If you need to connect to remote networks, or if you are outside of your network and would like to connect into it, then almost certainly you need a VPN. Jim has lots of real-world experience connecting networks together. In this episode we talk about various ways to connect and list some of the issues that you might run into.

Take-aways from the episode:

• There's a difference between a "VPN" and a "VPN Service"
• If you are looking for something simple allowing you to talk to a home machine while you are outside the home, Tailscale works REALLY well. It doesn't require you to "poke a hole" in your firewall.
• If you want a bit more control and host everything yourself, Wireguard is GREAT for that. I used to recommend OpenVPN but now I think Wireguard is the best choice because it's so much easier to set up.

Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

If you have feedback for us, please send it to [email protected]

Checkout our webpage at http://RuntimeArguments.fm

Theme music:

Dawn by nuer self, from the album Digital Sky

Wolf talks about making your programs better. There are lots of ways to make them better. It all starts with figuring out what matters and measuring it. Measuring it all the time. Measuring it more. This episode is about following that path.

Show notes:

Take-aways from the episode:

• Understand what you are optimizing for: (speed,memory,storage,developer, etc…)
• Measurement is job one, because that’s the only way to know where the money is actually going.  You should be measuring.  A lot.  More than that.  It should be part of CI/CD.  You should run it before pushing.  Everyone should be doing it.  Measurement might be even more important than testing (and don’t get me wrong, testing is very important).  When I worked on Mozilla, our build servers did timing.  If your commit slowed something down, that was considered “bustage”, and required immediate fixing.
• Use the profiler for two things:
  • To see if the whole thing is faster or slower so you know when it’s time to look deeper
  • To dive into the actual execution and locate the bad parts you need to improve.
• It’s all about the money.
• Write clear, simple, and correct (you’ll know by testing) code.  Only then should you optimize.  Do I need to repeat the old adage about premature optimization? “Premature optimization is the root of all evil.”  It’s easier to speed up working code, than it is to fix fast but broken code.
• Understand the (real) data you will be operating on.
• You don’t know just by looking at the source what actually costs you the most money.  Yes, you can see where stupid things happen, but even for those, knowing which actually matter requires measurement.

Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

If you have feedback for us, please send it to [email protected]

Checkout our webpage at http://RuntimeArguments.fm

Theme music:

Dawn by nuer self, from the album Digital Sky

When setting up a new system there's many things to think about including choosing the filesystem. In this episode, Jim dives into all of the choices and describes the benefits of each. Wolf is here to ask the questions, and to fail at keeping Jim entirely on track.

Show notes

Things to think about:

1. For Linux, ext4 is the default for many distros and it's pretty good but btrfs has some really great benefits and you should consider using it.
2. For MacOS, the default is case-insensitive for filenames.  This can cause some problems when cloning some git repos because within the repo there may be two files with the same name, only different by case. In a case-insensitive filesystem, you'll have a collision. BUT, turning off case-insensitive can cause other problems for some applications. Maybe the best thing to do is create a separate case-sensitive filesystem on a volume and use that for your git trees.
3. Beware of the 'Year 2038' problem on linux filesystems before ext4.

Links:

• https://en.wikipedia.org/wiki/Year_2038_problem
• https://en.wikipedia.org/wiki/Comparison_of_file_systems
• https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
• https://learn.microsoft.com/en-us/windows/dev-drive/
• https://www.ufsexplorer.com/articles/macos-file-systems/

Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

If you have feedback for us, please send it to [email protected]

Checkout our webpage at http://RuntimeArguments.fm

Theme music:

Dawn by nuer self, from the album Digital Sky

People throw around the term Functional Programming but it's not always clear what they mean. In this episode, Wolf explains what goes into FP, and together we build a clearer picture that reveals you might already be doing it.

Show notes and things to think about:

1. Functional programing isn't academic.  It isn't overwhelming.  It isn't impossible to use.  It isn't inapplicable to ordinary problems like the ones you're solving right now.
2. You can use functional techniques in almost any modern programming language.  In fact, you probably already are.
3. Main pillars of FP:
   1. Pure functions (no side-effects)
   2. Functions are first-class objects (you can pass them as arguments, you can return them as results, you can store them in lists or any other data-structure)
   3. Data is immutable by default
   4. FP languages often provide powerful pattern matching syntax (didn't mention this much in the episode other than briefly noting Python's new match statement)
   5. A couple of things not mentioned: in FP, your code is more about what you want, not about how to get it.  That stack of functions for the sales data example looks declarative, not imperative.
   6. A couple of other things not mentioned: recursion and lazy evaluation.  Not exclusive to FP, but very often available in functional languages.
4. Papers and explanations about monads might be unreadable, but you're already using them and you already know how they work.
5. Using FP techniques appropriately can make your code easier to test, harder to break, and possibly even prettier to look at.
6. There are places in your code right now that you can make better right now with FP.  Do it!

Links:

• We mentioned a ton of languages.  Most of them have easy to find home pages so I'm not going to list out all the links; but there are a couple of obscure ones
  • There's nothing for the original Lisp, the closest these days is probably https://common-lisp.net.
  • ML can be found at https://sml-family.org but the more modern and popular variant, OCaml, can be found at http://ocaml.org.  Microsoft's take on this is F#, open-sourced at https://fsharp.org.

Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

If you have feedback for us, please send it to [email protected]

Theme music:

Dawn by nuer self, from the album Digital Sky

Web browsers and web sites have been around for quite a while. Javascript has been the language driving those pages but there's a way to write in a lower-level language and speed up the slow parts without losing cross-platform compatibility. That way is called Web Assembly (WASM). In this episode Jim explains exactly what that is, and Wolf asks questions.

Show notes:

Take-aways from the episode:

1. If you have a compute intensive part of your web application, it may make sense to implement that bit of code in a compiled language like C, C++ or Rust and then compile them to WASM so they can be executed in the browser.
2. Security and Portability. WASM code is secure as it utilizes the browsers' sandbox and portable as all browsers are supporting the W3C Standard WASM.
3. You are almost certainly using WASM based applications. It's in use in Google Maps & Docs, Netflix, Spotify, Amazon and many more.

Links:

• https://emscripten.org/index.html
• https://emscripten.org/docs/getting_started/Tutorial.html - Nice tutorial
• https://github.com/WebAssembly/wabt - Web Assembly Binary Toolkit
• https://collabnix.com/top-20-companies-that-uses-wasm/ - Companies using WASM
• https://developer.mozilla.org/en-US/docs/WebAssembly/Reference - WASM Instruction set
• https://developer.fermyon.com/wasm-languages/webassembly-language-support - Languages supported
• https://github.com/snaplet/postgres-wasm - Postgres implemented in WASM

Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

If you have feedback for us, please send it to [email protected]

Theme music:

Dawn by nuer self, from the album Digital Sky

Lots of people talk about Cryptocurrency. It's in the news all the time but who really knows what it is? In this episode, Wolf reports his research and together we dig into it and explain what it's all about.

Show notes:

Take-aways from the episode:

• Crypto is not really anonymous
• Crypto is both regulated and taxed (at least here in the US)
• Legal uses of crypto outweigh illegal uses.  This stuff is legitimate.  There are dangers, but crypto is something you might legitimately possess
• There are scammers everywhere.  Protecting the private key in your wallet is vital to keeping your money: don’t lose it, don’t let it be stolen, don’t give it away.  Stealing your private key is much easier than stealing US dollars out of your bank account.

Feedback from episodes:

Champ at Key 9 Identity sent us a couple of links for blog posts on passkeys.

https://blog.k9.io/p/passwords-must-die

https://blog.k9.io/p/key9-the-2025-security-key-shootout

Hosts:

Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

If you have feedback for us, please send it to [email protected]

Theme music:

Dawn by nuer self, from the album Digital Sky

Have you thought about moving your computing into the Cloud?

This episode takes a look at a real-world adventure that Jim went through when moving his computing infrastructure from purchased servers in a rented rack in a datacenter to a VM Running in a cloud service provider using Docker, Linux, managed PostgreSQL. He covers the steps he took to get there, how it's going, the good stuff and the challenges in making it work.

Show notes:

Cloud service providers:

• https://portal.azure.com
• https://aws.amazon.com/
• https://cloud.google.com/

Technologies used:

• https://www.postgresql.org/
• https://www.docker.com/community/open-source/
• https://www.haproxy.org/
• https://github.com

Hosts:

Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

Theme music:

Dawn by nuer self, from the album Digital Sky

There are many scams, some to get your password(s), some just for money.  Join us as Wolf tells everything he knows and together we discuss a new way to protect your online accounts.

Show notes:

Lists of login methods:

• https://testdriven.io/blog/web-authentication-methods/ 
• https://www.logintc.com/types-of-authentication/

Who implements Passkeys?

• https://www.passkeys.com/websites-with-passkey-support-sites-directory
• https://fidoalliance.org/passkeys-directory/
• https://www.keepersecurity.com/passkeys-directory/

The three things that come together to make passkeys:

• Using key pairs, like SSH: https://www.ssh.com/academy/ssh/public-key-authentication
• Biometric authentication, you're already used to it from your phone
• New User Interface "ceremonies"

Which password managers support passkeys?

• 1Password (our personal favorite)
• Bitwarden
• Dashlane
• Google Password Manager
• Keeper
• NordPass
• RoboForm

A little about password managers:

Almost any password manager is better than no password manager at all so do your research. Find the best one for you. Make sure it answers these questions:

• Does it run on all the platforms you care about?
• Does it have a pricing model you like?
• Does it use a cloud service, or not, or of your choice, in a way that you like?
• Does the password service itself have access to your keys?
• What kind of secrets can it keep?
• Passkey descriptions and implementation documents
  • The FIDO alliance: https://fidoalliance.org/passkeys/
  • Google (for developers): https://developers.google.com/identity/passkeys/developer-guides
  • Apple (for developers): https://developer.apple.com/passkeys/

Wolf's top three personal digital security recommendations

• Use a password manager (it should support passkeys).  See above.
  • Once you create a passkey for a specific service; change your previous password. The new one should be generated by your password manager and you should never use it unless you absolutely must.
• Make sure your device is secure
  • Use biometric authentication
  • Have a strong password.  Your password manager can generate one made from words.  Easy to remember; hard to guess.
  • Make sure you know how to force your device to require a password.  You can be tricked or forced to authenticate biometrically.  Law enforcement can't force you to reveal a password; and if you're careful, you can't be tricked out of it.
• Be aware of your surroundings.  Bad actors can "shoulder surf" and get your password, or cameras. It's just like the old days at the ATM.  You don't want a person right behind you to see your PIN.

Hosts:

Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Follow us on Mastodon: @[email protected]

Theme music:

Dawn by nuer self, from the album Digital Sky