could. 00:09:05.700 --> 00:09:12.460 And then there's also this other side of it where if you want to travel the world, software development, 00:09:12.460 --> 00:09:18.960 and specifically Python, like, is a great avenue for that. I just think it's so exciting. It's a very good 00:09:18.960 --> 00:09:25.520 time to be a nerd. Yeah, that's definitely a true statement. So you said that you do some very 00:09:25.520 --> 00:09:31.320 incredible stuff that's traveling around, but also all a lot of boring things. Being CEO of Faster Than 00:09:31.320 --> 00:09:36.880 Light, like, you know, I can definitely relate to some of the stuff you're talking about, you know, 00:09:36.880 --> 00:09:43.160 running Talk Python and the training business, and all that. There's a lot of meetings with business 00:09:43.160 --> 00:09:49.660 partners, I definitely do a lot of accounting and taxes. And the one of the things I think that stands 00:09:49.660 --> 00:09:57.600 out really big, that I think a lot of people are not initially prepared for is marketing. And that 00:09:57.600 --> 00:10:06.620 kind of stuff, you know, like, how do you go from working in QA to understanding what you need to do 00:10:06.620 --> 00:10:12.720 around marketing? Because to me, like, building a software business, it, it's interesting, technically, 00:10:12.720 --> 00:10:18.380 it's challenging, technically, but those are kind of table stakes. And then you've got to get users and 00:10:18.380 --> 00:10:23.980 break through the noise and get people to care. So how did you get those skills? Because yeah, 00:10:23.980 --> 00:10:26.400 they're not really taught in any computer area. 00:10:26.800 --> 00:10:35.360 that happened over a very long period of time. So like 2004, I'm a QA analyst. And then 2008, 00:10:35.360 --> 00:10:43.220 I tried to do some just like digital marketing consulting. And I started to learn a few things 00:10:43.220 --> 00:10:48.200 there. And I did okay. I had some like small businesses, a guy who was selling sneakers on the 00:10:48.200 --> 00:10:55.940 internet, and I like, managed his AdWords and social media. So you know, I started small and worked my way 00:10:55.940 --> 00:11:02.660 up. And really, I've just been hustling so hard, like learning new skills and leveling up over the 00:11:02.660 --> 00:11:09.820 last 10 years, where in 2011, I tried to do my first startup. And that didn't really go because 00:11:09.820 --> 00:11:15.320 people didn't have a lot of confidence in me. And I there was a lot I still had to learn. Back to like 00:11:15.320 --> 00:11:20.000 2013 2014, I'm starting to learn a little bit more. And I've gotten some press attention. 00:11:20.000 --> 00:11:24.960 There's this process where I learned, like how you talk to the press and how you get noticed. 00:11:25.080 --> 00:11:29.080 Yeah, where initially, I've never been able to figure that out. That's very tricky. 00:11:29.080 --> 00:11:33.040 Oh, I'm happy to talk about that. It's probably out of scope for this. 00:11:33.040 --> 00:11:33.960 Yeah, probably. Maybe. 00:11:33.960 --> 00:11:40.880 That was one of the first things I learned. So want to like, you have to do or be something 00:11:40.880 --> 00:11:46.460 interesting, and then figure out how to tell the story to the press in a way that reflects the 00:11:46.460 --> 00:11:51.480 message you want to share. And then the big thing I learned was that in order to really break out, 00:11:51.680 --> 00:11:55.900 you either need a big audience, or you need someone with a big audience sharing things. 00:11:55.960 --> 00:12:02.820 I had all this envy from the founders who I saw who got traction and things went viral. And I just 00:12:02.820 --> 00:12:08.060 studied that a little bit obsessively to figure out like, how do I become or do that? Because 00:12:08.060 --> 00:12:12.980 I loved making software, but you it's not enough to make the software people have to use it. 00:12:12.980 --> 00:12:18.720 And then I kind of figured out how to be the person who has an audience. I'm not the person with the 00:12:18.720 --> 00:12:23.840 biggest audience. But you know, 13,000 people on Twitter, I can get attention in the press, 00:12:23.840 --> 00:12:29.300 there's different things that I learned how to do. But that was, I guess, the TLDR there is that was 00:12:29.300 --> 00:12:36.240 over 10 years of like, really studying it and trying things and eventually, like building up credibility 00:12:36.240 --> 00:12:40.660 and building up an audience up to the moment where people come to me now. And they're like, 00:12:40.660 --> 00:12:47.300 hey, I've got a job posting. Like, oh, cool. Like, I can be helpful there. Like that. That's 00:12:47.300 --> 00:12:52.080 not to remind myself of like what it used to be like, when I didn't have that. So I appreciate 00:12:52.080 --> 00:12:52.960 where we are. 00:12:53.200 --> 00:13:00.760 Yeah, absolutely agree that that's a huge part of the hidden success story of a lot of these types 00:13:00.760 --> 00:13:07.800 of things is there's that initial audience that care to this initial group. Obviously, that is part 00:13:07.800 --> 00:13:13.660 of my story with the podcast and whatnot I'm doing there. But you know, more mainstream examples would 00:13:13.660 --> 00:13:17.020 be like 37 Signals and Basecamp, right? 00:13:17.020 --> 00:13:18.060 Oh, I love them. 00:13:18.060 --> 00:13:23.020 Yeah, I do too. And even like, almost Ruby on Rails, like, as a thing itself, right? 00:13:23.820 --> 00:13:28.620 Those guys did a ton of writing. They had a huge blog following. And I feel like 00:13:28.620 --> 00:13:32.800 their products are really good. But there's a ton of, you know, project management products. 00:13:32.800 --> 00:13:38.780 I think that their writing and their blogs and their philosophy actually was a big secret to their success. 00:13:38.780 --> 00:13:39.900 I don't know. 00:13:39.900 --> 00:13:45.400 I'm happy to hear that. I think about that all the time. So I've been going through what they call 00:13:45.400 --> 00:13:52.540 mentor madness at Techstars London. That's a process where from nine o'clock until around one o'clock, 00:13:53.120 --> 00:13:58.020 we meet with all these mentors from Techstars. And it's like pretty wonderful. And they're all there 00:13:58.020 --> 00:14:02.420 to be helpful. But they also all ask questions about the businesses. They're trying to figure out 00:14:02.420 --> 00:14:08.000 which startups they want to work with the most. And it's good for us to practice or learn how to have 00:14:08.000 --> 00:14:12.740 good answers for that. And one of the things I get asked all the time is like, what's your moat, 00:14:12.740 --> 00:14:19.120 right? Like technology moat only lasts for so long. And I think like the only really good answer 00:14:19.120 --> 00:14:24.400 that we have, other than just like continually trying to stay on top of product innovation, 00:14:24.400 --> 00:14:31.760 is that kind of brand moat, right? So like, I have to go out there and evangelize code quality. And when 00:14:31.760 --> 00:14:36.820 you think of code quality, like you'll think of me and our team. And I'm excited about that, 00:14:36.820 --> 00:14:41.540 because I think it's really important. Like I'm happy to think about going and spending the next several 00:14:41.540 --> 00:14:47.380 years, kind of convincing and sharing and getting people really excited about shipping better code. 00:14:47.380 --> 00:14:53.460 But I also think like, what will make us different from other companies? It's like, well, if you think 00:14:53.460 --> 00:14:59.480 of us as the experts for that. So I think about that idea a lot. And I'm kind of happy about it. 00:14:59.480 --> 00:14:59.760 Yeah. 00:14:59.820 --> 00:15:04.780 On the one hand, there's something kind of crappy or like not great about the idea that the best 00:15:04.780 --> 00:15:10.540 products don't win, like, feels like in a fair or just world, like the best products will just win 00:15:10.540 --> 00:15:11.140 by default. 00:15:11.140 --> 00:15:15.400 Yeah, that's a harsh lesson. And I agree that that is not true, even though it should be. 00:15:15.400 --> 00:15:21.040 So I grew up in Queens, like with a single mom, and just in this environment where I felt like, 00:15:21.040 --> 00:15:26.340 I'm not making the rules. You know, like, I don't make the rules, but I have to figure out the rules, 00:15:26.420 --> 00:15:32.800 and kind of accept them, if I'm going to move ahead and achieve things. And so I think that's 00:15:32.800 --> 00:15:39.260 part of just like me being a sane person in this whole startup ecosystem. But I also think it's 00:15:39.260 --> 00:15:44.380 like part of me to the extent that I'm successful in the things that I set out to do. Because I just 00:15:44.380 --> 00:15:48.760 I'm just like, okay, like, these are the rules. This is what it is, right? It's like, we can build 00:15:48.760 --> 00:15:53.400 the best product that's never going to be enough. It's like, we just have to accept that and then figure 00:15:53.400 --> 00:15:58.180 out, okay, if we have this thing, we want people to play with it and try it. What does that mean? 00:15:58.180 --> 00:15:58.460 Yeah. 00:15:58.460 --> 00:15:58.840 Yeah. 00:15:58.840 --> 00:16:05.420 Well, yeah, you definitely have to be able to legitimately see all the ways that things are 00:16:05.420 --> 00:16:09.400 working all the rules. And then you can try to break them or try to be different. But you got 00:16:09.400 --> 00:16:13.300 to understand the playing field first, and then then you can start to get out there. 00:16:14.780 --> 00:16:19.540 This portion of Talk Python To Me is brought to you by Command Line Heroes. For the Free 00:16:19.540 --> 00:16:24.480 Software Foundation, making a free, as in speech, version of the Born Shell was critical for their 00:16:24.480 --> 00:16:29.720 operating system. Enter Brian Fox. Command Line Heroes, an original podcast from Red Hat, is all 00:16:29.720 --> 00:16:35.780 about the people who transform tech from the command line up. Episode 6 dives into the origins and evolution 00:16:35.780 --> 00:16:42.140 of the Born Again Shell, aka Bash. Bell Labs' Born Shell was the default for Unix. The Free Software 00:16:42.140 --> 00:16:47.760 Foundation, however, needed to create their own version for their not Unix operating system without 00:16:47.760 --> 00:16:53.240 using any of the Born source code. Get the story and subscribe to Command Line Heroes wherever you 00:16:53.240 --> 00:16:57.100 get your podcasts, or just visit talkpython.fm/heroes. 00:16:58.220 --> 00:17:05.340 So one of the really interesting things that I think you're doing is going through this tech 00:17:05.340 --> 00:17:10.980 accelerator, the startup accelerator, Techstars. How do you decide to come and do that? There's a lot 00:17:10.980 --> 00:17:17.140 of ways to start your business, right? You could just bootstrap it from the ground up. You could try to 00:17:17.140 --> 00:17:24.340 just go around and pitch VCs. You could do one of these accelerators. There's a bunch of options. 00:17:24.340 --> 00:17:30.260 What led you down this path? That's such a good question, actually, because it's so personal, 00:17:30.260 --> 00:17:35.360 and I feel like there's no right or wrong answer. And there's even a company inside our accelerator 00:17:35.360 --> 00:17:40.320 that doesn't really want to raise money and they want to bootstrap. Good for them. I think they're 00:17:40.320 --> 00:17:45.280 going to be very successful there. But for me, I thought it would be good for us to raise money 00:17:45.280 --> 00:17:50.520 you know, and like, just hire people to do the things that aren't our strength. You know, 00:17:50.520 --> 00:17:54.820 when I talk about like, I'm doing all this back office stuff, like, I have this fantasy where 00:17:54.820 --> 00:18:01.380 Sunday, someone else does that. And I have the same fantasy. Yes. I know. Right. So, you know, 00:18:01.380 --> 00:18:05.600 it's like, what is it? What's your dream? I love the idea of us getting big enough where 00:18:05.600 --> 00:18:11.200 I can really go around the world and just like evangelize code quality in our brand and like hire 00:18:11.200 --> 00:18:15.600 great people and have someone else who's doing like a lot of the operational stuff, which, 00:18:15.600 --> 00:18:20.840 you know, as companies get bigger, the CEO job does become more like representing and holding the 00:18:20.840 --> 00:18:25.620 vision and hiring and fundraising. Like, that's what I really want to do. But because we're a 00:18:25.620 --> 00:18:30.440 three person company, I'm going to do everything. So I had this fantasy that we became a bigger company 00:18:30.440 --> 00:18:34.720 and we could just do the things where we're really strong and hire other people to do the other stuff. 00:18:34.720 --> 00:18:38.780 That means you have to become a big enough company. You have to raise money. It's actually really 00:18:38.780 --> 00:18:44.720 hard to raise money without like other people vouching for you. And some of that is just the 00:18:44.720 --> 00:18:51.360 dynamic of how, I don't know how people work. It's such a big difference. If I go up to someone, 00:18:51.360 --> 00:18:56.020 I'm like, Hey, I have a company and I would like you to write me a check. And then they're like a 00:18:56.020 --> 00:19:00.800 little on edge. Like, who is this strange person? Like, that's not a normal way to approach a person, 00:19:00.800 --> 00:19:05.040 like a VC, like it's just not normal. And it's not how things are done in Silicon Valley versus 00:19:05.040 --> 00:19:14.120 now Eamon, who is the managing director at Techstars London will like tell VCs he thinks are a fit that 00:19:14.120 --> 00:19:18.820 like, there's this amazing company and, and you have to meet them and they have a round, but it's going 00:19:18.820 --> 00:19:23.080 to close soon because you know, like it's going to close soon. So you have to talk to them fast. And 00:19:23.080 --> 00:19:27.500 then they come in and they meet me. They've had experience with you too, right? The folks at Techstars 00:19:27.500 --> 00:19:31.780 and they can say, you know, actually, no, they're not crazy. I've been working with them for a couple 00:19:31.780 --> 00:19:37.400 months. It seems like they've got a solid plan. Like it rather than, you know, this one, the reason 00:19:37.400 --> 00:19:44.440 I brought up the marketing side of things is it's so much easier. I'm not gonna say easy, but easy 00:19:44.440 --> 00:19:50.360 or much easier compared to 10 years, 15 years ago to create software companies and to get them out to 00:19:50.360 --> 00:19:56.300 the world. But that means there are so many other, there's so much noise and so many other people trying 00:19:56.300 --> 00:20:03.060 to vie for the same attention. I think it's, in some ways it's harder to run a software business, 00:20:03.060 --> 00:20:07.500 but it's easier to create software, which is interesting. So I think any of these times that 00:20:07.500 --> 00:20:11.800 you can have just a little recommendation or something is really important. 00:20:11.800 --> 00:20:17.560 I think about that also because my CTO, Brett Thomas previously built and sold Vendicia. 00:20:17.920 --> 00:20:24.400 And when he started Vendicia, it was about 16 years ago. And that was a point in time when it 00:20:24.400 --> 00:20:29.480 was just, everything was slower and there was less competition, but he had to build everything from 00:20:29.480 --> 00:20:35.600 scratch. And so he's coming on now and like building all this stuff and we're like, chat with us on the 00:20:35.600 --> 00:20:39.900 Slack or a Zoom call. It'll be like, it's so cool. Like, you know, there's some new technology, 00:20:39.900 --> 00:20:44.960 whatever it is that does this thing that he used to have to build from scratch. And so we're really 00:20:44.960 --> 00:20:49.000 thinking about that day to day because he's learning all these new things and implementing 00:20:49.000 --> 00:20:54.100 them. And it's like, it's really cool to see. And it reminds me of how the ecosystem has changed. 00:20:54.100 --> 00:20:59.860 But the hard part is it's really hard to stand out. I think it's very hard to build a successful 00:20:59.860 --> 00:21:05.240 business these days. And everyone thinks that they can and lots of people try. And it's actually like 00:21:05.240 --> 00:21:10.260 really hard and sad to build a business and fail. That was another reason I wanted to do the 00:21:10.260 --> 00:21:15.620 accelerator is like the downside is they take a little equity, but the upside is like we have 00:21:15.620 --> 00:21:20.440 customer introductions and just all these people on our team now, right? Like the whole 00:21:20.440 --> 00:21:27.480 tech stars network, which is just this very powerful worldwide network that has the motto give first, 00:21:27.480 --> 00:21:32.540 which is very nice. And they seem to really mean it. Like it's warm and wonderful. And in fact, 00:21:32.920 --> 00:21:39.740 one of the co CEO of tech stars came into our office this morning in tech stars London, like I met him, 00:21:39.740 --> 00:21:45.500 I was really fanish. And for me, that's like a life changing thing to show up and you have all of 00:21:45.500 --> 00:21:50.680 these people backing you because entrepreneurship is just actually very lonely. We'll get together 00:21:50.680 --> 00:21:58.380 about once a week, all the CEOs in this batch. And some of them are not technical at all. And so you have 00:21:58.380 --> 00:22:06.920 like Banjo is this company and they send like letters to children about this cat that's traveling 00:22:06.920 --> 00:22:12.980 the world. And so it's not like everyone is also coding in Python or thinking about Python, but we all 00:22:12.980 --> 00:22:18.260 there's this camaraderie where we're all thinking about the same like entrepreneurship challenges. 00:22:18.260 --> 00:22:19.440 And that's been really nice. 00:22:19.440 --> 00:22:24.280 Yeah. It looks a little bit different than say like Y Combinator or something like that, 00:22:24.280 --> 00:22:28.420 where at least from the outside, I get the feeling that a lot of that is like super tech 00:22:28.420 --> 00:22:33.040 focused, right? They're trying to create Airbnb or Uber or something to that effect. 00:22:33.040 --> 00:22:39.600 Yeah. I think YC has like what they're looking for. And in some ways, like I got into this because 00:22:39.600 --> 00:22:46.540 of YC. I mean, I've been in startups since 1999, but I came to Silicon Valley and I met Paul Graham in 00:22:46.540 --> 00:22:53.760 2011. And I waited in line as he talked to nine people before me. And he told all of them that they 00:22:53.760 --> 00:22:59.280 should not do whatever they were doing. And I was like, Oh, and then I got there and I was like, I'm 00:22:59.280 --> 00:23:04.060 gonna do a Jewish dating site. And here's how I'm gonna do it. And here's my plan. He was like, you should 00:23:04.060 --> 00:23:09.660 go do that. And I was like, Oh, my goodness, Paul Graham said I should go do my startup. And then I went and I 00:23:09.660 --> 00:23:15.880 tried to do it. And I felt really motivated by that support. Yeah. So, you know, I always have to be a little 00:23:15.880 --> 00:23:22.040 bit grateful to Paul Graham. But I also feel like just I'm like not really aligned with a lot of YC stuff. 00:23:22.040 --> 00:23:27.780 Like they're really, they really want you to be in San Francisco. And like, I think I'm really excited 00:23:27.780 --> 00:23:33.300 about this idea that you can be anywhere in the world. And I think that speaks to some of what we 00:23:33.300 --> 00:23:37.780 talked about before, right? Like being a software developer, some of that should be this freedom of 00:23:37.780 --> 00:23:44.180 all we need is a Wi Fi connection and like a zoom link. And like, yeah, communication is hard and people 00:23:44.180 --> 00:23:48.440 are hard. But I think it's worth it to try to make that work. Yeah, I definitely appreciate the 00:23:48.440 --> 00:23:54.280 thinking about let people be where they want to be. And I think a lot of opportunities to hire 00:23:54.280 --> 00:24:00.480 interesting people get lost because somebody in a small town doesn't get the opportunities to meet 00:24:00.480 --> 00:24:05.220 the people and make the connections. There's probably some opportunity to connect people who are not right 00:24:05.220 --> 00:24:11.180 in the center of these tech hubs. Although London is a pretty good place to be as well. I love that town. 00:24:11.180 --> 00:24:13.680 And it's got a lot of interesting tech going on there. 00:24:13.680 --> 00:24:22.240 It's nice for me. I'm like on a new adventure. And I think you and I spoke earlier about being, 00:24:22.240 --> 00:24:29.060 you know, 40 and over and still starting a company. And I'm a good example of being older and still being 00:24:29.060 --> 00:24:33.060 an entrepreneur, but also like still being on my adventures, right? 00:24:33.220 --> 00:24:34.000 Yes, absolutely. 00:24:34.000 --> 00:24:40.140 I want to go to London. And I wanted to go to London for personal reasons. But it's also a really 00:24:40.140 --> 00:24:45.500 good decision for the company. And so the two things work together. There's a lot of reasons why I mean, 00:24:45.500 --> 00:24:52.200 just London is like a huge business hub. Like actually, Shoreditch is this really cool tech hub. And 00:24:52.200 --> 00:24:54.200 it's been really interesting to be here. 00:24:54.200 --> 00:24:58.300 Yeah, for sure. I've definitely spent some time in that part of London. And I know what you're talking 00:24:58.300 --> 00:25:03.960 about. It's great. I want to talk about this idea of being over 40 and starting a company. Because I 00:25:03.960 --> 00:25:08.920 also hear this around the context of just becoming a programmer at all. A lot of people feel like you're 00:25:08.920 --> 00:25:16.020 over 40. You've missed your chance, right? Like, for me, and it sounds like you pretty much as well, 00:25:16.020 --> 00:25:21.420 right? Like if, if you wanted to start a business, you should have done it in 1998. Right? The dot com 00:25:21.420 --> 00:25:27.900 when we were, you know, in our 20s, or that would have been great, probably. But I don't know that even that's 00:25:27.900 --> 00:25:33.640 necessarily a good idea. I think you get a lot of experience working in the industry. And then you have 00:25:33.640 --> 00:25:41.860 something meaningful to contribute other than just lots of energy and some ideas, right? Like, if we look at what 00:25:41.860 --> 00:25:46.860 you're doing with Faster Than Light, and Bug Catcher, you told me your story about how you started in QA, 00:25:46.860 --> 00:25:52.360 right? And that was kind of your launch into this whole tech world way back when, and you've been 00:25:52.360 --> 00:25:56.480 doing it for so long. And now you're starting this company in this and you've had all this experience, 00:25:56.480 --> 00:26:01.680 right? If the first year you got into it, and you started this company, like how, how much experience 00:26:01.680 --> 00:26:07.500 do you really have? And I think there's actually a lot of opportunities for people who are 40 and older. 00:26:07.500 --> 00:26:14.800 Yeah, 100%. I have so much to say on that. The first thing is we run a security company. And the 00:26:14.800 --> 00:26:21.100 whole premise is that we've seen a lot, we've done a lot, we know what we're doing, and we'll be around 00:26:21.100 --> 00:26:27.240 for a while, and you can trust us. So there are certain types of businesses that are hard to start 00:26:27.240 --> 00:26:32.640 when you're 21. So you can take advantage and leverage, you know, whatever experiences you have. 00:26:32.640 --> 00:26:39.760 And then I see some younger entrepreneurs really struggle. So for example, they'll get maybe like 00:26:39.760 --> 00:26:44.560 10 different pieces of advice from advisors or investors or mentors. And then they're like, 00:26:44.560 --> 00:26:49.980 Oh, what should I do? It's like, I'm 40. I know what we should do. And if I don't know, 00:26:49.980 --> 00:26:55.560 I'll sit down with the team and we'll talk it out and we'll figure it out. And there's this confidence 00:26:55.560 --> 00:27:00.880 kind of easiness that can come with being older and having a sense of who you are and what your 00:27:00.880 --> 00:27:06.820 values are. And that helps a lot in entrepreneurship. When you look at the businesses that have been really 00:27:06.820 --> 00:27:13.260 successful, a lot of them were started by older people. I think about my own life, right? So I did 00:27:13.260 --> 00:27:22.120 get started early in tech startups and in companies. But I also did a lot of meandering. Like I was a 00:27:22.120 --> 00:27:27.520 journalist and a yoga teacher. And then, you know, I went on this tremendous spiritual quest. I spent a 00:27:27.520 --> 00:27:34.180 year in like the Jewish equivalent of a monastery, like a yeshiva for women in Jerusalem. Like I did all 00:27:34.180 --> 00:27:43.820 this stuff that helped me really grow as a person. And then at 31, I did my first like C Corp startup, 00:27:43.820 --> 00:27:50.820 trying to get VC funding. And I came into that with the self-awareness and like all these qualities 00:27:50.820 --> 00:27:56.720 and character traits that I didn't have at 21. And that I also, I don't think other people have if 00:27:56.720 --> 00:28:01.840 they just kind of followed doing some consulting job or not really pushing their boundaries of who they 00:28:01.840 --> 00:28:08.620 are. So I feel like the adventures and the challenges I had in my 20s, I brought them into my 00:28:08.620 --> 00:28:13.560 30s. And that's one reason why I came up so fast as an entrepreneur. Because I came to Silicon Valley 00:28:13.560 --> 00:28:19.220 in 2011. And two years later, three years later, three years later, I was on the cover of the New 00:28:19.220 --> 00:28:24.900 York Times Sunday business. Wow, that is fat. That is incredible. That's awesome. That's fast. So how did 00:28:24.900 --> 00:28:33.680 that happen so fast? Because at 31, I had like a good 10 years of really getting to know myself, 00:28:33.680 --> 00:28:38.880 and really just figuring out like how to show up, like really show up. 00:28:38.880 --> 00:28:43.760 Yeah. It's really interesting your story. And I totally agree with it, right? Like, 00:28:43.760 --> 00:28:51.360 let me do some quick math. I guess I was around 42 when I started my business now. And it's, 00:28:51.360 --> 00:28:57.760 I don't look back and say, I wish I started earlier for most, most of the time. I wish I had 00:28:57.760 --> 00:29:03.980 started earlier only and starting earlier in the trend of what I'm doing, right? Like if I had started 00:29:03.980 --> 00:29:08.540 10 years earlier, it'd be easier to create like online video training, because fewer people were 00:29:08.540 --> 00:29:14.500 doing it, right? But that's not me as sort of my age. That's just opportunity timing, you know? 00:29:14.500 --> 00:29:20.120 Well, and now is the right opportunity for something that 20 years from now will feel really mainstream. 00:29:20.120 --> 00:29:25.400 And so I think there's this challenge of just looking at the moment you're in and trying to make the most of 00:29:25.400 --> 00:29:29.840 that. That's hard. But I think as you get older, those things get easier. 00:29:29.840 --> 00:29:33.920 Well, and then you have that, you have the perspective that you've been around for a while, 00:29:33.920 --> 00:29:36.920 you've seen the trends, you see how stuff plays out, you can make better bets on that. 00:29:38.920 --> 00:29:43.920 This portion of Talk Python To Me is brought to you by Linode. Are you looking for hosting that's fast, 00:29:43.920 --> 00:29:48.640 simple, and incredibly affordable? Well, look past that bookstore and check out Linode at 00:29:48.640 --> 00:29:55.900 talkpython.fm/Linode. That's L-I-N-O-D-E. Plans start at just $5 a month for a dedicated server 00:29:55.900 --> 00:30:01.000 with a gig of RAM. They have 10 data centers across the globe. So no matter where you are or where your 00:30:01.000 --> 00:30:05.640 users are, there's a data center for you. Whether you want to run a Python web app, host a private 00:30:05.640 --> 00:30:11.020 Git server, or just a file server, you'll get native SSDs on all the machines, a newly upgraded 00:30:11.020 --> 00:30:17.420 200 gigabit network, 24-7 friendly support, even on holidays, and a seven-day money-back guarantee. 00:30:17.420 --> 00:30:22.180 Need a little help with your infrastructure? They even offer professional services to help you with 00:30:22.180 --> 00:30:26.740 architecture, migrations, and more. Do you want a dedicated server for free for the next four months? 00:30:26.740 --> 00:30:29.800 Just visit talkpython.fm/Linode. 00:30:32.120 --> 00:30:37.180 There's another aspect, too, on the development side, which is I really like working with senior 00:30:37.180 --> 00:30:43.660 programmers. So I like working with junior people, too, but in a different capacity. I have two interns 00:30:43.660 --> 00:30:48.580 right now, and they know that they're interns, and they do intern-level work. And so they're learning, 00:30:48.580 --> 00:30:53.600 and they're growing, and I'm mentoring. And I think that's really, really important, actually. And I get a 00:30:53.600 --> 00:30:58.140 lot out of those relationships where they help me a lot by expanding just how much I can do in a day 00:30:58.140 --> 00:31:04.640 and kind of being cheerful and supportive and all of that. But for architecting software and getting 00:31:04.640 --> 00:31:11.540 it shipped on time and on deadline and without bugs, like, Brett and Reuben are both over 40. They have 00:31:11.540 --> 00:31:18.320 both been doing this for over 20 years. And I have so much confidence if there is a problem relating to 00:31:18.320 --> 00:31:23.220 back-end engineering, like, Brett will just fix it. If it's a really hard problem, it will take longer 00:31:23.220 --> 00:31:29.940 than if it's not a hard problem. But he will solve it. And if there is any CSS problem or, 00:31:29.940 --> 00:31:34.040 like, JavaScript, React, front-end, like, Reuben will figure it out, and he will do it. 00:31:34.040 --> 00:31:39.080 And I have hired people who were more junior in their careers, and they just didn't have that. So 00:31:39.080 --> 00:31:43.060 junior people are wonderful. We have to mentor them. We have to support them. We have to bring 00:31:43.060 --> 00:31:48.720 them into our organizations. But we also have to appreciate that senior people have a capability 00:31:48.720 --> 00:31:51.600 that comes from that, you know, all that experience. 00:31:51.600 --> 00:31:58.780 I totally agree. So let's talk a little bit about your business that you're building and this whole 00:31:58.780 --> 00:32:07.640 side of security, basically finding security problems in software, right? So let's start. 00:32:07.640 --> 00:32:08.740 There are so many. 00:32:08.740 --> 00:32:09.340 Yes. 00:32:09.340 --> 00:32:10.180 It's not hard. 00:32:11.360 --> 00:32:17.460 I'm sure it's not. So let's start with just the overall idea and the name of what you're building. 00:32:17.460 --> 00:32:24.960 Yeah, we are Faster Than Light. And that is our goal. Our goal is to be faster than light at static 00:32:24.960 --> 00:32:26.660 analysis and other security tools. 00:32:26.660 --> 00:32:32.420 Yeah, awesome. So primarily what you're doing is you're trying to democratize and speed up 00:32:32.420 --> 00:32:39.180 static analysis of code, right? So I've got some software, and I've written it, I put it on the 00:32:39.180 --> 00:32:43.340 internet. But who knows how long it's going to stay safe up there. 00:32:43.340 --> 00:32:49.640 That's a mistake. Don't do that. Take it, undo it. Revert, un-pull. 00:32:49.640 --> 00:32:56.740 So I can run my software, whether it's Flask or Django or whatever, through your tool, the source code 00:32:56.740 --> 00:33:03.060 through your workflow, and it'll tell me things that are potentially wrong with it, right? Like, 00:33:03.060 --> 00:33:08.240 for example, if I'm running Flask in debug mode, and then I just put it on the internet. 00:33:08.240 --> 00:33:09.060 Don't do that either. 00:33:09.060 --> 00:33:16.540 You know, there's the VexoEg debugger that you can just open up and see what's happening and 00:33:16.540 --> 00:33:21.460 issue commands, all sorts of craziness may just be on the internet for people to find, 00:33:21.460 --> 00:33:25.980 right? And there's literally tools that go around and look for that kind of stuff and have a catalog, 00:33:25.980 --> 00:33:31.280 right? Like Shodan and some of these tools will just like, show me all the, you know, sites that have 00:33:31.280 --> 00:33:34.160 this open and I can just talk to it. So you want to know about that? 00:33:34.240 --> 00:33:39.060 Yeah, I think we're seeing a lot of that. I think the Capital One hack that happened recently is a good 00:33:39.060 --> 00:33:45.200 example where they had something misconfigured and the hacker got in. Like this sort of thing is very, 00:33:45.200 --> 00:33:50.380 very common. It can happen to anyone. Part of my mission, what I'm trying to do here with the 00:33:50.380 --> 00:33:57.940 whole team at Faster Than Light is just make it easier and faster and simpler for people to test and ship 00:33:57.940 --> 00:34:03.620 more secure code. And I like static analysis as a way to get into that because it's really 00:34:03.620 --> 00:34:08.200 accessible to anyone. It's something that an individual developer can do. So on the one hand, 00:34:08.200 --> 00:34:12.920 it's something that like big corporates do and like, that's good because it means like we have a business 00:34:12.920 --> 00:34:18.240 model and know like we can eventually kind of stay in business. But for individual developers, 00:34:18.240 --> 00:34:24.700 like I think that's where my heart is because it's a way for you to level up as a developer and 00:34:24.700 --> 00:34:29.460 just ship higher quality code. Well, there might be some kind of problem with the software that 00:34:29.460 --> 00:34:33.520 you've written. Maybe you don't have someone doing the code review, you wouldn't know anything about 00:34:33.520 --> 00:34:38.520 it. But if you put it through some sort of static analysis like this, it'll say, oh, did you know 00:34:38.520 --> 00:34:44.600 that you are sending commands to the shell and you're not sanitizing user input? You're like, wait, 00:34:44.600 --> 00:34:48.380 I needed, is that a thing I should worry about? I didn't even know I needed to worry about that. 00:34:48.380 --> 00:34:53.620 Right. So it can help you learn a lot about these things just by discovering like a problem that you 00:34:53.620 --> 00:34:58.300 didn't even realize was a problem. That actually can be a way for someone to like come into security 00:34:58.300 --> 00:35:04.300 for the first time, like scan your code, see what issues come up and then learn about those issues 00:35:04.300 --> 00:35:10.780 and how to fix them. Right. So I would love to eventually create like content and stuff on our 00:35:10.780 --> 00:35:17.080 website and videos about how to fix these issues. So hopefully that'll be coming down the pipe soon. 00:35:17.080 --> 00:35:21.920 But in the meantime, there's a lot of information available. And if there is a pretty serious 00:35:21.920 --> 00:35:27.300 security issue, you know, you should fix it. The tools are helpful for that. We're building on top 00:35:27.300 --> 00:35:32.380 of open source tooling, which I'm actually really happy about because these existing open source tools 00:35:32.380 --> 00:35:38.420 are actually really, really good. It's just that they're a little bit of work to set up and to use. 00:35:38.420 --> 00:35:44.480 And for me, I'm kind of impatient about doing that kind of configuration. And I think for people inside 00:35:44.480 --> 00:35:49.380 companies, like you just have so much to do, right? Like you have too much to do in a day. 00:35:49.380 --> 00:35:55.080 So we built a tool that saves you the trouble of the configuration. And it's free. We certainly we have 00:35:55.080 --> 00:35:58.900 a free tier. At some point, we'll put a paywall up, but we're always going to keep a free tier for 00:35:58.900 --> 00:36:06.080 developers. So for us, we think that what's useful for developers is just making it like a super, 00:36:06.080 --> 00:36:11.720 super fast to test your code. So what we've done in terms of interface is we have a command line tool 00:36:11.720 --> 00:36:17.660 coming next week. And we have right now a website interface where you just upload your code. We run 00:36:17.660 --> 00:36:22.940 bandit against it. And then we give you a PDF with the results. And then we hope you'll go and you'll 00:36:22.940 --> 00:36:28.820 fix things. Yeah, that's cool. I guess you can message me or grab. Yeah, yeah, for sure. So the command line 00:36:28.820 --> 00:36:35.240 tool sounds really nice and pretty obvious for the upload. Do you like zip a folder and upload the folder 00:36:35.240 --> 00:36:40.200 or something like that? Or how does it? Yeah, how's that work? You can just drop a folder in. 00:36:40.200 --> 00:36:44.660 And that's part of what like we flatten the dependencies and we make it kind of easy for 00:36:44.660 --> 00:36:50.600 you to just like drop all the code in. Right now we can run tests against give or take like a thousand 00:36:50.600 --> 00:36:53.060 files, which is actually like a lot. 00:36:53.600 --> 00:36:55.440 Yeah, for Python code, that's a lot actually. 00:36:55.440 --> 00:37:02.180 It is a lot. That's well, that's part of what we want to do. I'm very impatient. I was like, 00:37:02.180 --> 00:37:07.040 it should just all be like instantaneous and make it as easy as possible. Like everyone should just 00:37:07.040 --> 00:37:12.380 test their code and not have to wait for the scans to run. And I think I'm a little bit unreasonable 00:37:12.380 --> 00:37:16.680 in what I'm hoping to do here. And that's some of that is like Brett has set the bar really high 00:37:16.680 --> 00:37:22.740 because there's a lot that he's capable of getting done. So we are building this parallelization tech, 00:37:22.740 --> 00:37:28.260 which is exciting. And it's going to run the scans in parallel. I'm very excited about that. That'll 00:37:28.260 --> 00:37:33.920 make things very, very, very fast. And that should be live in a few weeks. But in the meantime, 00:37:33.920 --> 00:37:42.300 the site works, you can go to bugcatcher.fasterthanlight.dev and upload your Python code and test it. And if you 00:37:42.300 --> 00:37:46.320 have questions about the things that come up, like you don't know what the errors are, how to fix them, 00:37:46.640 --> 00:37:51.780 my DMs are open on Twitter and we can figure out like, what's the best way to get in touch. But I 00:37:51.780 --> 00:37:56.080 just, I want everyone, please test your code. And if I can help you test your code, let me know. 00:37:56.080 --> 00:38:01.260 Yeah, that's, it's a great service that you're providing. I mean, people can go and set up 00:38:01.260 --> 00:38:06.020 the tooling, but to be able to just drop it in there and get an answer and not have to think about 00:38:06.020 --> 00:38:12.000 learning how to set up something like Bandit or something like that. It's, it's really nice. I'm sure 00:38:12.000 --> 00:38:16.600 there's a lot of folks who go, we should probably test this for security, but I haven't. 00:38:16.600 --> 00:38:21.400 done it right. But if it's a matter of just dropping it in, one thing that comes to mind for me that 00:38:21.740 --> 00:38:27.700 really interesting is some form of like GitHub integration. Yeah. That's on the roadmap. 00:38:27.700 --> 00:38:33.240 Yeah. Yeah. So like if I'm going to accept a PR, it would be great. I have capabilities and GitHub 00:38:33.240 --> 00:38:38.940 to plug it into continuous integration, build pipelines or flake eight or something like that. 00:38:38.940 --> 00:38:45.240 But just like one more like, Oh, and you know, faster than light gives it the green check. So 00:38:45.240 --> 00:38:48.280 from a security perspective, nothing super obviously broken. 00:38:48.740 --> 00:38:53.700 Yeah. I can see the usefulness of that because we run into a lot of issues, right? Like just accepting 00:38:53.700 --> 00:38:58.780 pull requests or kind of accepting things that are upstream. And it's been actually really cool to see 00:38:58.780 --> 00:39:05.800 like you've got a sneak here in London is doing stuff for testing like upstream things in open source. And 00:39:05.800 --> 00:39:11.760 there's a lot of awareness around that. But pull requests and for sure, just your own code, like the biggest, 00:39:11.760 --> 00:39:18.140 how do they say, you know, like the dangers in the house, like the biggest risk is the code that you're writing yourself. 00:39:18.140 --> 00:39:19.160 You're the biggest risk. 00:39:19.160 --> 00:39:21.820 The call is coming from inside the house. That's right. 00:39:21.820 --> 00:39:22.260 That's right. 00:39:22.760 --> 00:39:25.620 That's right. The bug is coming from inside your basement. 00:39:25.620 --> 00:39:32.800 Yeah. Interesting. So this is analyzing your code. Do you all do anything around dependencies? Right. So 00:39:32.800 --> 00:39:40.720 I write some code. It depends on package X package X depends on three more. Do you do anything 00:39:40.720 --> 00:39:45.840 around tracking or analyzing that kind of stuff? I mean, you probably don't download and analyze it, 00:39:45.840 --> 00:39:50.360 but do you have any warnings for issues that are like downstream or upstream, I guess, rather? 00:39:50.360 --> 00:39:55.140 No, right now, sneak is probably the first company that comes to mind for that. And there might be 00:39:55.140 --> 00:40:00.100 others. What we do is like, we'll analyze whatever you throw at us. Yeah, sure. And we're increasing the 00:40:00.100 --> 00:40:06.820 capabilities and also our speed. And so, you know, you could just once we have a little more speed up and 00:40:06.820 --> 00:40:11.760 running in terms of the parallelization that we could offer, like you could just dump all of that 00:40:11.760 --> 00:40:18.700 into faster than light. And we will run, you know, find bugs and bandit. And like, we're going to be 00:40:18.700 --> 00:40:23.100 including, you know, JavaScript scanners and like all these different things. And so, you know, 00:40:23.100 --> 00:40:28.280 coming down the pipeline, just like drop it all in and we'll scan it. But you'd have to go and like 00:40:28.280 --> 00:40:32.920 grab all of it and give it to us. Yeah. Well, one of the problems with these kinds of tools, I think, 00:40:32.920 --> 00:40:39.840 is sometimes it'll tell you you shouldn't do something like, but in this case, it's okay. I know 00:40:39.840 --> 00:40:45.640 actually what's happening means this value will never come from user input. It's only going to 00:40:45.640 --> 00:40:51.000 come from what we type in the CMS, for example, or whatever. Right. And you're still going to get 00:40:51.000 --> 00:40:55.220 that warning that, you know, you're not escaping this and like HTML encoding. You're like, that's 00:40:55.220 --> 00:40:59.580 because I don't want to, you know what I mean? Right. And I see if you would add that to like all 00:40:59.580 --> 00:41:04.260 the dependencies, you would just get a huge number of false positives as well. And it could just be like 00:41:04.260 --> 00:41:09.220 overwhelming. You know, I talked to a lot of people who say that they would do static analysis, 00:41:09.220 --> 00:41:14.160 and they need it to be faster. Like, okay, good. We can do that. But they also just want to see the 00:41:14.160 --> 00:41:19.000 top 20 bugs or they don't want to see the noise. So we're able to show you just the top bugs because 00:41:19.000 --> 00:41:23.560 we have this interface. And so it's pretty easy for us to give you settings where you choose that. 00:41:23.560 --> 00:41:28.380 In terms of saying you don't want to see certain errors anymore, like banded and a lot of the open 00:41:28.380 --> 00:41:33.340 source tools already have like pretty good features for that. And then of course, like we can do that 00:41:33.340 --> 00:41:37.060 too. And I think that's part of the challenge with static analysis is like, 00:41:37.060 --> 00:41:42.520 right now, you always need a human to do the review. And part of what makes static analysis 00:41:42.520 --> 00:41:46.860 so frustrating is it's just it's like a spell checker. And there's like all these things are 00:41:46.860 --> 00:41:51.080 just like, I just none of these are relevant. But then there's the two things that it catches that 00:41:51.080 --> 00:41:56.060 like you really needed to catch those things. And so it's still not optional. But I think a lot about 00:41:56.060 --> 00:42:01.420 like, how do we reduce all of that noise? We have an annotation feature, which we're pretty excited 00:42:01.420 --> 00:42:05.960 about. We don't talk about it much. It's like it's not deep tech. It's just like the ability to write 00:42:05.960 --> 00:42:11.520 notes. But if you are sharing your reports with other people, it can be kind of neat. 00:42:11.520 --> 00:42:16.740 Like, just make a little note like, okay, it says that there's like an API key there. It says that 00:42:16.740 --> 00:42:21.440 like, there's this problem, but actually, it's fine. It's safe. Like we're aware of it. And like, 00:42:21.440 --> 00:42:26.400 please don't not buy us for like, please don't yell at us about this. Because that's one of the big 00:42:26.400 --> 00:42:30.340 problems, right? It looks like there's bugs sometimes when everything is just fine, because 00:42:30.340 --> 00:42:31.900 the code is written safely. 00:42:31.900 --> 00:42:37.760 That's another interesting thing. If you might be licensing your source code or your software, 00:42:37.760 --> 00:42:44.860 or you're actually being acquired, or something like this, a lot of times, those situations will 00:42:44.860 --> 00:42:49.460 require that your code go through a whole bunch of different auditing and security checks, right? 00:42:49.460 --> 00:42:56.100 And so it would be great if you as you built your software, you already mostly removed all those 00:42:56.120 --> 00:43:00.300 things and kept track of them, right? Yeah, it'd be good to not be surprised in those moments. And 00:43:00.300 --> 00:43:06.400 actually, acquisitions can be really difficult. And that's like the type of thing where the acquisitions 00:43:06.400 --> 00:43:10.180 take a lot longer than people expect. Yeah. I don't think a lot of your listeners are in that 00:43:10.180 --> 00:43:14.160 situation. But if you are, I guess like good for you. Yeah, these are good problems to have for sure. 00:43:14.160 --> 00:43:18.860 But I guess maybe another way to look at it is if you take finished software that's been around for a 00:43:18.860 --> 00:43:23.260 long time, that's pretty big and complicated, and you throw it at static analysis, it can be kind of 00:43:23.260 --> 00:43:28.660 overwhelming. If you use it from the start, it's a couple issues here and there, and you address them 00:43:28.660 --> 00:43:33.960 as they go. But if 10 people have been working for a couple years, whose job is it to go back and fix 00:43:33.960 --> 00:43:38.340 all those problems? And that can be really overwhelming. Yeah, I was just talking about that 00:43:38.340 --> 00:43:44.600 with my friend Alex, an ECO at StepSize, and they deal with tech debt. And part of their thesis is you 00:43:44.600 --> 00:43:49.820 want to handle the tech debt a little bit at a time. Yeah. So it's manageable. And he was saying, 00:43:49.820 --> 00:43:54.920 you know, static analysis is maybe the same thing, like, just keep doing it regularly. And then it 00:43:54.920 --> 00:43:59.860 doesn't become overwhelming. But yeah, I think if you were gonna scan like a million lines of code, 00:43:59.860 --> 00:44:04.240 and I'm talking to a pen tester right now, he has a million lines of code that he has to scan. It's like, 00:44:04.240 --> 00:44:07.220 that company is going to be sad. That's just a lot. 00:44:07.220 --> 00:44:08.480 Yeah. 00:44:08.480 --> 00:44:13.820 So I think we're security people. And part of the message from security people is like, 00:44:13.820 --> 00:44:17.500 please do this all the time. I don't know how to not be annoying about that. I want to make it fun. 00:44:17.820 --> 00:44:19.780 And I guess, wish me luck. 00:44:19.780 --> 00:44:25.440 Yeah, good luck for sure. Well, I do think minimum friction is part of it. That's why I was thinking 00:44:25.440 --> 00:44:29.760 of like, in automatic integration with GitHub, when you check in and stuff, because then, 00:44:29.760 --> 00:44:33.640 oh, yeah, you don't have to even ask anyone to do it. It just happens automatically, 00:44:33.640 --> 00:44:38.580 they get a little like check marker or warning or whatever. And you can ignore it or not. But it's 00:44:38.580 --> 00:44:43.200 like, right, it's just happening right there all the time. And I think that would actually help a lot. 00:44:43.340 --> 00:44:47.760 Yeah, I think that's right. That's on our roadmap for September. But it's always it's always nice 00:44:47.760 --> 00:44:51.960 when something that we think is important, you know, someone like you also thinks is important. 00:44:51.960 --> 00:44:57.580 And I we've been thinking about it as like, when you check in your code, you'll get that feedback. 00:44:57.580 --> 00:45:01.980 But I love the idea of integrating it. So you can scan the pull requests as they come in. 00:45:01.980 --> 00:45:05.340 Because that's like, you don't want to bring in, you know, bad pull requests. 00:45:05.460 --> 00:45:08.560 Yeah, for sure. And then there's so many of the tools that happen kind of automatically, 00:45:08.560 --> 00:45:12.740 if you had to go then check out the pull requests, and then you'll run it locally, 00:45:12.740 --> 00:45:15.980 or then upload it somewhere like it just just had that integration, like that friction, 00:45:15.980 --> 00:45:21.820 it would be gone be great. So let's talk about some of the issues that you would find running 00:45:21.820 --> 00:45:26.900 through your system. Now, you already said this basically runs on top of bandit for Python, 00:45:26.900 --> 00:45:33.360 Python and find bugs for Java. So yes, most importantly, your service is making this 00:45:33.360 --> 00:45:38.120 easy, giving you the reports to share it, making it fast, all those kinds of things. 00:45:38.120 --> 00:45:44.760 So understanding what you could find is pretty much at the moment looking at what say bandit can find, 00:45:44.760 --> 00:45:49.480 right? Right. Although I think we're going to bring in other tools. Of course. And that's 00:45:49.480 --> 00:45:54.760 exciting. But like bandit is really comprehensive. And you look at, you know, what are the range of 00:45:54.760 --> 00:45:59.180 things you should be worried about in Python? And people say, Oh, like Python is a safe language. 00:45:59.180 --> 00:46:06.220 It's not like C. But actually, you know, okay, fine. Like it's not like C, but you can still get 00:46:06.220 --> 00:46:11.400 possible SQL injection vector through string based query construction. All right, right. 00:46:11.400 --> 00:46:17.600 Exactly. Little Bobby tables would work in Python just as well. 00:46:17.600 --> 00:46:24.300 A flask app appears to be run with debug equals true and allows the execution of arbitrary code. 00:46:24.300 --> 00:46:29.240 There are a lot of these bugs. And if you don't run the analyzer, like it's very easy to write bugs. 00:46:29.240 --> 00:46:34.380 Actually, some of the well, what I was thinking about when I talked about the junior developer not 00:46:34.380 --> 00:46:38.120 knowing they're doing something wrong when they are is probably the first thing that comes to mind is 00:46:38.120 --> 00:46:44.980 SQL injection, right? Where you just construct SQL strings out of static SQL strings plus variables 00:46:44.980 --> 00:46:49.680 where the values of the query filter bits go and like that's always really bad. So you would find that, 00:46:49.760 --> 00:46:57.580 of course, the flask debug true, obviously bad. It's very easy to tell if, you know, app.run has debug 00:46:57.580 --> 00:47:02.460 equals true in it. So that should never be there. But then there's other stuff that's more subtle, 00:47:02.460 --> 00:47:05.780 like auto escape, for example, in Jinja and flask. 00:47:05.780 --> 00:47:10.620 I am going to let you talk for a minute while I go plug my laptop in. I am at 4%. 00:47:10.620 --> 00:47:17.760 Oh yeah, no worries. No worries. So like, I didn't know that Jinja did not auto escape 00:47:17.760 --> 00:47:24.520 the inputs. The reason is because I usually work with Chameleon. I don't work with Jinja that much 00:47:24.520 --> 00:47:32.280 as often. And I don't use it in that context. But it turns out that if I've got some structured HTML, 00:47:32.780 --> 00:47:38.440 and I just convert to a string, you know, double curly bracket, it will come back out as whatever I put in, 00:47:38.440 --> 00:47:47.640 which is super bad if that is user input, right? If I'm in a forum, and I type in curly bracket script, 00:47:47.640 --> 00:47:56.380 do this bad thing, then when that gets viewed by or rendered by Jinja, it's basically some form of 00:47:56.380 --> 00:48:02.660 injection attack, which is not good. So checking for things like auto escape equals false. And it 00:48:02.660 --> 00:48:05.980 even shows you how to turn it on. I think these are all really interesting. Let's see what else. 00:48:05.980 --> 00:48:10.580 What else do we got there? That's, that's pretty interesting. There's stuff about sending commands 00:48:10.580 --> 00:48:14.180 to the shell. There's all sorts of things that I think are really worth, you know, flipping through 00:48:14.180 --> 00:48:16.320 that list and definitely running that against your code. 00:48:16.320 --> 00:48:21.900 Yeah. And one of the things that we do is just prioritize, you know, the highest priority bugs 00:48:21.900 --> 00:48:27.180 show up at the top. I think Banda probably does that as well, if you just run the tool and get the 00:48:27.180 --> 00:48:33.520 output. Yeah. And so you can just find like, one of the things that static analysis is it can give you 00:48:33.520 --> 00:48:39.520 suggestions for like formatting errors, like maybe you don't care about that so much. But you'll see like 00:48:39.520 --> 00:48:46.480 the highest priority errors are security related. And I think I'm actually really excited for junior 00:48:46.480 --> 00:48:52.800 developers to take those as a way to like go and learn some security things. And for senior developers, 00:48:52.800 --> 00:48:59.120 we run our own code against our tool after we built it and we found stuff and we fixed it. 00:48:59.120 --> 00:49:02.380 And so like bugs, it can happen to you. 00:49:02.860 --> 00:49:09.420 Yeah, that's pretty awesome. It's I love these sort of meta experiences where like your tool analyzes 00:49:09.420 --> 00:49:16.700 your tool or, you know, your language writes your language, the compiler and runtime for your 00:49:16.700 --> 00:49:20.920 language or something like this, right? It's, it's always fun to see that in the tech space. 00:49:20.920 --> 00:49:23.020 The first code that we ran was ours. 00:49:23.020 --> 00:49:27.860 Nice. That's really cool. So let's talk really quickly about the business model for what you're 00:49:27.860 --> 00:49:30.500 building here. I think, you know, some folks that are thinking about software business, 00:49:30.580 --> 00:49:34.620 you'll probably find your thinking on that interesting. So you said there's going to be 00:49:34.620 --> 00:49:40.680 a free tier for individual developers to do some level of analysis, but then also, 00:49:40.680 --> 00:49:46.440 yeah, maybe something bigger for like enterprises or just give us your thoughts on how that comes 00:49:46.440 --> 00:49:46.720 together. 00:49:46.720 --> 00:49:51.120 Yeah, it feels really important to me and not just me. I think there's a lot of conventional 00:49:51.120 --> 00:49:55.860 wisdom around this that if you have a developer tool, like you have to make it accessible to 00:49:55.860 --> 00:49:59.680 developers. And in our case, it just makes a lot of sense to have at least, 00:50:00.360 --> 00:50:03.540 we have to figure out exactly what does it look like, but like some kind of free tool 00:50:03.540 --> 00:50:08.400 so devs can use it and play with it. And because like, we actually really want people to write 00:50:08.400 --> 00:50:12.940 and ship better code. Our parallelization deck is really expensive. So we're not going to give 00:50:12.940 --> 00:50:18.440 that away. But like, you don't really need that if you're one developer uploading, like a reasonable 00:50:18.440 --> 00:50:23.960 number of files, you don't need to have it go and like super speed. And there's this concept 00:50:23.960 --> 00:50:29.300 of like, just build it and give it away, like for free with no business model and just lots of VC 00:50:29.300 --> 00:50:34.200 funding. And that just feels really a little bit dishonest to me. Like if people figure out how to 00:50:34.200 --> 00:50:39.600 make that work, I think that's cool. Like cockroach labs just raised a bunch of money and they seem to 00:50:39.600 --> 00:50:45.280 be doing like a really good job of balancing, like having started off as a free open source tool and then 00:50:45.280 --> 00:50:46.620 figuring out an enterprise model. 00:50:46.780 --> 00:50:51.320 Yeah, that's interesting. Yeah. Just so people know, cockroach labs, they create a thing called 00:50:51.320 --> 00:50:57.060 cockroach DB, which I haven't had a lot of experience with it, but it's supposed to be like a globally 00:50:57.060 --> 00:51:02.300 distributed, redundant database server. That's about all I know about it. But yeah, they're definitely 00:51:02.300 --> 00:51:04.560 I saw this raised a big round as well. 00:51:04.560 --> 00:51:09.340 Yeah. And I think they seem to be doing a really good job. And I've met with some folks from cockroach 00:51:09.340 --> 00:51:14.860 labs and I like them a lot. But for us, like for me and Brett and Reuben, we looked at like who we were 00:51:14.860 --> 00:51:18.860 and who we wanted to be. And we're like, we just think there's something really honest and really 00:51:18.860 --> 00:51:21.700 sincere about just making software and charging for it. 00:51:21.700 --> 00:51:28.340 I think that is so undervalued because so often, you know, the get a bunch of money, get a bunch of 00:51:28.340 --> 00:51:32.780 users and we're going to figure out how to make money from them. It sets up a lot of bad incentives 00:51:32.780 --> 00:51:34.820 to not put users first. 00:51:34.820 --> 00:51:40.940 Yeah. Well, and it runs counter to like security industry thinking. You know, I think a lot of 00:51:40.940 --> 00:51:47.240 security people are very aware of like being the product and not like the user. Like you look at 00:51:47.240 --> 00:51:52.420 all these ad driven businesses. It's like, okay, like does Twitter think I'm the user or do they 00:51:52.420 --> 00:51:57.500 think I'm something else? Like, I don't know. Like you don't know always it's confusing. And so we 00:51:57.500 --> 00:52:05.100 wanted to have this simplicity where like you pay us and you know, you're the user. And if it's a free 00:52:05.100 --> 00:52:10.820 tier, then it's like, we just want developers to like love it and say nice things and give us feedback. 00:52:10.820 --> 00:52:16.520 And I think there's a certain honesty in that too, where it's like, okay, like not everyone has a 00:52:16.520 --> 00:52:20.780 ton of money and, but you should still be able to try it. Like you shouldn't have to pay money just 00:52:20.780 --> 00:52:26.200 to try it. And we are really excited to give some things away for open source. So we have to figure 00:52:26.200 --> 00:52:30.460 out like, what's the scope of that. But if you have an open source project, like we really want you 00:52:30.460 --> 00:52:35.040 using the tool. So like as much as you need for like who you are and we don't want to charge you for 00:52:35.040 --> 00:52:40.100 that. So we've talked about that a bit internally and we want to charge enterprises like a ton of 00:52:40.100 --> 00:52:44.660 money. Like, so that's also, and I feel just fine about that. Like enterprises have a lot of money and 00:52:44.660 --> 00:52:50.920 they are wasteful about it. And we just want to help them to like be secure and actually like use 00:52:50.920 --> 00:52:55.020 services that work and that are efficient. So I like that model. Yeah. 00:52:55.020 --> 00:53:01.300 Well, around the enterprises, you know, I, a couple of thoughts. One, I feel like so many companies, 00:53:01.300 --> 00:53:08.980 I don't know what the percentage is, but it's gotta be in the, you know, 99% plus they take so much 00:53:08.980 --> 00:53:17.360 benefit from open source. They build so incredibly much on open source and they give back almost zero. 00:53:17.360 --> 00:53:23.620 Like that's such a problem, right? Like a bank that makes a hundred billion dollars a year. Could they 00:53:23.620 --> 00:53:28.620 donate a million a year to open source? Sure. They could do they, maybe they employ a core developer, 00:53:28.620 --> 00:53:34.780 which is great, but they could do a lot more and it would be in their interest to do so. And the other is 00:53:34.780 --> 00:53:40.260 the consequence of failure at that level is really high. You mentioned Capital One, you can look at 00:53:40.260 --> 00:53:47.100 Equifax. You can, if there are these security problems, right, it's really bad. So it's also worth 00:53:47.100 --> 00:53:50.800 their money. Yeah, yeah, exactly. So it's, it seems like totally reasonable to me. 00:53:50.800 --> 00:53:55.660 Yeah. And I think what we'll want to figure out as a company is how do we give back to the open source 00:53:55.900 --> 00:54:01.340 tools that we build on top of. And while we're a three person team, like that's a little tricky. 00:54:01.340 --> 00:54:06.940 We had an intern who was going to come in and like give back and like contribute and do pull requests 00:54:06.940 --> 00:54:13.160 to bandit and find bugs. And then the intern had to drop out. But that was like one idea I had. I was 00:54:13.160 --> 00:54:17.760 like, okay, we'll bring in people and their whole job will just be to give back to these tools that 00:54:17.760 --> 00:54:19.640 we're on top of. Yeah. That seems really good. 00:54:19.780 --> 00:54:24.080 Yeah. So we're really early in that. But I think like we're thinking about it and we care about it. 00:54:24.080 --> 00:54:28.640 That's a good start. And as we find bugs, like as we use these tools and we find issues in the 00:54:28.640 --> 00:54:36.260 documentation or like actual bugs, we can do pull requests. But also now like larger enterprises or 00:54:36.260 --> 00:54:40.380 even just smaller businesses can use those open source tools a little more easily. And I feel pretty 00:54:40.380 --> 00:54:45.440 good about that. I actually, I love all the business model stuff. And I'm, I'm actually really happy with 00:54:45.440 --> 00:54:51.680 our business model. I like the idea. Like we are like, we make stuff and you buy it, we hope, 00:54:51.680 --> 00:54:57.800 and we appreciate it. And that helps us stay in business. And even if we do take funding, 00:54:57.800 --> 00:55:05.420 like that funding is to grow. It's not confusing us about like our business model isn't that VCs pay us. 00:55:05.420 --> 00:55:10.140 That's definitely a short term one. Yeah. So I think that's a really genuine model. And I think that's 00:55:10.140 --> 00:55:15.420 nice. Thanks for sharing that. So we're about out of time, but I do want to give you a chance before we 00:55:15.420 --> 00:55:20.920 call it a show. So you just give a quick shout out to your book, Lean Out. Oh, yeah. Thank you. 00:55:20.920 --> 00:55:26.060 Yeah, you bet. So the title is Lean Out the Struggle for Gender Equity in Tech and Startup Culture. And you 00:55:26.060 --> 00:55:29.460 talked a little bit about that earlier. Do you want to just tell people quickly about your book? 00:55:29.460 --> 00:55:35.900 Yeah, Lean Out is stories from over a dozen different people, women, genderqueer people in 00:55:35.900 --> 00:55:41.720 tech and startup culture, just sharing, you know, what it's like for them. And one commonality that came 00:55:41.720 --> 00:55:48.900 out in these stories is that making things is easy, or at least relatively easy, and fitting in is hard. 00:55:48.900 --> 00:55:56.060 And that's a lesson and a moral that I think speaks to all kinds of people and can be, I think, a bit of 00:55:56.060 --> 00:56:02.080 comfort for people as they navigate startup life or corporate life, whatever it is. I think a lot of us 00:56:02.080 --> 00:56:08.060 have that in common. And if you're feeling that, if you're feeling like, culturally, it's a bit of a 00:56:08.060 --> 00:56:11.440 challenge, like Lean Out can be like a really warm read for you. 00:56:11.440 --> 00:56:15.580 Yeah, for sure. Yeah, it's interesting that it's essays from a bunch of different folks sharing 00:56:15.580 --> 00:56:20.180 their stories. So I'll definitely put a link people can check it out. And if they're interested in the 00:56:20.180 --> 00:56:24.020 show notes. All right. Well, before I let you out of here, though, I got to ask you the two questions 00:56:24.020 --> 00:56:28.680 I always ask, please. Yeah. So if you're going to write some Python code, what editor do you use? 00:56:28.680 --> 00:56:33.480 Ah, that's a good question. I'm not writing any code right now. That's, I'm going to disappoint 00:56:33.480 --> 00:56:38.600 everyone. I used to be a fan of sublime. This was a while ago. And then Visual Studio. 00:56:38.600 --> 00:56:44.280 Yeah. All right. Very cool. Yeah. I feel like VS Code has definitely seemed to capture the sublime 00:56:44.280 --> 00:56:48.860 crowd pretty heavily these days. So definitely cool. And then... 00:56:48.860 --> 00:56:54.760 Yeah. Oh, just on that, on that, I think a lot about like what IDE will integrate into first. Again, 00:56:54.760 --> 00:57:00.320 this is like coming from, you know, I'm like, so in the like product mindset, as opposed to the like, 00:57:00.320 --> 00:57:05.400 I'm coding mindset. And so I think it's probably Visual Studio with the hope that Microsoft would 00:57:05.400 --> 00:57:06.140 give us some help there. 00:57:06.140 --> 00:57:10.560 Yeah, that would be certainly cool. And it definitely like ties back a little bit into the 00:57:10.560 --> 00:57:17.300 enterprise side of things, right? It's pretty popular with that crowd. So cool, cool. All right. And then 00:57:17.300 --> 00:57:22.240 do you have a notable PyPI package or Python library you want to give a shout out to? 00:57:22.240 --> 00:57:27.820 Oh, just we love Bandit. I love Bandit. That's just any shout out has to be to Bandit. 00:57:27.820 --> 00:57:33.880 Awesome. Very cool. All right. Final call to action. People are interested in static code 00:57:33.880 --> 00:57:38.160 analysis, maybe even joining something like Techstars. Like what can you leave them with? 00:57:38.160 --> 00:57:45.480 Please try out Bugcatcher and let us know what you think. That would be great. That is bugcatcher.fasterthanlight.dev. 00:57:45.480 --> 00:57:52.760 And if you are interested in Techstars, just I'd love to chat with you about it. And there is Techstars London 00:57:52.760 --> 00:57:57.200 will be opening up soon. All kinds of Techstars around the world. I'd be happy to introduce you. 00:57:57.300 --> 00:58:01.880 It seems like it's a good fit. Super. All right. Well, it's been really interesting to chat with 00:58:01.880 --> 00:58:05.700 you about what you're up to. Thanks for sharing your story. Yeah. Thank you. You bet. Bye. Bye. 00:58:05.700 --> 00:58:11.620 This has been another episode of Talk Python To Me. Our guest on this episode was Alyssa 00:58:11.620 --> 00:58:16.740 Shevinsky, and it's been brought to you by Command Line Heroes and Linode. Command Line Heroes is a 00:58:16.740 --> 00:58:22.640 podcast telling the story of developers. This season is all about programming languages and starts off with 00:58:22.640 --> 00:58:30.440 Python. Of course. Subscribe at talkpython.fm/heroes. Linode is your go-to hosting for whatever 00:58:30.440 --> 00:58:36.820 you're building with Python. Get four months free at talkpython.fm/Linode. That's L-I-N-O-D-E. 00:58:36.820 --> 00:58:43.320 Want to level up your Python? If you're just getting started, try my Python Jumpstart by Building 10 Apps 00:58:43.320 --> 00:58:48.760 course. Or if you're looking for something more advanced, check out our new async course that digs 00:58:48.760 --> 00:58:53.200 into all the different types of async programming you can do in Python. And of course, if you're 00:58:53.200 --> 00:58:57.280 interested in more than one of these, be sure to check out our Everything Bundle. It's like a 00:58:57.280 --> 00:59:02.760 subscription that never expires. Be sure to subscribe to the show. Open your favorite podcatcher and search 00:59:02.760 --> 00:59:08.100 for Python. We should be right at the top. You can also find the iTunes feed at /itunes, the Google 00:59:08.100 --> 00:59:14.980 Play feed at /play, and the direct RSS feed at /rss on talkpython.fm. This is your host, 00:59:15.100 --> 00:59:19.180 Michael Kennedy. Thanks so much for listening. I really appreciate it. Now get out there and write 00:59:19.180 --> 00:59:19.920 some Python code. 00:59:19.920 --> 00:59:20.740 Bye. 00:59:20.740 --> 00:59:21.740 Bye. 00:59:21.740 --> 00:59:22.740 Bye. 00:59:22.740 --> 00:59:22.740 Bye. 00:59:22.740 --> 00:59:22.740 Bye. 00:59:22.740 --> 00:59:22.740 Bye. 00:59:22.740 --> 00:59:22.740 Bye. 00:59:22.740 --> 00:59:22.740 Bye. 00:59:22.740 --> 00:59:23.740 Bye. 00:59:23.740 --> 00:59:24.740 Bye. 00:59:24.740 --> 00:59:24.740 Bye. 00:59:24.740 --> 00:59:24.740 Bye. 00:59:24.740 --> 00:59:24.740 Bye. 00:59:24.740 --> 00:59:24.740 Bye. 00:59:24.740 --> 00:59:25.740 Bye. 00:59:25.740 --> 00:59:26.740 Bye. 00:59:26.740 --> 00:59:26.740 Bye. 00:59:26.740 --> 00:59:26.740 Bye. 00:59:26.740 --> 00:59:27.740 Bye. 00:59:27.740 --> 00:59:27.740 Bye. 00:59:27.740 --> 00:59:28.740 Bye. 00:59:28.740 --> 00:59:28.740 Bye. 00:59:28.740 --> 00:59:29.740 Bye. 00:59:29.740 --> 00:59:30.740 Bye. 00:59:30.740 --> 00:59:30.740 Bye. 00:59:30.740 --> 00:59:31.740 Bye. 00:59:31.740 --> 00:59:32.740 Bye. 00:59:32.740 --> 00:59:32.740 Bye. 00:59:32.740 --> 00:59:33.740 Bye. 00:59:33.740 --> 00:59:34.740 Bye. 00:59:34.740 --> 00:59:34.740 Bye. 00:59:34.740 --> 00:59:35.740 Bye. 00:59:35.740 --> 00:59:36.740 Bye. 00:59:36.740 --> 00:59:36.740 Bye. 00:59:36.740 --> 00:59:37.740 Bye. 00:59:37.740 --> 00:59:38.240 you 00:59:38.240 --> 00:59:39.240 Thank you. 00:59:39.240 --> 00:59:40.240 Thank you. 00:59:40.240 --> 01:00:10.220 Thank you.