[00:00:00] MB: Hello and welcome back to Software Engineering Daily. My name is Mike Bifulco. I am one of the co-hosts of Software Engineering Daily. I'm also CTO of a company called Craftwork based in Charlotte, North Carolina. I am sitting down today to talk with not only one of my favorite people in the world, but also someone who I'm lucky to call a friend, and a former co-worker. Charlie Gerard, who is a software developer extraordinaire, and just like a genuinely good person, who I haven't had a chance to catch up with in probably a few months, was the last time we talked.

Charlie, thanks so much for joining today. How are you doing?

[00:00:35] CG: Well, thanks for having me. It's a great intro. It's probably the best intro I've ever had. But yes, I'm good. Yes, at the moment, not working. But yes, on a break, and it's actually really nice. 

[00:00:48] MB: Got it. Yes. So, last you and I had really caught up was a few months back. It was after – you and I had been working together on the Developer Relations Team at Stripe. I left Stripe last year around November, and we had talked a few months ago, just kind of catching up, generally speaking. But at the time, things were sort of going fast and furious for me and starting to feel like they might be a little up in the air for you, and some life changes were coming your way. So, why don't we start there? Why don't you catch me up? What's new with you? First of all, where in the world are you? Where are you talking to me from today?

[00:01:22] CG: Right now, I am in Melbourne, in Australia. So, it had been a plan for me to move back here for a while. Yes, I kind of made, not last-minute decisions. But yes, things were supposed to be the way and I just moved anyway. So right now, I'm in Melbourne. I also left Stripe, and in like at the moment, I'm in between jobs. I should be starting another job soon-ish. But as I'm not Australian, I'm in the process of waiting for a work visa. I don't really talk about where I'm supposed to go, because if I don't get the work visa, then I will be doing something else.

But at the moment, I'm on a break. It's been nice. I feel like I needed a break anyway. I've been thinking about taking a break for a while. But usually, when you're on a work visa, you can't really have the kind of extended break that I was looking for. I've been enjoying looking back at some projects that I've built in the past and coming up with new ideas. So, I've still been busy, but just not working for somebody. 

[00:02:27] MB: Yes, got it. Okay. Well, I feel like you always find ways to stay busy, for sure. I will knock on wood over here in an audio recording safe way for you that I hope things go well with work visas and all that.

You have, of course, also been on this podcast before, on Software Engineering Daily, I think, around a year and change ago to talk about machine learning and a book you had written at the time. Which obviously, that's a call for a plug as well. You wrote a book called Practical Machine Learning in JavaScript. What's the pitch for that? Why would someone be interested in machine learning and JavaScript to start?

[00:03:03] CG: Yes, so I wrote that in 2020. Things have changed and it's not directly related to the current AI hype. But it was my way to teach people how to do machine learning in JavaScript, so it's more targeted towards front-end developers and for people who might not have any background in machine learning at all. It's like an introduction to understand how it works and what you can do with it, especially in the browser, to give a chance to people to explore that topic, while still using a language that they already know. So, they don't have to learn everything from scratch. Then, if people want, they can dive a little bit deeper, but it's mainly using TensorFlow.js.

Yes, so not related to ChatGPT or anything, but I feel like, actually, I realized that because I wrote that book, and because I had been doing quite a few machine learning projects at the time, it made me understand a bit more how ChatGPT works, and that's why, with the whole hype, I didn't really buy into it. Because when you understand it a bit more how things work, it's a little bit less magical, and you can understand why maybe it's not ready yet to really like build. Like, it's not going to take over the world the way that maybe some people talk about, and I feel like learning more about these topics allow you to have a critical thinking mindset when it comes to things like that.

So, I haven't actually done machine learning stuff in a while. But I mean, I've been looking at the new AI things with the new tools. But again, it's like I've been able, when you learn about machine learning, then anything that comes after that in the new tool, you're able to understand more quickly what the benefits are, and what they're not able to do, and you have like a faster understanding of the tools and the possibilities.

[00:04:51] MB: Yes. I think I'm going to give you credit for being just way ahead of the Gartner Hype curve on machine learning there, having written a book years before it caught the zeitgeist for most people.

[00:05:00] CG: I feel like sometimes maybe I'm wrong, because there's so much hype that sometimes I'm like, “There must be something I'm missing.” I've been asking myself that question a lot. But then, I did some extra research, and I'm like, “No, I really think that for what I would like to do personally, I don't think it's quite there. I understand that if it can write code for you, then you build things faster.” But when you want to have an understanding of what you're doing, I don't necessarily think that having your answer right away is the way to learn personally. But I know that if you just want to be fast, then sure. 

[00:05:36] MB: Yes, it's an interesting place to be. I think, I've been kind of on both sides of the fence about ML and GPT, like flavored tools. I have an article that I wrote a while back, that was about my first experience using, I guess, it was GPT-2 or GPT-3 at the time as like a way to generate writing. My genuine, one of my first five experiences using this thing was to gen – I tried to get it to generate an article for me based on some inputs that I gave it. And it wrote a beautiful, super interesting article on this psychology thing that I was really interested in. It wasn't until after I generated this article, I read it, I was like, getting ready to post it, and I was doing research on it, as you probably should do, if you have a computer generate something for you. And I found out that everything it had written for me was completely wholecloth made up.

[00:06:25] CG: I'm not surprised.

[00:06:27] MB: Yes. That pivoted the focus of my article at the time from, “Hey, here's this whole psychology thing”, to like, “Oh, crap, we need to be careful about trusting the robots to do all of our work.” I think it's an interesting world we get to live in too, because it feels like things are moving very quickly, and there's a lot of companies that are sprouting up around these tools. 

My feeling right now is that we're going through almost like a zeitgeist where everything has to have an ML or machine learning or AI spin on it. What I have mixed feelings on is whether there's really a moat around these companies that have built themselves on top of like, copilot for X. How do you defend your thing, if you're just wrapping around ChatGPT?

[00:07:11] CG: I mean, it's like the old things. We're going to create Uber for X or stripe for X. Yes, well, let's see how it goes. I'm going to say like that.

[00:07:22] MB: Sure, yes. You said you haven't really dealt much with machine learning in a while. So, what's keeping you busy right now? What's occupying your mind space?

[00:07:31] CG: So, at the beginning of the year, I started Bachelors in Cyber Security online. I was doing that already when I was at Stripe, but now that I'm on a break, I have a bit more time. That's been – I feel like I might be at a point in my career where I'm pivoting towards that. That's been keeping me busy. There's so much to learn in that space. I feel like the first time that I learned my first, I mean, when I wrote my first line of code in JavaScript, like almost 10 years ago, and then you realize that you can do so many things, I feel like I'm having the same moment in cybersecurity.

It's almost overwhelming, because all of a sudden, I feel like I'm going back to junior level, because I'm trying to look at a new field. But I feel like having a background in programming is also helping me understand certain things that might not be taught in a cybersecurity degree. I've been studying that and trying to build side projects to learn certain skills related to that on the side as well.

[00:08:36] MB: Yes. It's very interesting to pivot so hard into something that's pretty different from the things you were doing before. For the sake of it, and in case we have folks who are listening who may not be like dipping their toes into cybersecurity stuff yet, how would you kind of describe cybersecurity on like 100 level? What does it actually mean to study it?

[00:08:54] CG: So, you learn more how things work on a deeper level. When you're a web developer, that you learn how to build a website, or how to ping APIs and things like that. But in cybersecurity, it's almost as if you were learning to break them. I mean, it depends. It depends if you're doing offensive security or defensive security. But you'll learn more about networks. You learn more about – I mean, you get certifications like Network+ or Security+, and you understand how to set up your own network. You even learn about cables, and about good connections, at the end of the cables, and you'll learn about the different types of things like that, Cat5, Cat6 cables.

At the moment, I only started, so I've been studying that. You also look at tools like Wireshark to look at packets that are sent between hosts when you make a request and you learn about subnetting in IP addresses and things. So, at the moment, I've been mainly learning about networks and about tools like NMAP in Wireshark. I don't know what's coming up next. I think that my next class is going to be getting the Security+ certification. But it's more around understanding under the hood how things work, and what kind of vulnerabilities might be there. So that, then you can protect a system. It's almost in my way of like diving deeper into technology in a way that when you're a web developer, you might not really get to do because you – usually, we've already built tools that make it relatively easy to build a web page, and sometimes you might get a bug that allows you to dive deeper into what might be going on. But on the security side, it's more creating robust, almost like a platform that you can then build things on top of.

[00:10:41] MB: Yes, that's a fantastic description of computer security. I have maybe a 100-level understanding of computer security things. I am a longtime web developer, and I think one of the things that we often take very much for granted as web developer folks is like that network panel in your browser or developer tools is like all of the magic that happens between a server and your browser window. Every step of the way, where that bit of information is happening from computer to computer to modem, and router, and switch, and all these other things like there are physical ways to intercept that signal. There are ways to monitor and modify that signal. There are ways to do malicious things along the way. You can be blissfully ignorant of it as a web developer and create a lot of very dangerous situation. So, which can –

[00:11:30] CG: It’s almost scary. I think I realized that I wish that web developers knew a little bit more about security, because I feel like there's probably ways where I, like, times when I implemented unsecure things in applications, because I didn't know, and we're not really taught that. So, even at a web level, you can make sure that your applications are more secure. You don't have to go all the way to making your networks secure. But I'm hoping that the more I learn about this, then maybe I can also teach it and raise awareness about the things that sometimes we do that are very not secure. Yes, hopefully, I'll do that once I finished the degree.

[00:12:08] MB: Charlie, I think one of your skills in life is that you seem to be very good at giving people creative ways to learn things that are very coherent and thoughtful. So, if you're listening to the podcast, Charlie's website will be in the show notes. She has a whole list of projects that she's done over the years that are sort of like interesting educational projects that are, I would vaguely describe the things you've built as like, here's an interesting idea, I had to demonstrate something that you probably didn't think was possible. And everything from like controlling interfaces with gestures, to recreating things from Squid Game, to listening to the airplanes flying outside of your apartment window.

Super, super interesting uses of technology that for me, it creates a memory, it creates something that I have like a strong association with, “Oh, this is the thing that's possible.” Every jet that flies by on the horizon has data that they're transmitting, and I could be listening to that, that's out in the world. I think that's something that you bring to the world with you and it's a really wonderful skill to have. I'm curious from this, your a few months into studying computer security, are there things that you've learned or experienced since starting that were eye opening to you? Things that you hadn't considered before?

[00:13:22] CG: Yes. So, it was mainly when – it might be when I was doing a capture the flag competition where it's a competition where you spend the weekend, there's challenges that cover different areas of cybersecurity, and you're trying to find vulnerabilities in systems. There was one where it was about using Wireshark to analyze packets. So, there was a packet capture, and you were looking at it and I didn't realize how if you were using WEP for your Internet, so if it's not really secure, then you can really intercept things in them. You can really see some of the some of the things, like a password. If somebody logs in into the Wi-Fi, it's not really protected. You can really easily intercept the password and connect to their Wi-Fi, or even as a web developer.

So, I know that you have to use HTTPS on websites now for it to be encrypted. But I had never really seen that if you only use HTTP, you see everything. It's like, if you log in on a website, that is not HTTPS, I can see your login and password. It's silly, because I knew, theoretically, but I didn't see it myself. It’s this kind of moment where you really realize why you're using something, because you already see in front of you, like I can – I know that this user uses this login and this password and that you can – it’s a competition. So, it's not like in real, I didn't actually steal people's passwords. But it's a really nice way to put like – to almost have it engraved in my memory now why we use certain things. So, if you ever want to try Wireshark, I think it is illegal to do it on a network that you do not own it. So, you could do it at home, for example. You could run Wireshark on your laptop, and analyze to capture the packets that go from like an iPad or a phone. So, you can do that if it's your own devices. But please don't do that in an airport or something. I think that's not legal.

But yes, it’s things like that, where you use technology every day. And sometimes, you have a lot of other things to learn. So, you don't realize again, how things are built and what you can do with them. Once you start to like open that door of cybersecurity, you're like, “Oh, wow, I wish that people have explained properly why I should do something and not something else.” Even if theoretically, I know, now I have it in front of my eyes. It's like, “Okay, yes, now I know.” Even password cracking, like, really, now I understand why people say use a very long passphrase and multiplexers. Because if you do this capture the flag competition, usually there's a section about password cracking, and the tools are available. They're open source. I have them installed on my laptop now and you can really see if you use like a word list, you can figure out a password in a few seconds. It made me want to tell everybody – I feel like as developers, we know. But I'm not sure if my parents know. I'm not sure if the random cashier at the grocery store knows. I wish that we had more resources around telling people and really showing them why they should do something.

The other day, I was watching the news, and they were talking about certain scams now. If you buy something on – here we have a website called Gumtree. I don't know if you have it internationally. It's like some kind of, you buy something from your neighbors or something. They were talking about a scam of like, “Oh, and you can be scammed.” But they didn't tell people how. So, as a person, I wouldn't know what a scam would look like, and I wish that we were going further than just telling people, use HTTPS, or use a strong password. If you see in front of you, your eyes, on your screen that your password has been like decoded, then it will probably – you will have this whoa moment where you probably won't forget that, and you will actually be more careful in the future. So maybe again, that's something that I would like to maybe teach in some ways. But yes, it's a bit scary to look at this as well.

[00:17:18] MB: It's a very eye-opening experience. It's almost like, well, once you see it, you can't unsee it, and I think has the potential to give you a very paranoid life experience.

[00:17:29] CG: Yes. I mean, I’m a bit paranoid now.

[00:17:31] MB: Yes, well, maybe that's a good thing. But I like the educational bent that you're taking. There's an opportunity to teach people to do a little better. I would imagine many people listening to this show have an aunt or an uncle or a relative who, every time they open up their phone, they see the message that says, “Hey, you need to update iOS. It's four years out of date.” And they're like, muscle memory is to just hit the not now button, and you have a minor panic attack. It's just so hard to explain why that's important, because it's just a little popup on your screen. It seems so –

[00:18:01] CG: Because people don't tell you what exactly you can do with the vulnerabilities in that system. Sometimes I feel like if people try, you might have – they might invite a security researcher on TV who maybe is not an educator, so they use all the big words that people who are not in tech don't understand, and it makes you feel like, “Oh, well, I'm not going to do anything about it then because they don't understand what they're talking about.” Yes, so I feel like, I wish that people sometimes understood who they're talking to, and how to really approach. If you want to educate people, you really have to find a way for them to relate to the information that you're sharing. So hopefully, maybe I’ll able to do that. It's something that I've really wanted to do.

I started, I think, last year, I wrote a couple of blog posts about running attacks in Node.js, and it was really interesting, because it was taking my web developer approach with cyber security as well. I tried to teach that, but then you also have people who think that will never happen to me, and then I can't do anything about that one.

[00:19:05] MB: Yes, well, that's the thing. We all learn the lesson once that happens –

[00:19:08] CG: Yes, but I don't want ransomware to have in people.

[00:19:13] MB: Of course, yes. It's funny, you mentioned before the difference between HTTP and HTTPS, being so striking and so scary. That truly like every bit of information you're sending back and forth over the Internet is in plain text, if you don't have those certificates in place. I think it's an interesting thing too to point out that were like, only a few years removed from that functionality on the Internet, essentially being paywalled. By that, I mean like, as a software developer in, let's call it 2015-ish era, you would have to pay a pretty stiff ransom for anything you wanted to have SSL enabled online. Meaning, it was much harder back then to start a project online to make money off of, because you would have to front a few $100 a year for SSL security for your domain. It's pretty much free. It's almost hard to spin up a website without HTTPS now.

But it's a very interesting thing that that is like such a fundamental security thing on the Internet, and that there are companies like, oh, my gosh, what's the one that creates all the certificates for free for [inaudible 00:20:18] and Netlify, and all those companies?

[00:20:19] CG: I know who you’re talking about. Something with encrypt?

[00:20:25] MB: Anything, something like that?

[00:20:27] CG: Yes, I'm sure people will know as well. It's super well known. But I forgot.

[00:20:31] MB: Yes. One of the things I really love about computer security is as we get better at it, like it's a perpetual competition between the attackers and the white hat, good guys. As we get better at it, the bar is always moving, but we're learning more and more. For someone like you, that also requires that the things you learn and the things that you educate people with are going to always be changing. So, it's not like you can do this thing once and then, you write the book, and then next year, you have to take up watercolor paint or something like that. It's always going to be a problem. Is that something that's energizing for you? Or do you find that intimidating?

[00:21:05] CG: Maybe a bit of both. I feel like it's quite similar with the web-dev industry, where there's always a new framework and things like that. But let's say what's at stake is more important. Let's say if I don't keep up with the new version of Next, for example, like it's okay, my website will still work. I can update it later. But if I don't keep up with the types of attacks that are available, then it's like people, you can steal money from people their entire retirement, or – I mean, there's a lot of types of cybercrimes as well. I feel like, yes, what's at stake is more important if you don't keep up with what's going on. But yes, there's a lot. There's also what's called like, zero days, where sometimes it's an attack where we don't have patches for, and there's a lot of them all the time.

So, there's definitely a lot, and I'm only just starting, so I'm excited to learn more. But I feel like it might end up being exhausting, just the way that people have JavaScript fatigue, maybe have cybersecurity fatigue. But I feel that you also kind of want to have cybersecurity fatigue, because if you're here to protect people, you can't just be, “Oh, I know, I'm tired now.” I feel like it's not the right thing to do. But we'll see. We'll see how it goes. I feel like, even if you – I mean, keeping in touch with what's going on, I do it at the moment with reading research papers, but I'm not at the point where I totally understand what's going on. I might just store the research papers to like reread them in a bit.

But what I love about it, is it's very, very creative. I mean, software engineering in general is really creative. But I feel like maybe cybersecurity is creative in a different way when you look at the offensive side, probably also the defensive as well. But it's really, instead of thinking about how am I going to build this, is that how am I going to break this? There's also like, yes, and everything is like a mix of technology and also human aspect. How can I trick this person into doing this? It's definitely a whole new world.

[00:23:12] MB: Yes. I think folks who get into computer security are really interesting to me, because there's so many different directions you could go with the knowledge. The traditional like, black and white view of this is what is it white hat and black hat hackers. It’s like the white hat hackers look for problems, and then share the solutions. And the black hat hackers look for problems and abuse the solutions and use them for financial gain.

But I think there's also quite a few other things that happen as a result of this, that are just like kind of maybe curiosities or funny things that happen that find their way into, I don't know, pop culture, and hobbies and things like that. I know when I was in university, there were a number of like puzzles online that were these web puzzles with like, hundreds of levels that started out with like, go to a web page, look at the source on the page, and find the password to get you to the next URL you had to go to. It starts from there and ends up with you like wandering through a field in the middle of the south of Germany, like trying to find the coordinates for something and digging up a hole and all this other stuff. It is really interesting to see these things like touching the real world and getting people to learn things. 

But I was also reminded recently that a direction that people go with this kind of thing is like reverse engineering, and there's a really interesting thing that's happening online as we grow older as a world that has had technology in our lives where we're losing the archival access to things we used to have. And literally, by that, I mean things like old movies and games and books and things like that start to disappear. And I think it's been really interesting to see people who have a good understanding of computer hardware, like go back and reverse engineer the circuitry on an old graphics card so that they can recreate a program that operates just like that. I’m like, this is all the same stuff on some level and I find that very, very fascinating.

[00:24:55] CG: For sure. I feel like also, I mean, maybe I'm getting into this as well, because I'm at a point in my career where maybe I'm getting bored a little bit with what I already know, and I feel like when you're an engineer and you just want to keep learning, then I guess my way now is to get into this and be like, “Oh, now it’s like everything I need to learn, everything you don't know that much.” It's always chasing that feeling of learning something new. Yes, people sometimes do that with hardware and everything. I guess, it’s a – yes, that’s why I do it.

[00:25:35] MB: Yes, definitely. So, I guess what I'm curious about is like pie in the sky, if there was any end result for you from finishing this study, what do you think you would end up doing with your computer, sorry, computer security learnings?

[00:25:49] CG: I mean, maybe one day, I would love to be a penetration tester. So really, either as a consultant or something, but really go and help companies test the systems and try to break them and then write reports and be like, “This is what's going wrong and this is how you could fix it.” I think that, in general, I like to help people. So, I think it would be either that or educating in cybersecurity. Obviously, there's a little bit of part of me that like, “Oh, I'd like to do bad stuff.” But I probably would never. 

[00:26:21] MB: We just can’t admit to that on the air. 

[00:26:25] CG: I usually do it like on myself. So, in my own network, or with my own devices, this is what I've been doing so far. Not because, I'm not interested in stealing money from people or anything, but just understanding how things are run. Sometimes, to understand and help protect people, you also have to learn how the bad exploits work. So, it's a mix of these, but definitely, I would love to have access to, other systems that I can do penetration testing on. Because if I do it at home, on myself, I'm obviously very limited. It would be like, just a little home network. I wouldn't really be able to do that much. But if you're helping a company as a consultant, then you will be able to really look at companies of various sizes, and try to protect them against cyber security.

So, either that or what is called a threat hunter. Looking at all of the data that is coming. If you work for a company that has a lot of clients, you can look at all of the data that they're gathering, and you can try to find threats of different, like, are they being attacked right now? What kind of factor is it? Do we recognize a pattern that is coming up from like Russia or China? Or what kind of exploit is it? Does it have some kind of signature that makes it look like, I don't know. I forgot the names of famous viruses. But you could look at a lot of data and try to figure out who's been attacked by what.

Yes, I don't really know exactly how that world works, so maybe the way I just described it is not correct. But it looks like that's what they do, and I think I'm just interested in – I feel like having the role of like, I'm here to try to protect you is something that I like. It’s using technology and your knowledge. You're able to analyze things and protect people so that they don't have to care about it.

[00:28:23] MB: Sure. Use your wisdom, for good. 

[00:28:25] CG: Yes. I feel, it's something that I've always tried to do in my career, but it's actually hard to find a company who says that they want to do good and who actually does it. Usually, we want to do good, and then you work, and you work for a bank or something. Yes, this is where I would like.

[00:28:42] MB: Yes. Well, you're definitely the hero we need in that sense, Charlie. I admire your drive towards that.

[00:28:48] CG: Well, I mean, with the knowledge I have, I'm not going to protect much. But I'll get there. I'll get there. But yes, it's something I feel like if you can mix your knowledge of technology and help people in a good way, then I feel like it's something that would make me want to go to work every day.

[00:29:07] MB: Yes. Now, you're a few months into this. You started, I think, you started the beginning of this year. Your background prior to this was almost exclusively in web development stuff. But you've already mentioned that you've been exposed to some social engineering things, some hardware vulnerability things, with network cables and patch cables and things like that. I think I saw recent some blog posts that you're almost literally studying like electrical engineering, like talking about Ohm’s Law and stuff like that on your website. Have you found already that there are areas that you would like to explore, maybe that you're more interested in that are surprising to you?

[00:29:44] CG: Well, there is something at the moment that I've wanted to look more into, and I'm struggling a little bit because I don't find many good resources for my level. It's around software defined radio, and the radio spectrum, and being able to analyze that, and do what is called digital signal processing. When I look, when I try to find resources, I feel like they're often explained for people who already have a degree in this. So, I wish I could find a resource where it's very like beginners, and actually, I think that knowing No Starch Press has a book coming next year about software defined radio. As soon as it's out, I'm going to try to get it.

But it's something that I've been getting into when I did my project about like tracking airplanes, but there's a lot more that you can do, and I feel like I'm blocked because I don't have enough knowledge in this. It can also relate to cybersecurity, because you can do things like replay attacks where you record a signal from a receiver, or like a transmitter, and you just replay it to – it can be used to open garage doors, or something like that. But it's something that I have no background in at all. I've been I've been trying to get into this, so it's been on my backlog for a while. At the same time, I want to get my amateur radio lessons and be with my little radio and like, “Deet, deet, deet.” Have a callsign and see if there's anybody around Melbourne. I feel like maybe studying to get my amateur radio license would help me understand also how this works. Yes, there's a lot that you can do with this as well. But it's so different, because I mean, you're really dealing with radio frequencies, and yes, I don't really know that much about it. I just know that I'm interested. So, I’ll get in there, eventually,

[00:31:39] MB: I think it’s one of the fascinating things about the world that surrounds us is that radio, communication, and broadcast information through the air is like we are currently and always surrounded by information flying around and through us, like literally through your body.

[00:31:58] CG: I mean, it's amazing. We don't think about it, but I'm always – sometimes I put it like, “Wow.”

[00:32:04] MB: Yes, it's there, and we just don't know about it. I think that's really cool and super interesting. Have you happened to fall down the Internet rabbit hole of reading about numbers stations? 

[00:32:15] CG: No.

[00:32:15] MB: Charlie, this is going to be one of those things that I think sends you to a spiral.

[00:32:18] CG: Oh, it’s going to be my day today. 

[00:32:19] MB: This is like an old, I think, as far back as maybe like World War One spy thing, where like, there are these radio stations that exist in the world that just broadcast repeated recordings of someone reading numbers. It would be like just a random string of numbers and you'd hear like the same voice saying like, 10, 5, 16, 34. The idea is that these are things that exist as one-way ciphers for people who need to listen the information from their central, sort of, whatever, wherever intelligence is coming from. So, if Charlie the spy was in the middle of the Australian Outback, and you knew to tap into this station, and people wanted to send information to you, they could send you a message, and you would know how to decipher it based on like listening at a certain time of day, and listening for a certain start and end sequence. These are things that you can just listen to. They're all over the world. There's great websites that catalogue where they all exist. Some of them are like the use of them is known or speculated. Some are literally unknown. Some go silent for years on end, and then come back for a few seconds and it’s like –

[00:33:21] CG: That's so cool. I think, it's like in the news recently, they were talking about researchers who found a signal from space that was repeating every 20 minutes or so. I don't know if it was minutes. But it’s like, you don't know, because if you don't have the right equipment, and code, whatever to listen in, then things happen around you that you have no idea about.

[00:33:44] MB: It's definitely the case where it's like, the more you learn about how the world operates, the more paralyzing the complex everything is, but also, deeply fascinating too. There's a lot of opportunity to teach people that if you know just a tiny bit more about how the world around you works, you can protect yourself from other things and also just maybe be ready for, I don't know, the ambiguity of an ever-changing universe that we seem to be hurdling through anyway.

So, let's pull back a little bit. You're in between gigs right now figuring out the joyousness of citizenship and visas and all that other stuff. What do you have going on right now apart from your studies? Are you traveling at all? Are you headed to conferences, anything like that?

[00:34:25] CG: Yes. So, I will be at [inaudible 00:34:27] in a few weeks. I think it's on the 11th and 12th of September. I think for the end of the year, that's going to be the only conference that I go to because again, when you start a new job, I don't want to start and right away be like, “I’ll be away. Bye.” But I have a few conferences next year as well. In terms of conferences, that will be it. I don't know when this episode will be out, but if anybody's in Melbourne and want to hang out, then my DMs are open, I guess.

[00:34:58] MB: Yes, for sure. Where's the best place to find you online?

[00:35:02] CG: I mean, at the moment, it's been difficult. I mean, I would say I still sometimes check Twitter. I don't know for how long. I don't really post anymore because at the moment, I feel like I don’t have much to say. But yes, my DMs are open on Twitter. So, I'm @devdevcharlie, but otherwise, I'm also on Mastodon on Bluesky. Usually, if @devdevcharlie’s available, then that's me. So, otherwise, email me. You can find it on my GitHub. Charlie Gerard. 

[00:35:33] MB: Yes. Well, I'll make sure to drop all of the Charlie links in the show notes, so that anywhere where someone might want to find you, they can.

[00:35:40] CG: Yes. Actually, I've been trying to learn German as well. So that's like a non-technical thing at all. I was thinking, “Well, I've been building a few weeks. So maybe, I'd love to try to at least order something in German.” I've tried in the past. But I think, if you don't, you should not practice, then you kind of lose. So, I'm going to see how much I can learn by mid-September.

[00:36:01] MB: Yes. Got it. So, how many languages do you speak right now?

[00:36:06] CG: English, French and Spanish. I've lost a lot of it, but I can still –I can understand it. But if I had to have a conversation, it would take me a long time to say the right words and stuff.

[00:36:18] MB: Sure. I want to throw German on top, too. That's great.

[00:36:20] CG: Yes, I love languages. It's just like programming languages. It's like you learn the syntax and how to use them. What I love is that there's obviously culture that goes into it as well. Sometimes we can't make the same jokes in French as in English, because something's just not funny in certain languages. There's a lot of context and I love thinking about that, because it tells you a lot about the history of the people in that country. Yes, it's just as interesting as programming languages.

[00:36:50] MB: Sure, yes. Without a doubt. Okay, I've been trying to end my interviews lately with a couple of questions that are more about like telling me more what sort of things you're thinking about, and maybe the media you're consuming. So, I'm curious if you have, maybe a YouTube channel or a podcast or a book or something like that, to recommend for people that's been sort of occupying you lately. Where's where somewhere you would point someone to?

[00:37:13] CG: Right now, I'm learning how computers – I mean, I'm learning – I'm reading How Computers Really Work by Matthew Justice. It's more of like a reminder of things that I kind of already know. But I mean, I'm at the beginning of the book. So, I'm hoping that by the end of it, there will still be little gems of things that I don't know, but it's really well written. I picked it up because I feel like for a while, I didn't want to read technical books, because they felt pretty dry. But I love the way that the author is actually explaining things, and there's exercises, and it's kind of making me like technical books again, and it makes me feel like I want to buy more of. It's like a No Starch Press book as well, and I really like what they – the type of books that they have. It makes me want to pick up other ones. And I'm thinking that maybe learning things with books is probably better. Sometimes I struggled to find tutorials that go in depth enough, or that are talking about the topic that I really want to learn. Right now, I'm reading this in terms of like technical stuff.

[00:38:15] MB: Cool, right on. That's a great recommendation. How Computers Really Work. I'll dig up a link for that as well and drop it in the show notes too.

Charlie Gerard, I am so, so grateful to get to hang out with you and spend some time with you. Please come back and hang out anytime if you want to come and talk about what you're working on, what you're not working on, what's frustrating in the world. Whatever it is, we can always catch up. Thanks so much for hanging out today. We appreciate you being a guest. Let's do it again soon.

[00:38:40] CG: Thanks for having me.

[00:38:41] MB: Right on. Thanks, Charlie.

[END]