Audio Edit - May Panel === Noel: [00:00:00] Welcome back to PodRocket, a web development podcast brought to you by LogRocket. LogRocket provides AI-first session replay and analytics which surface the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at logrocket.com. I'm Noel, and today we're back with our panel episode. ~Uh, ~we'll talk about the current state of AI coding tools, as we always seem to do. ~Um, ~we'll talk about some,~ uh,~ SpaceX Cursor acquisition stuff going ~ uh,~ Bun's big rewrite everybody I feel has very strong opinions on across the internet,~ uh,~ and more supply chain attacks on the TanStack side this time. ~Um, ~but before we get in, let's welcome the panel. We're a slightly smaller crew today. ~Um, ~Jack Herrington, Jack: Hello. Happy to be here. Noel: ~Yeah, ~Paul Mikulskis, how are you? Paul: I'm excited to talk about the,~ uh,~ SpaceX deal as well. I feel like that one has a lot of good fruit. Noel: ~Yeah,~ Jack: ~Oh, yeah?~ Noel: ~Yeah, I feel like it was-- I mean, yeah, we can, uh, we can start with that first if~ Jack: ~I mean, I'm a cursor fan. I, I was previously a SpaceX~ Paul: ~Oh, previous. Prev-- he dropped something previously. Okay.~ Jack: ~Yeah, you know, there's the whole~ Noel: ~it's hard 'cause it's... Yeah, there's like this whole split in one's head, right? Where there's this like cult of personality going on, but like the nerd, the nerd~ Jack: ~then there's the other cool thing where they're, like, landing a, a freaking rocket, and you're like, "Oh, that's~ Noel: ~It's~ ~Like, it's cool. Yeah. ~ Jack: ~engineering standpoint, I'm in, but from a personality standpoint, I'm way out.~ Noel: ~See, I've got, I've got the same feelings on, uh, like Cybertrucks. Like, I feel like I'd always~ Jack: ~Oh, good Lord.~ Noel: ~always been on this horse~ Jack: ~that's just all bad.~ Noel: ~Hold on, hold on. Just hear me, hear me out, that like I al- like I like w- I want-- I've always been like, "Cars need to look weirder." I hate this just like, you know, the ubiquity of all cars kinda look the same and boring.~ ~So then I feel like I can't just be like, "Well, the aesthetic of this one is different, therefore bad." I think the Cybertruck has a litany of problems, but like, I g- I gotta have props for like doing weird stuff. We gotta like, I don't know, do weird stuff. Um,~ Jack: ~I mean, different always doesn't mean better,~ Noel: ~agreed. Yeah.~ Jack: ~this case, like, it really doesn't mean better. ~ Noel: ~It turns out there's a reason that a lot of things are done the way they are and all that, all that jazz.~ ~But anyway. Okay. Sorry, I don't wanna de-derail us too quickly. Um, let's talk about, uh, coding tools. So again, I, I was double-checking myself 'cause I thought I blundered that. But yes, the SpaceX code editor thing.~ Jack: ~Okay. Yeah, let's just go. Yeah~ Noel: What, like, I, I guess just to get, to ~kind of ~frame this a bit,~ um,~ there was a tweet that went out and, like, maybe a blog [00:01:00] post that there was, like, some arrangement wherein in the next I think it was, like, six to 12 months,~ um,~ SpaceX had the option to pay up to 60 billion for Cursor. Is that right? ~Like, is that, ~is that how you guys read all, read this as well? Jack: I know they have the option, the 60 billion is a-- sounds like a lot, but Noel: yeah. Jack: ~it just sounds like a... I mean, it's a, ~it's a freaking VS Code fork, dude. ~Like,~ most of the code is actually VS Code. ~Like, ~the candy-coated topping on top is,~ like,~ that's Cursor, and they don't even do the models. ~I mean, ~I think the, was it,~ uh,~ their Composer 2 is actually just another,~ like,~ a re- a rewrap of a different model that they didn't do either, and it's... Not that I don't-- Listen, hey, I'm a Cursor fan. I love it. I use it every day. ~Like, the, the ex- ~the UX of the harness itself matters if it's what you do, and it's a badass harness, and I'm in. But,~ like,~ is it worth, is that worth 60 billion on its own? Noel: Yeah. Jack: N- I could, ahh. Noel: an unfathomable number to me for,~ like,~ any dev tooling thing [00:02:00] where it's like this really exists in the production space maybe. I th- I think it's totally hingent upon, like, how much does this expand out of software devs writing code, and ~is this, ~is this like the mechanism through which a much broader audience of, ~you know, ~AI agentic coding is happening? Is probably the question there. Jack: guess. ~I mean, ~if they get in,~ like,~ the whole design space, ~you know, ~and then that kind of thing. ~I, ~The one thing I don't really, I haven't really seen them do or anybody solve this, is really fleet management. ~Like, ~if I have three different projects running simultaneously in three different, ~you know, or, ~or, ~you know, ~in a two agents per, right? I'm not a developer anymore. I'm an air traffic controller, right? And it's, ~you know, ~"Oh, this one's stuck." Like, where's my dashboard for that? ~And, and the, ~and the context switching when I'm moving from getting agent one unstuck and going over to agent 15 and getting it st- unstuck is the real killer. It's like, "Wait,~ what, what, what were you, ~what were you doing again? What does this app do? I don't even [00:03:00] know. ~Like, ~what, where were we?" ~Like, ~that, that whole thing,~ like,~ nobody has solved that yet, and that's what I want Cursor to solve. That's what I want, or anybody. I'll take literally anybody at this point to solve that problem. Noel: ~Yeah. Well, I guess I, I feel... I, I think I,~ I, I think I, I agree in that, like, that is the tricky bit. ~I, ~I find even if I'm doing a good job of air traffic controlling, I feel a lot of the time I have,~ like, it's like a- A runway,~ like a tarmac problem for me, wherein it's like the environment, like ~I, ~I, like I say, I'm start- starting up a new project. I don't have it orchestrated off to the point where I can be like, "Okay, as these agents run, I can give all of them a completely isolated environment over which they can ~like ~run the test suite, and all these things can be occurring in parallel." So it's like, no, I've only got like one DB just on this little whatever. I've spun up something. I've got like one-- a single database running, and I... it's making changes that are impacting the state of the database, and ~like ~if I point multiple at it and the tests are running, they're gonna step on each other's toes, and it's gonna get confused. So ~like ~one needs to do the work to set the thing up so you can parallelize all these [00:04:00] flows, and they have truly isolated environments and ~like ~that's a lot of work, and I haven't seen something yet off the shelf that feels like this is just the thing you reach for, and then it's done. ~Like, ~there's people trying to Jack: off the shelf. Paul: can't Noel: big players all have their tooling, but it's tough. Jack: there's-- I would say Workspaces is gonna get you your code splitting, Noel: The co- Yeah, but I don't think that's the hard part. It's like Jack: and, but that's, that, that's like the ground floor. And then for, uh,~ uh,~ database stuff, ~I mean, you know, ~Neon's the guy that, that's got the branching, like the Postgres branching at this point, and I think that would be a solve there. But ~I mean, you know, ~that's just, ~I mean, ~I-- those are tactical problems. You could say,~ well,~ the same thing for like microservices or, ~you ~ Noel: ~Right. ~Exactly. Yeah. Jack: know, whatever other resources you Noel: system or ~like, ~yeah,~ you,~ you name it. There's a million things. Yeah. ~Mm-hmm.~ Paul: The only way I've gotten this problem ~sort of ~solved is,~ uh,~ I had the team make this thing called the unified dev image, okay? And it's this Docker Noel: Yeah. Paul: image that gets built in layers. Every s-microservice goes in at a layer, and it runs everything. ~I mean, ~we have probably like-- ~It's, ~it's asinine. It reminds me of, it reminds me of [00:05:00] Omnibus from back in LogRocket days when we just,~ like,~ put everything into one image, and we're just like, "Here you go." ~Um, ~but it runs every-- I'm running ingest or trigger.dev, databases, auth. And now that it's containerized, you've-- can have an orchestrator agent use,~ like,~ 10 of these. But that is the only way I can trust true headless agent development. It needs to be able to run the whole damn test suite, see the database, reset it, take screenshots, put them in ~a, ~a bucket, and then attach the screenshots to the PR. Otherwise, how do you know? And it's gotta be custom Noel: yeah, and ~like ~Stripe again. Yeah, Stripe had that whole blog post about their whole pipeline and ~like, ~it's ba- it's the same thing. It's just like everything needs its own isolated, like end-to-end environment. How do you get there, I think, is still up in the air. ~Um,~ Jack: Yeah, there's definitely like an emerging,~ like,~ custom harness thing. It's ~like, well, you know, when you, ~when you unemploy all the developers, how do you reemploy them? ~Well, ~you actually reemploy them by making, having them build harnesses for the other developers that didn't get unemployed. ~Like ~all, just this weird,~ like,~ circular thing. But yeah, like the idea of a [00:06:00] new custom harness, like per- ~You know, ~or a very customized thing or whatever. ~That, ~that's the kind of stuff what, that Paul: It takes development time and it's like really hard to figure it out, honestly. Like it's just so new. We're in the research and experimentation phase. It reminds me of when like-- So I, I have close family members that have worked on pharmaceutical drugs, and it's ~sort of like, well, you're, ~you're going out with this like feeler stick, spending billions and billions of dollars just doing wet lab experiments, doing assays, like looking at the results, and then eventually you start to ~like ~zero in on something. Imagine if they could just buy a lab. Oh, I just bought a lab. ~Well, ~no wonder the lab is worth like two billion dollars and the only thing they do is tr- ~uh, ~tit- ~uh, ~tritate, excuse my,~ uh,~ pronunciation, titrate. They titrate things a little bit differently. Oh, big deal. But look, they found a solution in a nebulous landscape, and I'm sure there's some of that with Cursor as well, which is like everybody's making an agent harness. I don't know about you guys. I've probably tried like 10 different ones in the past like couple months, ~you know, ~just to [00:07:00] try them out, and it's like there's a huge difference between the ones that work and the ones that don't work, and the ones that currently work today probably won't work in a few weeks. So if ~like, ~if Elon can buy one, it's just ~like, ~this works, okay, guys? ~Like ~if we needed ~millions and ~millions and millions of dev and ops, this one works, and now we ~can, ~can control it. It's more about finding a railroaded way to control people that they already have proven works. They're not looking at MM- MRR or any of these other KPIs. They're looking at can this control people? And it's proven. That's their MVP. They've controlled people. But yeah, 60 billion. ~I mean, ~come on. ~I, ~I understand-- When I first heard any of the bids for Cursor, I was just like, "You're kidding me. There's no way." Now I ~kind of ~get... I get it. Like I understand why it's big. I don't know why it's 60 billion big. Jack: Yeah, it's sad. ~That's, ~that's crazy. That's crazy. Noel: It just-- Yeah, it just-- it seems like ~the, ~the ROI there s- just seems ver- ~like, ~again, we can play the long tail eventually if everyone's using this, if everyone's using this and you can control the agent that ends up getting used and all that jazz, like maybe. [00:08:00] But still, like that's just such a big number. Like you can do a lot of work with $60 billion. Like you can build a lot of Jack: for,~ like,~ Twitter? Noel: ~I mean,~ Jack: Y- around that? And Twitter had,~ like,~ accounts for,~ like,~ half the freaking planet, man. Noel: Yeah. Jack: ~Like, ~and ~it, it, ~it had, it was in the black and all that. ~Like, ~I don't even know,~ like,~ that's... I don't even know if Cursor's in the black. ~Like, they, ~they're basically just a middleman between, ~you know, ~you and Anthropic, and I-- ~That, ~that is a-- That right there is a tenuous position to be ~in ~in the first place. ~You know, ~Anthropic is ~at, ~at some point gonna be like, "Yeah, we're gonna need to start charging actual money for this," ~you~ Noel: Yeah, ~I mean, ~I think it's happening across the board. ~Another, ~another bullet point we have here is co-pilots ~kind of ~switch to token-based Jack: went to 27X for Opus. Noel: exactly. Jack: That's an eye-popper Noel: Yep. This was like... ~I feel, ~I feel like it's ~kind of ~going on across the board and every- I don't think this is surprising anyone. Everyone knew the,~ like, the, ~the token cost was gonna come due at some point here and,~ uh,~ we weren't gonna be in the glory early days of highly subsidized prompting, a la like the early days of, ~you know, ~Uber and Lyft and all these other things where it's ~like, ~[00:09:00] we'll subsidize people, get them on the platform. But ~I think, ~I think this is just happening at such a large scale, ~you know, ~that it's just like we can't... ~the, ~the, we can't keep op- these companies can't keep operating at ~a, ~a high loss per token here. ~Um, ~so ~I think, ~I think that is gonna be... like, that, I think that will also heavily play into this. It's just ~like, you know, we're seeing, ~we're seeing skills that come up that are solely built around optimizing token usage and ~all this, ~all this stuff Jack: And local models. There's gonna be a lot of work in,~ like,~ the local model space and the train model f- space for,~ like,~ various platforms and stuff. ~Like, ~you'll have ~your, ~your next model and your, ~you know, ~Tansec model and ~yada ~yada. And, ~you know, ~the-- you can run those, ~you know, ~on your Ollama instance on a decently powered machine and get some decent results, that kind of thing. Paul: ~It, ~it's very impressive what some of the local models can do these days. Like the Gemma 4, if you point it at the right spot, for the first time ever, I felt solace from what you're talking about, Noel, about the token cometh. Yeah Noel: Yeah. ~Yeah, ~yeah. It's like it's real. I am curious. ~I, I haven't, ~I haven't used, ~um... ~because ~I, ~I haven't been using, like,~ all,~ [00:10:00] all of the tools. I'm like a Claude CLI most of the time. But ~I'm, ~I'm curious,~ like, I think, ~I think a lot of the friction there on token cost is at least the kind of layer of switching the model and therefore,~ like, your token, you know, ~your approximate cost per token and token usage,~ like,~ the thing, the lever that controls that. I think ~that ~that is a little bit clunky still in,~ like,~ determining what, which one I want to use for what, in that ~like, you know, ~a lot of the time I'm like, I'm, this is probably a lighter task, but I'm, like, not gonna bother to switch to,~ like,~ lower reasoning mode with a quicker model. ~Like, ~I'm just gonna fire it off in the main thing. But ~I'm, ~I'm wondering if,~ like, the, ~the big,~ um, like, ~local model Jack: it's more like sub-agents. ~Like, ~sub-agents is Noel: proponents are ~kind of ~just experiencing something wherein it's ~like ~If you had very good,~ um,~ posture around ensuring you were like querying at the right layer and using even like a cloud model that was correctly scoped or tuned for your problem, like it would ~kind of ~feel the same way. Like I can just-- I can, whatever. One can use Haiku for a lot of these problems that we, ~you know, ~think we need Opus for as well, I [00:11:00] guess would be the, my, my question. Like I'm won- I'm wondering if it's more of like a tuning and picking the correct model at ~like ~build or at runtime ~and that, ~and that kind of helps. Jack: of Noel: Orchestr- like I don't even wanna have to think about it, right? Like I just wanna do the thing and it, it picks the right agent, the right Jack: Yeah, exactly. Like you're, you got the Opus 4.7 million extra blah, blah, blah Noel: Yeah. Yeah. Jack: the high-level coordination task and it's ~like, ~"Okay, little haiku, go write this dialogue for me." ~You know, ~that kind of thing. And then ~that, ~that's ~kind of ~where you're playing at. And the thing is, you really don't want that one going and like verifying results then too, 'cause that basically means it's gotta touch all the code again. Noel: Yeah. Yeah. Double the Jack: a whole-- Again, and we're, again, we're... ~He, ~he was totally right. Like we're in this kind of like titration phase where we're trying to ~like ~figure out what all these tools are and even do, ~you know, ~even processes around this, like web development processes. Does ~like, ~do Jira tickets make any sense anymore? Does, ~you know, like, you know, ~all ~the, ~[00:12:00] the roles that we have make any sense anymore? Like ~it's, ~it's all gonna change in the next couple years. Paul: agents, I feel that Jack,~ um,~ one of my biggest token savers, 'cause I was r- I was using my $200 Claude all the time up every week. I was going nuts, right? Jack: Yeah. ~Yeah, yeah, ~yeah. I felt bad Paul: Yeah, why am I using like $10,000 of token? Okay, ~well ~I put this-- Everything I do is typically in a monorepo. I have a sub agent called TS-check And now every time a type check gets run, it runs on Haiku, it tries to ~like ~do lint, all that crap, and if it's something that's like architectural, then it surfaces it to the main agent. A- and so Noel, I never tell it to use Haiku. I never tell it to use TS Check. It just does that. And I think like little unlocks like this will make us more efficient. ~Um, ~it's up this like category of session forensics. So I've helped two different like small teams of friends of mine recently ~like ~improve on their Claude token usage, 'cause they're ~on the, ~on the $100 plan, and that one got used up really quick. And we do this thing called session forensics, where we like use JQ, that good old [00:13:00] CLI, to query the JSON log lines in like your home Claude project directory, and the amount of crap that is in there just from like us being the bottleneck and not using it correctly because of things like, oh, you don't have a TS Check agent, or like you could've totally used Sonnet. It is wild how much we can save. ~Um, ~yeah, y'all should look at your sessions. Go look at the JSON log lines and just ask Codex or Claude ~like, ~"Where do you see three times or more similar turns doing the same thing?" Or ~like, ~"When do I touch the same file 17 times in one session?" Then I'd probably keep going back ~and, ~and doing something. You can find a lot of low-hanging fruit. To me, that just confirms exactly what you guys are saying, like it is us as a bottleneck. We need to hone our processes a little bit and become more efficient, 'cause similar to you, Noel, I am a Claude CLI terminal guy, 'cause I can switch windows real quick. And when you're in there, you just stay on Opus, right? You just kinda, Noel: Yeah, exactly. ~Yeah, ~yeah. Maybe every so often I'll be like, "This is a quick thing, I'm just-- I'm popping out," 'cause I know I don't want... ~I, ~[00:14:00] I want a faster answer than I know it's gonna give me, but, Jack: Yeah, Haiku is actually ~like, ~that's another thing about Haiku is it's really freaking fast. And it's not bad. ~It's, ~it's good. ~Like, ~I use Hu- Haiku in code mode all the time, and ~it, it, ~it's blazingly fast at writing code, good, simple, standard code fast. Another thing you can do is if you've got a subscription to like CodeRabbit, which is ~the, ~the, yeah, yeah, yeah, the PR review tool, there's a CLI that you can use for that, so that you can actually do the PR reviews before you check in, which real good, ~you know.~ Big recommend on that. But also, you could use the cheaper models and then just make a scale where it's like, "Hey, after you've made changes, run a CodeRabbit review on it," and then you basically kick in a really good CodeRabbit model to come in and say,~ "Well,~ hey, ~you know, ~they didn't do this right, didn't do that right." And you basically take a dumber model and make it smarter by pushing it through reviews. Takes a little longer because CodeRabbit's not the quickest game in town. But yeah, ~you know what I mean? ~If it-- That's a way where you can, and if you, if you're in Cursor, use their,~ like,~ [00:15:00] auto-efficiency model and actually get some pretty decent results out of it. Noel: ~Um, ~speaking of which, I feel like ~we can, uh, we can,~ we could transition here to ~the bun, ~the bun rewrite nicely. ~Yeah, ~yeah. Jack: I hadn't, I, to be honest, before I, ~you know, ~got ~on, ~on this, I hadn't even heard about this, but okay, here we go. Noel: Everybody's got Jack: Rust, Noel: Yep. ~right. ~Yeah. So on May 14th,~ uh,~ Jared Sumner mer-merged ~the, ~the rewrite of bun to Rust, and it's a giant PR. ~Um, ~let's see, what do we got? A million lines added, 2,000 files changed. ~No, um,~ no one has reviewed this code. No one's looked at all these lines. It's ~not a, ~not a human task. ~Um- ~And the reviews are mixed. ~I mean, it, ~it passed the test suite, but as you'd expect, there's, ~you know, a, ~a thousand thumbs ups at least and a thousand thumbs downs, and ~everyone's, ~everyone's got strong opinions. ~Um, the, ~the Rustaceans are pointing out that,~ like,~ the justification for doing all of this and having,~ like, you know, ~the,~ uh,~ memory safety and all that stuff is like there's all these, there's all these,~ um,~ unsafe blocks inside of it anyway, so you're not really getting the thing that you're trying to do. ~Um, ~but I'm sure it's [00:16:00] faster. I'm sure it's smaller, right? ~Like, ~and the test suite passes. ~Um, ~so I guess, yeah, I'm curious what~ your guys', uh,~ your guys' takes on this are. I think ~we can, ~we can talk about it ~kind of ~for Bun in particular, but I think there's also,~ like,~ this is ~kind of ~an interesting,~ uh,~ analysis, ~I guess, ~of ~like, you know, ~as we ~kind of like ~go down the stack and you're looking at tools you're relying on. ~Is it, is there, ~is there,~ like,~ appetite for this? Like, well, we can just sick AI on it and,~ like,~ make it smarter and ~not, uh,~ not have a human review it as long as the tests pass. And ~is that, ~is that,~ like,~ a reasonable ~k- um, ~methodology, ~I guess, ~of,~ like,~ refining these highly tested low-level, lower-level Paul: it,~ that's,~ that's a good way to pose it, Noel, because I am always an AI like, "Yes, we could totally do this with the AI. Relax. Don't worry. Please shut up. Let me do my job." Like we're, we'll build you your agents for your solar company. I don't know. Be quiet. ~Um,~ Noel: Yeah. Paul: ~And but, ~but I got it. I got it, ~you know? Like, ~don't worry about it. But when it comes to ba- basically saying like I'm very laissez-faire with it because if you know how to do [00:17:00] KMS and secrets and all these,~ you,~ you can have control. You can elicit control. There's always a path forward for that. But when we talk about something like this, which feels like one of the small pegs holding up the Jenga tower in the XKCD meme,~ um,~ I don't know. It just ma- it, for the-- This is one of the only times I feel as a developer uneasy knowing that it was 99.999% AI written for something as fundamental as BUM. Is this one of the things where we go,~ well,~ we really need a human? AI can write it, but we really need a human to look at all of it. Or is it one of those things where it's ~like, ~okay, we want a human to write it with AI, and we need to control how that like permeable membrane of who controls what a bit closer. But it definitely gives me a feeling of uneasiness, and maybe that's also a residual from how Anthropic managed or failed to manage the open bug reports from a year ago that caused the source map leak. ~You know, ~it's just there's a lot. There's a lot [00:18:00] going on. Jack: ~And, ~and lovable with, ~you know, ~they're basically leaking everybody's code and credentials and all that. ~Like, and it, ~and it's sitting there in the Jira queue for like Paul: Oh. Noel: ~Mm-hmm. ~ Jack: Okay. Which was, ~you know, ~my response to your security thing. Like, yeah, there's a lot of folks not thinking too much about that right now. Noel: our, our, our, our last major topic here, we'll see. ~We'll,~ Jack: Yeah. ~Uh, well, ~no, that one,~ that, that, ~that one they are thinking a lot about. But anyway,~ uh,~ this... A couple of odds, I could care less, R- Rust, Zig No, I don't care. ~I, ~I left ~like ~C and C++ world so many years ago, and ~I, ~I'm not looking back. ~Like, I, ~I... Whatever. So I don't care about that. But ~like, ~I do... I don't think, to me, Bun is not an infrastructural element at this point. Most people are still on Node. And I know Deno is not, ~like... ~But ~I, I, ~I trust Node and I trust Deno. I do not,~ I,~ I do not and never have trusted Bun for anything. And sometimes I'll play with it and it'll work and be like, "Wow, that's cool. That's cool. That's fast." ~You know? ~But ~like, ~there are like so many times I have tried Bun [00:19:00] and then next thing I know I'm getting this weird error, this weird edge case, and like things aren't working and it's ~like, ~"Oh, hold on." ~You know, ~like I, I get reminded like an hour later, "Oh, I'm on Bun, right." And I change back to Node, immediately it works again. And I was like, "Oh, okay. This is yet another Bun incompatibility." And every time I engage with Bun, it does this. And then invariably I'll get, ~you know, ~like the hard word from s- ~you know, ~some guy who's ~like, ~"Bun's the best. Let's just... You gotta do it." I'm like, "Ugh, okay, here we go again." So yeah, no,~ I, I, ~I don't really... Like cool, it's great, but and Bun has always had ~this, ~this vibe of like our thing is performance number one. ~Uh, at, at, ~at almost like OCD level ~of, ~of just it, it must be performant before anything else. And I don't know, that, that scares me because like actually, ~you know, ~computer science 101, ~make it, ~make it work, right? Make it good, make it fast. Like that,~ that,~ that, that's the order. You don't just jump to make it fast and [00:20:00] then not worry about actually making it work, ~you know? ~That's ~kind of the, ~the point. ~But you know, ~that's been the Bun way. Noel: Yeah, ~I mean, ~I th- I think it's hard 'cause I feel like ~there's, ~there's a few different kind of things going on here. ~I don't, ~I don't think a rewrite like this would have happened on many other tools, but this feels like a very Bun Jack: ~Mm.~ Noel: thing. ~You, ~you know what I'm saying? It's kinda like this. All right, Jack: On brand. Noel: ~It's on, ~it's on brand for Bun. But I like-- I think I'm also... It's,~ I,~ I'm of two minds 'cause ~part, ~part of me is like If, let's say I were a user and I were using Bun because I was in some environment where I really did care about performance or something, right? ~Like ~th- I understand why I'd be like,~ "Well, like, ~if it works and the test suite passed, like I guess I don't know if I really care if a human wrote the code before." But you'd already have to have ~kind of ~been at a point where you're willing to try the more experimental thing for the sake of performance, ~I guess. ~So yeah. Jack: Yes, exactly Noel: to the cyber... I don't know Jack: And is that a good thing? I don't know. Honestly, it, this [00:21:00] should be the ideal case for doing this sort of stuff because so much of this stuff is just mechanical. ~Like, it, ~it real-- ~Like, ~they rewrote the date class for, ~you know, ~because there were some issues in the JS, the V8 runtime around the Noel: Yeah. ~Mm-hmm.~ Jack: There's no magic sauce in the date class, man. It's basic math. ~Like, you know, ~it works or it doesn't work, ~you ~ Noel: ~yeah, ~yeah. Jack: and in fact, I can, I would think that the only stuff that's in here that's weird is, like, when they were, like, messing around with Zig trying to make it weird and trying to make it faster by doing little edgy kinda, ~you know, ~cute things. And then,~ well,~ does that port over to Z- ~you know, ~to, to Rust? ~Well, ~I don't know. Probably not, 'cause Rust is a lot more prescriptive of, about memory use and all that. Noel: Yeah, I guess maybe that's ~kind of ~like an interesting framing, Jack, is it's like I, I think we'd all be like, okay, if someone went into the internals of some language we're writing and rewrote the utility, like the date parsing or something, in a faster language so we could-- We'd all be like, "Okay, that's probably fine." ~Like, ~like I, like ~you know, I, ~I, ~we don't, ~we don't need this higher level language out [00:22:00] here for the date. If someone can point this at the date parsing library and rewrite it in Go or Rust or whatever and it becomes quicker, ~like ~yeah, ~I think, ~I think most devs would be like, "Cool." But then as you ~kind of ~move up to these higher level things, I think there's like this spectrum of ~where, ~where people are comfortable with that line being, and it feels like it's moving up quickly for a lot of people, and for others it's not. And I think that's the ~like, ~the kind of,~ uh,~ friction here. ~Um, ~I just, I don't, I'm not sure what will happen. ~Do, ~do you guys think this is like kinda more... Do you think this is like bad press overall for Bun? Do you think this will make people more hesitant to switch if they're ~kind of ~thinking about it? ~Like what, ~what do you think the outcome of Paul: I feel like we think more people are thinking about it than we think. Yeah. A-as much of a tongue Noel: Yeah, okay. Yeah. ~Yeah, ~yeah. Sure. Jack: I think Jared's done a really good job being out in social media and plugging Bun and doing all that stuff in a way that the Deno folks have not. The Deno folks have done,~ like, you know, ~or it did, it just feels like a more, ~you know, ~kinda rock steady, [00:23:00] solid thing. And then, ~you know, ~you got, ~you know, ~Jared out there who's ~like, ~"Yeah," ~you know, ~kinda cutting edge. And it's ~like, ~if you wanna do the cutting edge stuff, yeah, man, Jared. And then that's, I think that's a lot of why the, Bun has the presence that it does. But I think the last survey I saw was ~like, like, ~I don't know, 12% or something like that for,~ like,~ for, ~you know, ~folks. Yeah,~ and,~ and Node was just the, still the, just the overwhelming, ~you know, ~use. Noel: And ~I'm always, ~I'm always skeptical of those surveys too, 'cause I feel the, I think the people filling out the surveys are the kind that are more likely to be using weirder tools and,~ like,~ th-those are the survey people. Jack: Or it's more aspirational, Noel: yeah, exactly. Yeah, Jack: using Node at work, ~you know, ~eight hours of the day and I'm using Bun for two hours out of the day. I'm going to choose Bun, ~you know, ~kind of thing. It's ~like, ~no man, like you're really a Node guy. ~You know.~ Paul: The older I get and the more teams I work with,~ um,~ making their early stage products, just because it's-- I say that because it's not like a mature product or anything. It's like lots of small different groups. I'm finding more and more that like it matters so little [00:24:00] and we are so gaslit as developers to think like these tools matter. Like they just don't. Like when they're like, "Oh, I'm doing this and I'm using this tool versus that runtime," I'm like, "So what's your MRR, my little guy?" ~Like,~ Jack: Yeah, Paul: ~you know, like let's start, ~let's start there and then we can figure out if we need to change the tools. But the tool convo is one of those things that like,~ um,~ you know,~ I,~ I worked with Noel years ago and I was like a much younger kid then. And like back then I was tool rosy glasses, like looking at everything like, "Oh my gosh, this is so awesome. You can self-host." ~Like, ~and now I'm just like, I don't give a rat's ass. ~Like, ~and Bun ~kind of ~falls into that category unless we're talking about something that is gonna undermine the complete fidelity of my group or whoever I- ~I'm, ~I'm assisting at the time. Yeah. Jack: Yeah, which at that point, the point is just a detriment, right? It's just a why did... You know? And I, yeah, I'm with you. I've seen so many like sm- small projects where people brought in ~like, ~it's like you look at the package JSON and it's just this smorgasbord. It's ~like, ~oh, I've got like Drizzle and another ORM [00:25:00] and I'm using Postgres directly and I'm doing this ~and, ~and you're like, Paul: then I cache the whole thing on Redis before I get to the TanStack Jack: you're like, Paul: which we're also gonna talk about by the Jack: it's ~like, ~what are you doing? ~Like ~this is way too much complexity for a freaking calculator app. ~Like ~what do you, what is this? ~Like ~this is nuts. And ~like, ~yeah, like the whole Bun thing, it's ~like, ~did you use any-- Because you're probably not going to get the performance improvement that you think you are unless you're like doing crazy tight loops and stuff like that or im- ~you know, ~so maybe a little bit in the VM, but if you're not using like Bun-specific libraries, you're not going to get those like crazy 300X things. And then congratulations, you vendor locked yourself to Bun, which ~if I, ~if I had done that and then Jared came out with this, oh, by the way, we're like overhauling the whole thing to Rust over the weekend, ~you know, ~'cause I, I let, ~you know, uh, you know, uh, ~my, my Claude CLI go on freaking, you know whatever the loop mode, ~you know, ~kind of thing,~ um,~ and paid 12 grand worth ~of, ~of tokens, what I'm sure it was,~ um,~ and now we're on Rust, [00:26:00] I would be like, "Oh God, that's not good," right? If I was dependent on it. And I-- So I'm very thankful to be on the outside and be like, "Oh, this is, ~you know, ~not my m- not my circus, not my monkeys," to be honest. Like, I dabble m- dabble in it, but I ain't dependent on it. Noel: Yeah. ~Yeah, I think, I guess, I think, uh,~ to, to address a few points quickly. I... Like, Paul, like,~ like,~ I guess devil's advocate on tool choice. I think there's a bad version of this again, like Jack was saying. You pull in like a million dependencies, and there's,~ like,~ not good cohesion in the project. But I think even if ~you, you know... ~Yeah, exactly. But ~even, ~even if this isn't one's first rodeo, ~I think there's still, like... ~I think that dev tooling decision ~is often, uh,~ it feels very,~ like,~ personal and important to people because it is like, there's some of those are very high interest decisions if you make the wrong ones early on, right? ~If, ~if you make a wrong choice, it can yield a lot,~ like,~ just a lot of pain over a long time if you choose wrong. But I think the counterpoint here is,~ like, I don't, I don't, ~I don't think a-anyone is really feeling that with,~ like,~ using ~the, the, ~the tools that ev- ~like, ~that most people are using right now. ~Like, ~if you're using npm and [00:27:00] Node and all, ~and you're, ~and you're ~in the, ~in the TypeScript world,~ like,~ I don't think ~that ~that is a high interest technical decision most of the time. ~Like,~ Paul: long way. Yeah. Jack: Yeah. Noel: ~like, uh, ~it, it's fine. And ~like, like ~if you wanna play with the other ones and you have a use case for it, sure. But again, I think it is risky. It's ~kind of ~the, it's that just ~like, is that, ~is that a decision that is gonna really... 'Cause again, no-nobody wants to... What's a good analogy here? Nobody wants to be, like, choosing Angular or something right now, right? You know what I'm saying? Is like they don't... Yeah. ~Like, ~it's just ~like, ~you don't wanna be on the thing that then you feel like, "Oh, I chose wrong three years ago, and now I've gotta ~make the, you know, like, make a, ~make a switch." But Jack: Although, ~I mean, ~I think AI does change the equation in that space. It's ~like, ~"Oh, we're on Angular Paul: maybe that's part of the effect I'm feeling, Jack, Jack: the app Paul: doesn't matter as long as you can dr- learn how to drive any 18-wheeler. I don't care who makes the truck. ~Like, ~it's like I'll dr- I'll figure out how your 18, 20 speed, whatever thing works. Noel: Yeah. And,~ uh, and, ~and again, ~I think, ~I think ~if you, ~if you choose the incumbent Then ~like, ~I think it'll be easier for the tooling to switch you to something more [00:28:00] bespoke later if you d- realize that you like wanna be moving away from ~the, the, ~the stack that you chose, if you chose the most popular one. ~Like, ~the tools are gonna be the most versed in it. There's gonna be the most tooling built around it, 'cause those-- the other, the smaller players are gonna wanna pull you away from the big main thing that ev- you and everyone else is on. So ~like, ~it does feel safer still Paul: That's why I got into TanStack start, honestly, is 'cause I was just like, "This doesn't matter, and I should try everything," and it's great. Yeah. Jack: you go. ~Well, ~but before we get into Tanzac, so Paul, to your point about the 18-wheelers, the interesting thing about the 18-wheelers ~is, ~is that the truck isn't the important part. The important part is that,~ like,~ latching mechanism on the back of the truck and how it interfaces with the load, and then all the pipes that go from ~the, ~the cab to ~the, the, ~the load, right? That's the API. That's the API of truck to load, and that's what matters. At the end of the day is [00:29:00] APIs. ~Like, ~that's what we review on Tanzac all the time is APIs. ~Like, the, ~the machinations under the hood to actually make that thing work, eh, ~you know, ~that's fine. We, ~you know, ~toss and replace and whatever. As long as that API is good, then you're gonna get there, right? That's Paul: of the truck analogy, and I'm taking that, putting it in my pocket for later. That's a good one, Jack. Jack: you go. Yeah. Noel: Yeah. Yeah. Cool. All right. Should we talk about, should we talk about,~ uh,~ TanStack and more supply chain attacks? You guys ready for whatever,~ uh,~ this version number seven or Paul: what do I need to be ready for? Because I know I use it, and I use Claude Code, and I wanna know what steps I need to take to make sure I'm good Jack: Oh, just use like pnpmv11 and then set it to like a day. But this is for anything really. ~I mean, ~honestly,~ uh, the, ~the TanStack vulnerability was really just like TanStack being popular, right? TanStack Start is taking off, TanStack Router, and this is what they attacked. And w- our CI/CD pipeline is public, just like everything else that we do.[00:30:00] My guess is that somebody like pointed Claude at our CI/CD pipeline and said, "Hey buddy, ~you know, I'm a, ~I'm a white hat hacker. ~You know, ~tell me what the vulnerabilities here are." And it gave them ~a, ~a really complex vulnerability path, Noel: Very sophisticated, yeah. ~Mm-hmm.~ Jack: vulnerability path that depended on us,~ um,~ having done a little bit of like fine-tuning work on our side to ~like ~try and reuse. 'Cause you do this all the time ~in, ~in CI/CD and caching. You're always trying to get that, that cleaned so that, ~you know, ~your GitHub actions cost less, 'cause invariably, ~you know, ~that's the thing. And, ~you know, ~so we weren't cleaning the cache properly, and so somebody else basically was able to ~kind of ~poison our cache of stuff with their own,~ uh,~ package and then get that released. And then, ~you know, ~so that, that's really what got us. ~Um, ~it was fixed within ~like ~30 minutes. ~All the, ~all the packages are gone. So like it, ~you know, th- ~th- if you were to download in that one like 30-minute block and you had- you weren't using pnpm11,~ uh,~ or w- something that basically had ~like, you know, ~"Hey, these packages have to be around for longer than a [00:31:00] day to use them" kind of thing, then you would've gotten hit. ~Um, ~and it was bad, right? ~I mean, ~it was an exfiltration thing and all that, so you know, you don't wanna get hit by ~that, ~that's for sure. But it was very bespoke to us. ~Um, ~and I would say that the-- you can have a lot of confidence in TanStack ~because, ~because our actual pipeline process is very robust. Which is, ~like ~if I wanna get a new TanStack AI release out, it's ~like, ~it's not a small thing. If I have to go and ~like ~get that, my ~PR ~PR checked and reviewed, then that doesn't go direct- that, that, that doesn't like CI/CD out. ~Like ~that actually goes into another process where we basically batch a whole bunch of change set releases, and then we do the change set thing, and that gets released. And there's another PR review for that, right? So it's like multi- it's like, you know, you think about ~the, ~the nuclear, ~you know, ~thing and the switching and the keys and all that stuff. There's a lot of key switching, ~you know, ~to g- to get a release out. These guys just, ~you know, ~found a way, a backdoor to do this, and my guess is, ~you know, ~when you think about ~like Mythos ~Like [00:32:00] Mythos is like the next rev of Claude, ~I guess, uh, ~what- whatever, Opus or whatever. And it's not ~like, you know, ~it went from no interest in security at all, not knowing anything about security at all, to being like security superstar, right? Just obviously it-- you can go and use Opus to go and find right now, without Mythos, probably go and find some decent vulnerabilities in the stuff, and I'm guessing ~that ~that's what they did. So yeah,~ that's,~ that's sort of the long and short of it. Noel: ~Yeah, I think that there's like... ~This is one of those where reading it, may-may-maybe I'm just not,~ um,~ I'm underestimating people here. But yeah, like I, I feel like just r-reading these, like the postmortems and ~kind of ~pulling it apart, it's just ~like, ~I think I, ~you know, ~am jumping to the same thing that everyone else is. It's just like a human didn't find this. There's just no, there's n- ~it's so, ~it's so ~kind of, um, ~it's so strange. I guess just to ~like ~try to contextualize this a little bit. Basically, there's, i-in GitHub Actions, there's two modes. There's ~like ~pull request mode and pull request target mode, and you need to use pull request target mode if you wanna do anything when people open PRs against a repo. So the,~ um,~ the workflow can ~like ~add comments and do useful things, Jack: do [00:33:00] Code Rabbit and, ~you know, ~Autofix and ~we, ~we have all that stuff. Noel: And ~even, ~even when one is nicely isolating it ~as the, um,~ as the,~ uh, the, ~the pull request target YAML config here had, it was like a dependency on something else that it used, and that thing was able to write to cache basically, right? And then, like,~ like, there was a, ~there was a function where,~ like,~ via injecting code that landed on a correct path, it made it so subsequent builds after this PR had been closed and everything. So the PR was opened, it b- did its build, it wrote bad values to the cache, basically bad code to the cache. A subsequent build ran that actually made it and eventually got merged, and then eventu- it hits the thing in the cache that runs this bad code and it exfiltrates the,~ um,~ the tokens. So there's like these, like sep- four different or three different concerns that,~ like,~ were all ~kind of ~only bridgeable in this very particular path, and that was like the ABC that was able to get the,~ um,~ OID- OIDC tokens out. There was never,~ like,~ any actual tokens [00:34:00] compromised or anything like that. It was just the temporary tokens needed to publish. Jack: Yeah. Noel: ~Um, ~but I think ~it does, ~it does yield this thing where it's just like I don't-- It, it's hard for me to see ~a, ~a future wherein this kind of stuff doesn't keep happening. ~Like, ~it's just like these seem like they're gonna keep getting more and more sophisticated. I don't even care about ~like, like ~if the models get better and all this stuff. It's just like this-- We're still in the mode where this is human configuration, like in, ~you know, ~like ~in, ~in, in this world wherein like the, these boundaries and security,~ um, kind of, uh, ~isolates are just really hard to properly reason over in a way that anyone would be catching this stuff. Jack: Yeah. And I don't know why, but,~ like,~ we do seem to spend an inordinate amount of time on CI/CD. Noel: A lot. Jack: where we have full teams whose full job is... And ~I, I, ~I was just like, "Oh my God, man." ~Like, ~I ~kind of ~coming out of meetings with them, I'm like, "I would rather die than do this job." ~Like, ~yeah, the CI/CD,~ like,~ really? ~You know. ~And I remember a while back,~ the,~ the guys behind I think Docker had this thing where they were, like, doing like a [00:35:00] tran- like, it was like Arrow or something like that, where they were doing like a... ~You, ~you would always know that your CI/CD is gonna work because you could actually essentially run like a CI/CD build locally on your machine, and it would use exactly the same,~ like,~ harness, I don't know, Docker thing, whatever, execution environment, and it was completely isolated and all that. And so I was like, "Yeah,~ that,~ that, that seems cool." But it never seemed to take off. But,~ like,~ maybe, yeah, maybe that's something. But,~ uh, you know, ~this was definitely was not just somebody,~ like,~ going up to one of our maintainers and being like, " Hey, ~you know, ~I've got this crypto idea, ~you know. ~What do you think about, ~you know, ~downloading this code on your machine Noel: give it a shot. Jack: it, ~you know?"~ Noel: Yeah. Jack: It Noel: Yeah. ~No, ~no, I know. ~Is, is there, is there, ~is there something specific to,~ like,~ the GitHub Actions kind of abstractions, you guys think? ~I guess, I mean, I think, ~I think there's probably two things going on. I think that these kind of attacks are probably a little bit unique to open ~source, ~source available repos, right? ~Like, ~that, that feels like this... That's the surface area right now that seems to be the kind of weak point. ~Um, ~if may- maybe it's an exposure thing, but I think there's something also about this,~ like,~ we're trying to automate a process that [00:36:00] inherently is gonna need to trust other people's code, and we're, like, trying to draw this boundary really explicitly, and I think ~that ~that's Paul: Yeah, we just need to ski- Noel: but then on top of that, is it something with,~ like,~ GitHub Actions in Jack: Yeah, maybe,~ uh, maybe, ~maybe GitHub Actions is almost,~ like,~ too flexible in that you can go and do all this kind of stuff, and ~at, ~at the end of the day, most developers Like, maybe I'm just speaking for myself, but I don't care. ~Like, you know, ~just build the thing, run the thing,~ be,~ be deterministic, ~you know?~ ~Like, ~make it so that,~ like,~ if I would ~do, ~do the same build, same code twice, it should work, ~you know, ~kind of thing. ~If it, ~if it worked. ~Like, ~I don't,~ I,~ I... That's not what interests me. What interests me is building apps and deploying apps. ~So, like, you know, I, ~I just want it to work. And so maybe GitHub could spend ~or, ~or whatever,~ like,~ as a community, we can come together and have,~ like, like, ~kits that just ~do it, ~do it right, and do it for this particular, ~you know, ~environment, and you can trust them and they're versioned and all that. And then,~ like,~ you just do that, right? And then it makes it easier on me to know that what I'm doing isn't gonna get, ~you know, ~hijacked by somebody or it, and is going to work because it's best practices and all I gotta do is just do it. ~I mean, I think, ~I think Google does have some stuff around this. I remember using,~ like,~ a [00:37:00] Google Action or something like that to do,~ like,~ change sets or something. ~But, ~but something bigger than that. ~Like, ~"Hey, here's a TanStack,~ like,~ GitHub Action doobalacky, ~you know. ~Just put this in, give us your repo, and we'll make it happen," kind of thing. That would be great. Noel: ~Yeah, yeah, ~yeah. ~Mm-hmm. ~Yeah. Maybe, and maybe we'll get there. Maybe we'll get to the point where, like... Yeah, ~I guess, ~yeah,~ I,~ I think ~there's a, ~there's a lot of configuration around the CI/CD pipelines, and,~ like,~ that, ~you know, ~it's like ~they're, they're, ~they're powerful primitives, but they're being stitched together manually by people who are probably doing this along with 17 other things in their daily job. And there's, and again,~ like,~ I d- ~like, ~reading these, it's like I don't know how anyone would've ever caught this. ~Like, ~these just seem,~ like, so... ~They're ~so, ~such little windows in so many different places that are just,~ like,~ being, these boundaries are, like, being hopped across. Jack: And this would be, like, the, I would say the last... ~If, if, ~if somebody, if Anthropic were to give us access to Mythos Noel: ~Mm-hmm.~ Jack: say, "Hey," ~you know, ~we would run it against TanStack Start. We'd run it against Router. We'd run it against, ~you know, ~the stuff that we're actually gonna give you. ~Like, ~the,~ like,~ the last thing we'd probably run it against is our CI/CD pipeline. And I, just to double down on stuff to add,~ like,~ a level of kind of extra credibility on things, [00:38:00] for TanStack in particular,~ like, I'm an, ~I'm an idiot, man. I've gotten phished, honestly. And, ~you know, ~so the fact that if I cannot,~ like,~ somebody cannot phish from me enough credentials to push something out, even though I have access to Git, I have access to those repos, I have blah, blah, blah, blah, blah. ~Like, ~our process is so tight that it would have to p- PR for me and ~then, ~then imitate me to try and,~ like,~ get it past PR and then get a change set. ~Like, ~it's never gonna happen, right? So it had to be this backdoor. It had to be ~at the, at the, at the, ~at the raw mechanical level of GitHub Actions to find, to get in there. And there's no single point ~of, ~of,~ like,~ human failure in here where, you know, stupid Jack could get phished and then, you know- Put out a whole bunch of packages that have, ~you know, ~exfiltration Noel: Yeah, ~it's not, it doesn't, it's, it doesn't, it doesn't,~ it's not like a social engineering attack. ~It's, ~it's an Jack: No. No, there was none of that. Noel: is probably ~a better, ~a better kind of way to think about this. It's like a CI/CD backdoor Jack: It was a [00:39:00] CI/CD backdoor. Exact- it's exactly what it was. Noel: is the cleaner way to look at it. Jack: so feel confident Noel: yeah. Jack: that,~ like,~ if you get code from Tanzac, we intended you to get that code, whether it works or not. That's in a different category, but we intended you to get that code, ~you know? ~Yeah. Noel: Cool. All right. ~Um, well, ~let's,~ uh,~ let's take a quick ad break. You guys have hot takes ready to go for after the break? Jack: Working on Noel: cool. This episode is brought to you by LogRocket. LogRocket provides AI first session replay and analytics which surface the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it free at logrocket.com. Okay. Hot takes. Does anybody-- Paul, are you ready? Do you have one? You wanna start? Paul: Yeah. ~I'm, ~I'm wanna build more on the,~ uh,~ token rug pull that I see more and more people posting about now, because it's real. ~Um, ~I do understand that,~ like,~ rates will increase or,~ like,~ Claude did that thing where it's like, "Okay, you wanna use headless mode, you have to,~ like,~ use this extra surcharge." ~You know, ~they're penny pinching. I get it. ~Like, they're, ~they're a company, they have to [00:40:00] make money. I just recently, and only recently, personally have felt more vindictive about our autonomy around our workflows and what we actually need these models for. I don't think we need,~ like,~ an F-350 to, like,~ like,~ go to the grocery store type of thing. And,~ like,~ right now we're all just very used to driving the F-350 To go to the grocery store. And it's not gonna be hard, and you're not gonna get rugged, and the hardware is getting better. There's gonna be ASICs that come out. There already are in some combobulation for running AI models at home with like great RAM and stuff, but I'm sure we'll find even better architectures of hardware. ~Uh, ~maybe Google will come out with some home computing units. Point being, if you think that you're a dev and you're like, "Oh my God, it's gonna ~like ~be so expensive and these m- tokens are gonna cost so much." ~I mean, ~yeah, if you don't change, sure. But just ~like ~be open to learning and you will be okay. You'll be okay. [00:41:00] That's my hot take. Which I don't know w- why that's a hot take, but based on things I've seen in the past couple months contrasted with how I've felt and the capabilities I've seen of some of these open source models and the hardware you actually need to get something useful, I guess it is a hot take. So you'll be okay. Jack: ~Well, ~it is odd taking it,~ like,~ it is dependent on RAM,~ uh,~ which is not cheap Paul: not cheap. Jack: A friend of mine's experimenting with Raspberry Pi, and he's like, "Oh my, that is not,~ like,~ a little thing anymore. That's,~ like,~ a substantial investment." It's ~like,~ Paul: Look, if you at any point are gonna hire an Upwork person to help you to-- when a project overruns your bandwidth and you spend two or $3,000. Okay, I spent $3,000 on a 128 gigabyte RAM DDR6 box, and I'll never need to do that again. Pretty good Jack: Yeah. Oh, yeah. Yes, absolutely. Yeah, yeah, yeah. It, it-- Now you're right. One of those times when,~ like,~ if you're gonna hire a dev, a de- a dev and send them,~ like,~ a new M5 blah, blah, blah, blah, blah, what, whatever, don't go with le- like, the 64 gig [00:42:00] model or something like that, or the 30... ~Well, ~Christ, don't even go for the 32. U-use 128 so you can get,~ like,~ they can run local models, they can do that stuff, 'cause it's gonna Paul: It'll save y- it will save you a fortune. Yes Jack: Yeah. Noel: Cool. Did you come up with one, Jack? Jack: Oh, yeah. ~So, ~as always, I'm not gonna do anything technical this time. I'm gonna, ~you know, ~lean back into movies again and say that there is a movie called "They Will Kill You" that is getting panned critically, but I love this movie. I loved "Mad Max: Thunder--," ~uh, uh, ~"Fury Road." It is-- I love just kinetic, crazy, ~you know, ~over-the-top stuff, and this movie has it. ~I mean, ~there's amazing fight scenes. The intensity's great. The music, oh my God, they use this Doichi track in one of the sections, and it is phenomenal. And it seems kinda, ~I mean, ~it seems like the plot's not really all that amazing, but at the same time,~ like,~ the deeper that you look into it, it's like this whole "Dante's Inferno" thing in reverse, and it's ~like, ~oh wow, that's actually kinda, kinda deep. ~You know? ~So I co- [00:43:00] showed it to my kid. ~I, ~I loved it, and then I showed it to my kid, and she's ~like, ~"Yeah, this movie rocks." So I'm like, "Yeah, okay. ~This is, ~this is cool." "They Will Kill You," ~uh, it's, ~it's just a lot of fun, ~you know? And it's, ~and it's very intense. And apparently ~the, ~the lead actress spent four months training for it, and it shows. ~I mean, ~she's just ~like... ~cr- it's crazy the stuff she Paul: just looked it up to save it. Noel: ~Yeah, ~yeah. I'll keep a note as well. Jack: Yeah, no problem. Enjoy. Noel: Yeah, okay. My hot take is I'm,~ um,~ starting to feel the pain of all of these ~like, uh, ~th- the,~ like,~ technical recommendation window. I feel like there's a whole new kinda, kinda grift opening up influencer that's not the thing before of ~like, you know, ~the people with AI companies are gonna-- we're gonna take our jobs. We're in the final stage of capitalism because of AI and all that jazz. But the,~ like,~ more developer persona of ~like, ~"Here are these three new skills that will save you from everything," and I'm just like... I think skills can be really n- really nice, but I think,~ like,~ I don't think there's a ton of utility in very broad,~ um,~ skills that are kinda trying to like subtly tweak your [00:44:00] whole flow and are universally applicable. I think it's like skills are most effective when you can t- when you're tailoring them for your given project, and you can get a lot of bang for your buck just by like maybe going and looking at a couple of those for inspiration. But then,~ like,~ just set 'em up. ~Like, it's, ~it's natural language. ~Like, ~this isn't, this isn't-- ~there's no, ~there's no,~ like,~ magic here. ~Like, ~y- ~you know, like, ~they're markdown files. ~Like, ~you can ~go, ~go write your own. ~Look at, ~look at people. Look at,~ look,~ look at what other people are doing, but ~like ~don't just pull a bunch off the shelf and end up with 2,000 skills locally. ~Like, ~it's not, you're not, it's not gonna save you any time. Jack: It's gonna do that same thing as that package JSON with like 18,000, Noel: yeah. It's the same. ~Yeah, yeah, ~yeah. For sure. It's ~like ~have a couple you like a lot and get your model, get your agent using those. Jack: Yeah, I ~kind of ~got suckered into this actually. ~Um, ~Paige, who's usually here,~ uh,~ was like, "Oh, you got to try out this Superpowers skill. It's on, ~you know, ~from Anthropic and ~it, ~it's gonna ask you tons of questions and stuff, and it's gonna use sub-agents and ~it's, ~it's pretty amazing." And I'm like, "Oh, cool. Okay, great." And so ~I, ~I installed it and then promptly forgot that I installed it, which is a great thing to do. ~Uh, ~[00:45:00] and then I started like working on a project and next thing I know it's like it would ask me a bunch of questions, do a little bit and then stop, and then ask me more questions. And it's like, whoa. And then, so I'd be out in the garage and come back. I'm like, "You're supposed to be working. Like ~I'm, ~I'm out in the gar- I'm doing stuff. ~Like ~what are you-- ~You're, ~you're supposed-- You're asking me questions? Like you should let me know or something." And it's ~like, ~and this is a superpower thing and it's like, ugh, okay, I get it, but ~like, ~ugh, man, really? ~Like ~don't change my workflow. That's not cool. ~Well, ~let me know first. Noel: ~Yeah, yeah. I think, I think that, that, that's tough. And again, like~ I think it's gonna be very dependent on the project and the scope. And like I, I think that the skills, if you're working in some large monorepo versus ~like ~a very specific little package, like I think your skills should be entirely different. It's like it's just there's Jack: Yeah. Yeah. Noel: this kind of one size fits all, you should use this for everything. It's just like ~it, it, ~it irks me as soon as I'm seeing it now. ~Um.~ Jack: That g- that kind of goes hand in hand with what we talked about early on, which is like a really good fixed development environment where like everything's there, ~you know, ~you can rely on it. It, ~you know, ~and that way you can run multiple agents simultaneously and feel confident about [00:46:00] that. Like getting that working is one thing, and then getting the skills set up for the development inside of the monorepo, that's another, you know, like, okay, so before you PR, you want to go and make sure the CodeRabbit runs and blah, blah, blah, blah, blah, and the lint runs, ~you know, ~whatever, ~you know.~ So maybe ~like ~a Husky thing or, ~you know, ~hey, ~this is, ~this is our special skill for when you add this type of command, we're gonna go and add it to ~like ~three different repos or whatever, ~you know, ~like whatever that is. Noel: Yeah. Exactly. Exactly. Cool. ~Well, ~we're,~ uh,~ we're run- running up on time, so we should wrap here. ~Um, ~yeah, thank you guys for joining me. Good chatting as always. Paul: guys Jack: you next month. Noel: take it