The Laravel Podcast brings you Laravel and PHP development news and discussion. Season 5 consists of Matt Stauffer interviewing the creators of the most popular packages in the Laravel ecosystem.
Interview: Snipe, AKA Alison Gianotto
An interview with Alison Gianotto / Snipe, creator of Snipe IT
Editing sponsored by Larajobs
Transcription sponsored by GoTranscript.com
[music]
Matt:
All right, cool. All right. Welcome back to the latest episode of Laravel Podcast. It's been a little bit of a break for those of you who tune in to every new episode, but I've got another great interview here. As with every single one, I'm interested and excited to introduce someone to you. Some of you have heard of before, a lot of you might not know that she actually works in Laravel. Either way, it's going to be great.
This is Snipe. Although in my head, you have been Snipeyhead because I feel that's been your Twitter name for a while. Real name, Alison Gianotto, but I'm probably just going to end up calling you Snipe for rest of this call. Before I go in asking you questions, the first thing I want to do is just I always ask somebody, if you meet somebody in the grocery store who you know isn't technical at all, and they ask you, "What do you do?" What's the first way you answer that question?
Snipe:
I say I work with computers.
Matt:
Right, and then if they say, "My cousin works with computers and whatever." Where do you go from there?
Snipe:
Well, it depends on their answer. If they say, "Do you fix computers?" I'm like, "Not exactly." If they say, "Really? What type of computer work do you do?" I say, "Well, I'm a programmer." They're like, "So you make games?" "Well, not exactly." If they say something like, "Mobile apps or web? What languages?" Then I'm like, "Okay, now I can actually have a conversation." I don't do it to be disrespectful to the person asking. It's just confusing to them, and so I like to keep it bite-sized enough that no one gets confused.
Matt:
If you talk to a grandma in a store who doesn't have much exposure with computers, and you say, "Well, I work in InfoSec with blah-blah-blah." Then she's going to go, "Huh?" I totally hear you. If somebody does ask and they say, "You know what? I actually work in Rails," or, "I know what a framework is." How do you answer someone when they are more technical? Let's say, somebody-- You understand that this person is going to get all the names that you drop. Where do you go from there? How do you tell someone about what you do?
Snipe:
I actually usually say that I run a software company. I say, "I run a small software company that basically works on open source software." Usually, they look at me like, "How do you--"
Matt:
How do you make money?
Snipe:
Literally makes no sense.
[laughter]
Matt:
Which is where we're going to go. Let's actually go there. Snipe-IT, it's a company that has an open source product. I'm guessing that you make your money by paid support plans and hosting plans. Right? Then you also have the whole thing available for free in open source?
Snipe:
That's correct. Yes.
Matt:
Could you give us a little pitch for anybody who doesn't know what Snipe-IT is, and what it does, and who it's for?
Snipe:
I'm so bad at this. I'm the worst salesperson ever.
Matt:
Well, I'm helping you grow.
[laughter]
Matt:
Thirty seconds or less.
Snipe:
If you have any kind of a company and you buy assets like laptops, or desktops, or monitors, you need to keep track of them and you know who has what, what software is installed on what. Then usually I'm like, "I've got this nailed. I've got this nailed." Then I end up saying, "It's not a very sexy project, but people need it." [chuckles]
Matt:
Right, right, right. You have to justify yourself in your sales.
Snipe:
I know it. I really do. I'm really the worst at it. People get really excited. We're going to DEF CON this year like we usually do. I'm actually bringing my whole crew.
Matt:
Cool.
Snipe:
Because I really want them to be able to experience the way people react when they realize that we are Snipe-IT because they just get so excited. I've had people run across the conference floor to give me a hug that I've never met.
Matt:
Wow.
Snipe:
It's really cool. There was another time I was talking to, I think, YTCracker on the conference floor. He introduces me to one of his friends. He's like, "Yes, she's got a IT asset management software." He's like, "Really? I just heard about one of those. That was really great." I know exactly where this is going. I'm watching him look at his phone. He's like, "Yes, I just heard about it. It's really amazing. I think through your competition." I'm just sitting there smirking and I'm like, "Okay." Totally, I know exactly where this is going, but I let him spend five minutes looking it up on his phone. He's like, "It's called Snipe It?" I just look at him like, "Hi, I'm Snipe."
[laughter]
Snipe:
It was actually wonderful.
Matt:
It's one of the benefits not just of having the company, but actually naming it after yourself. You're like, "No. I'm actually the Snipe. That's me."
Snipe:
I'm excited to bring my crew out to DEF CON this year so they can really get to experience that first hand. Because like anything else in open source and in company support in general, a lot of times, you only hear the negative stuff. You hear about when something is broken or when something doesn't work exactly the way they want it to work. To actually get just random people coming up-- I'm getting us swag. I'm getting us t-shirts printed out. I'm super excited.
Matt:
I love it. There's nothing like having the opportunity to see the people who love what you're doing to really motivate you to go back and do it again. I hear that, for sure.
Snipe:
Definitely. Open source can be really tough with that because for the most part, the only thing that you're hearing is, "It doesn't work," or, "Why doesn't it do it do this thing?" Or people telling you how they think your software should work. To just get basically unbridled love, it really recharges me. It makes me want to work on a project even harder.
Matt:
Plus, the phrase unbridled love is just fantastic.
[laughter]
Matt:
It should be in our lexicon more often.
Snipe:
I agree.
Matt:
It's asset management software. I'm imagining I've got a 500-person company, and every single person gets issued a laptop within certain specs. After it's a certain amount of time old, then it gets replaced. We're going to make sure they have the latest build of whatever, Windows and the latest security patches, and that kind of stuff. It's at the point where you don't have-- My company has, I think, 17 people right now. There is just a spreadsheet somewhere.
This is when you get to the point where a spreadsheet is really missing people. People aren't getting their upgrades. People don't have security updates. My guess was the reason there was InfoSec involved in this at DEF CON is because security updates is a big piece of why that's the case. Did I assume right? Could you tell us a little bit more about how InfoSec and security are related to what you're doing here?
Snipe:
You're kind of right. We don't currently have a network agent, so we don't have anything that listens on the wire. We do have a JSON REST API, though. Basically, we're now working with folks like Jira, Atlassian, and we're going to be working with a JaMP API to try and basically make that stuff easier. I feel like its out of scope for us to try and build another networking agent, but we have an API.
If we can just build those bridges, then it just makes it a little bit easier. Ultimately, in terms of security, the real reason why I think people in InfoSec appreciate this tool, especially given the fact that we don't have-- And some people in InfoSec actually like the fact that we don't have a monitoring agent because that actually becomes a separate problem in and of itself. Let me give you a backstory on why I created this in the first place.
Matt:
Please do.
Snipe:
Maybe that'll help explain a little bit more. I was the CTO of an ad agency in New York City. We had grown from-- I think I was employee number 12, and we were now at 60 something people. We were using a Google Sheet shared between three IT people, some of which were not necessarily the most diligent-
[laughter]
Matt:
Sure.
Snipe:
-about keeping things up to date. Basically, when you've got a single point of truth that is no longer a single point of truth, it becomes a bit of a hellish nightmare. Additionally, if you're repurposing-- Because it's an ad agency, so you have a lot of turnover. You don't have any history on any particular asset if this asset is actually bad. If the hard drive on this is actually just bad and should be replaced. If this is bad hardware, then we should consider just unsetting it, and getting a brand new box, whatever.
We had to move offices. We were moving our main office and also our data center. Of course, when you're trying to move a 60-person company, and servers, and everything else, the very first thing that you have to do is to know what you have. That was an enlightening experience. It basically turned out that we had about $10,000 worth of hardware that we just didn't know where it was anymore.
Matt:
Wow.
Snipe:
People got fired. This is basically before I was a CTO and before I had set up the exiting process. People had been fired or had quit and just taken their laptops with them. That's got company data on it. That was a huge, huge issue for us. I was like, "Okay, we need something that we can integrate into our exit strategy or exit process to make sure that we're reclaiming back all of the data that--" Because some of those stuff is client data. It's actually really sensitive from a corporate perspective. Also, sometimes it's customer data. It was really important to have a way to handle that a bit better. That's it.
The asset part is the most important part of that software. We do have support for licenses where the cloud offering portion of that is not as fully developed. We're going to be building in a services section soon. That will describe, for example, if you had Snipe-IT as a vendor, where would we fit in this ecosystem for our customers? We don't actually have a good answer for that. We're going to be building out a services section that lets you know how much money you're paying every month, how many seats you have.
Matt:
That's great. That would cover not just global stuff, but also individual subscriptions like Adobe and PHP--
Snipe:
Sure, sure.
Matt:
Cool. That's awesome.
Snipe:
Licenses are really hard. They're hard because you can have-- One of our customers actually has a hundred thousand licenses.
Matt:
Oh, my Lord.
Snipe:
Because you've got this notion of a software license and then a bunch of different seats. There are some licenses that have one seat, and only one seat they only ever will. Then there are ones that have tens of thousands. For example, Microsoft Suite. If you have a large company, you're going to have a lot of those licenses. One of the things I care really deeply about in Snipe-IT, and I think one of the reasons why we've been successful in this really saturated marketplace, because it is a really saturated marketplace, is that I care a lot about the users' experience.
I know, for example, that our licenses section, the UI on that, the UX on that is not as optimized as it could be. That will be the next thing that we're really tackling is because it is a popular section. It's one that because of the nature of the variability of licenses, makes that a really tricky UX problem to solve. That's one of the things that I love about this work is getting to solve those kinds of problems.
Matt:
You're just starting to make me interested in this which means you're doing your job of the sales pitch. You said you got something you're super comfortable with.
Snipe:
[laughs]
Matt:
I always struggle-- Somebody made a joke and they said something like, "It's a drinking game for how many times Matt says 'I could talk about this for hours' during a podcast."
Snipe:
I did see that, yes.
Matt:
We're there already.
[laughter]
Matt:
I want to step back from Snipe-IT just a little bit. Snipe It, I want to call it Snipe It now that you said that.
Snipe:
Please don't call it that. [laughs]
Matt:
I won't, I promise. Think a little bit about what got you to here, and what got you to the point where you're a name and an online persona. I saw you had some interactions with @SwiftOnSecurity the other day. Everyone got all excited seeing the two of you interacting. What was the story? I want to eventually go back to when you got into computers in the first place. First, what was the story of the process of you going from just any other person on the Internet, on Twitter, on GitHub, or whatever to being a persona that is relatively well-known across multiple communities?
Snipe:
I can't really answer that for you because I don't really understand it myself. Other than lots of poop jokes--
Matt:
It's the best.
Snipe:
Yes. [chuckles] I think, probably, I've been on Twitter for a while. Also, I was on IRC for a long time. I think I'm still an op in the ##php channel on Freenode, although I don't visit there as often as I used to. I was really involved in that as I was learning PHP, and as I was helping other people learn PHP. I don't know. I've always been a mouthy broad, and I think that's probably worked because whether you like me or not, you remember me. [laughs]
Matt:
Yes, for sure.
Snipe:
I'm doing my very best to not swear on your podcast, by the way. I've caught myself at least five times that I'm like, "No, no, no." [laughs]
Matt:
If it happens, it happens but I appreciate it.
Snipe:
I'm doing my very best. I'm at a conference--
Matt:
Broad was a good one, yes. All right, exactly.
Snipe:
Yes, I know. Yes, exactly. I was like, "B-b-b-broad."
Matt:
[laughs]
Snipe:
Which is an offensive term in and of itself, but it's still-
Matt:
We toned it down a little.
Snipe:
-better than the alternative, I think.
[laughter]
Matt:
I love it.
Snipe:
I'm trying my best here, Matt.
Matt:
I appreciate it very much. Was it in the world of PHP? First of all, I heard longevity. I've been here for a while. That's always a big win. Poop jokes, that's also obviously big win. Give the people what they want.
Snipe:
I don't know if I can say dick jokes on your podcast.
Matt:
Well, you did. There we are.
Snipe:
Dick jokes are definitely big part of my repertoire. [laughs]
Matt:
Yes, I know. Being an interesting person, having been around for a while, but was it in PHP, and teaching PHP, and being around in the PHP world for a while, was that the main space where you came to prominence versus InfoSec, versus being open source business owner? Was it primarily in being a PHP personality where you came to at least your original knownness?
Snipe:
I think probably. Probably, yes. When I grab onto something, I don't let go of it. I've been doing some Perl work. I've probably started with Perl, but that was back in the days when I ran Linux as a desktop on purpose. [laughs]
Matt:
Oh, my goodness.
Snipe:
I was writing some Perl stuff. Heard about this this crazy thing called PHP which looked way easier and was way more readable, and ended up writing some-- Now, terribly insecure. I know this now, because it's like 2000, 2001, something like that. Which is for going back a ways. I had just started to put out stupid scripts like e-card scripts and things like that, because they served the need that I needed to have filled. This is a well-known secret, but I worked Renaissance Fairs for a very long time. I was guild member number four of the International Wenches Guild.
Matt:
What?
Snipe:
Yes. That's not even the most interesting thing I can tell you. Anyway, I was running their website Wench.org which now looks terrible because Facebook took over that community. I used to have interactive like sending roses to each other. Because in the Renaissance Fair community, different rose colors have different meaning. It's basically like an online greeting card thing with these built-in rose color meanings.
You could pick different colors of roses and send them to people that you liked, or people you didn't like, or whatever. Having this playground of a huge community of people who-- Basically, I would post to the forums. I'd say, "I'm thinking about building this. What do you guys think?" By the time they actually answered me, I had already built it anyway. I was just like, "This looks really interesting. I want to see if I can do this."
Matt:
To do it, yes.
Snipe:
Yes, exactly. It was really, really cool to have access to, basically, a beta-testing community that was super excited about anything that I put out. It definitely stoked the fires for me, stretching and doing things that I may not have done if I didn't have a reason to do it before.
Matt:
Well, I love how much passion plays a part there. Not this ill-defined like, "I'm passionate about programming. That means I spend all my free time doing it," but more like-- I've noticed that a lot of people who are a little bit older had PHP-- Actually, just developers in general which is quite a few people I've had on the show.
Snipe:
Are you calling me old?
Matt:
Me too. I'm in the group too.
Snipe:
Are you calling me old? Oh my God. That's it. This interview is over.
[laughter]
Matt:
You're going to burn the place down. I think those of us who started back when becoming a programmer wasn't necessarily going to make you big and rich. There's a little bit of that idea today. Go do a six-month boot camp, and then you're going to be rich or something. I think when a lot of us started-- I'm putting myself in that bucket, in the '90s and the '80s. When we started, it was because it was something that allowed us to do things we couldn't do otherwise. I don't know your whole back story, so I want to hear it, but a lot of the people I've noticed, "I was in the dancing community. I was in the video game community. I was in the Renaissance whatever Fair community."
Snipe:
I used to work on Wall Street. That was what I was doing before I got into computers. [laughs]
Matt:
Okay. Well, before I talk anymore, we need to talk about this. Tell me the story. Tell me about Wall Street, and then tell me when did you actually first get into computers?
Snipe:
I left high school. I was living with my sister in a tent in Montana for about nine months. Then it got too cold, our toothpaste started to freeze during the day. We were like, "F this business." We went down to Colorado because we'd met some friends at Colorado School of Mines. Stayed there for a little bit. Came back to New Jersey, and was like, "Well, I don't want to go to college. I also don't have any money for college." [laughs]
There's that. I ended up waitressing for a little bit. Was waitressing, wearing my indoor soccer shoes, because I was a soccer player for 13 years. The coach from Caine College came in to eat at my restaurant. He looks at me with disdain and he goes, "You actually play soccer with those, or are they just for fashion?"
Matt:
Oh, my goodness.
Snipe:
I'm like, "Bitch, I was All-State. What are you talking about?"
[laughter]
Snipe:
He's like, "Do you want to go to college?" I'm like, "I guess." He invited me to go to Caine College where I studied education of the hearing impaired for exactly one semester.
[laughter]
Snipe:
I was like, "Holy crap. This is so boring. I can't do this." Not the education of the hearing impaired part.
Matt:
Just college.
Snipe:
Yes, it just wasn't my jam. I was like, "I want to move to New York." I moved to New York City. I pick up a paper, and I'm like, "Okay, I'm super not qualified to do any of these things." Basically, I was a leatherworker at a Renaissance Fair. I'd done makeup work for the adult film industry. I'm like, "Um." Of course, the easiest way to Wall Street is sales. I had the most grueling interview I've ever had in my life, because I didn't know anything about real sales compared to retail.
I remember sweating so hard. I'd just dyed my hair back to a normal color. You could still see a little bit of green in it, and I'm wearing my sister's fancy, fancy suit. I have no idea what I'm actually going to be doing there. It is literally out of Glengarry Glen Ross, high-pressure sales that they're expecting from me. I'm like, "I'm 17, 18 years old. I have no idea what I'm doing." I managed to pull it out. At the very last minute, I got the job.
Matt:
Nice.
Snipe:
Was working at a place that did forex futures. Then they went out of business because the principals moved back to Argentina with all of our clients' money. That spent a little bit of time in the attorney general's office, making it really clear that we had nothing to do with it.
Matt:
At least it was there and not jail.
Snipe:
That's absolutely true. It's not that uncommon that the main traders are the ones that actually have the access to the real money. Then we started working at a stock shop. I realized I was working until six, seven o'clock at night, busting my ass all for lines in a ledger. I was actually pretty good at that job, but I also caught myself using those creepy, sleazy sales techniques on my friends and my family. When you catch yourself saying, "Well, let me ask you this." You're like, "Ah, ah."
Matt:
"I hate myself. Oh, my God, what am I doing?"
Snipe:
I know. I just realized that I hated myself, and that I didn't want to do it anymore. I quit my job. I had a boyfriend at that time that had a computer. That's pretty much it. I had done some basic programming, literally BASIC programming in high school.
Matt:
Like QBasic?
Snipe:
Yes. BASIC in high school. In fact, funny story, when I wrote my first book-- I almost didn't graduate high school because my parents were getting divorced, and I just checked out. I was good in all my classes, I just checked out. I had to pass a computer programming class in order to graduate. My teacher, who was the track coach as well, Coach Terrell, he knew me from soccer. He calls me into his office.
He's like, "Alison, I've got to tell you. You just weren't here, and you know that if you don't show up, I penalize you for that. Did really well on all your tests, but attendance is not optional in this class. I just don't think I can pass you." I'm like, "I'm not going to graduate then." He's like, "All right. Well, the thing is that when you're here, you do really good work. I'm going to let you go this time, but you've really got to get your shit together."
Matt:
Wow.
Snipe:
When I published my first programming book, I sent him a copy.
[laughter]
Matt:
That's awesome.
Snipe:
I wrote on the inside, "Dear Coach Terrell, thanks for having faith in me." [laughs]
Matt:
That's amazing, and you know he has that sitting on the shelf where everyone can see it.
Snipe:
Yes, yes, yes.
Matt:
That's really cool.
Snipe:
That was really nice of him. [laughs] My life would have had a slightly different outcome if I'd had to take some more time, and get a GED, and everything else just because I didn't show up to my programming class.
Matt:
Wow.
Snipe:
Anyway, I left Wall Street because I had a soul, apparently.
Matt:
Turns out.
Snipe:
It turns out, "Surprise." I totally still have one.
[laughter]
Matt:
It's funny because you're telling me this whole story, and what I'm seeing in front of my face in Skype is your avatar. For anyone who's never seen this avatar, it's got a star around one eye, smirky, slanty eyes, looking down where you're like, "I'm going to get you." It's funny hearing you tell this story, and just the dissonance is so strong of seeing that, hearing your voice, and then hearing you talk about being on Wall Street. Obviously, I'm looking back. Hindsight is 20/20, but seeing this story turned out the way it has so far does not surprise me, looking at the picture of you that I'm looking at right now.
Snipe:
Mohawk people have souls too.
Matt:
It turns out, yes.
Snipe:
I got that mohawk as a fundraiser for EFF.
Matt:
Really?
Snipe:
I raised like $1,500 for EFF a bunch of years ago.
Matt:
You just liked it and kept it?
Snipe:
Yes. Once I had it, I was like, "Wait a minute. This completely fits me. Why did I not have this my entire life?"
Matt:
That's awesome.
Snipe:
Yes, there was a good reason behind it.
Matt:
Honestly, what I meant is actually the inverse which is that I associate having the soul-- When you imagine a soulless, crushing New York City job where you hate what you're doing, you don't usually associate it with the sense of owning who I am and myself that is associated with the picture I'm looking at right in front of me. Your boyfriend at that time had a computer, you actually had a little bit of history because you'd studied at least some coding. You said primarily and BASIC in high school. Where did you go from there? Was that when you were doing the Renaissance Fairs, and you started building that? Or was there a step before that?
Snipe:
No. Remember, this is back when the Web-- I'm 42.
Matt:
I wasn't making any assumptions about what the Web was like at that point.
Snipe:
I think there might have been one HTML book that was about to come out. That's where we were. If you wanted to do anything on the Web, you basically figured out how to right-click-
Matt:
View source them.
Snipe:
-and view source, and you just poked at things until they did what you wanted. There was no other way around that. I realized that I really liked it because it let me say what I wanted to say, it let me make things look-- For what we had back then, we didn't have JavaScript, or CSS, or any of that stuff.
Matt:
Right. Use that cover tag.
Snipe:
Yes, exactly. It was enormously powerful to be able to have things to say, and put them out there, and other people could see it. Then I just started to freelance doing that. I was also doing some graphic design for one of those-- It's like the real estate magazines, like Autotrader type of things but for cars. I used to do photo correction for them using CorelDraw, I think it was.
Matt:
Oh, my gosh, that's a throwback.
Snipe:
Yes. I'm an old, old woman.
[laughter]
Matt:
I've used CorelDraw in my day, but it's been a long time.
Snipe:
Our hard drives would fill up every single day, and so we'd have to figure out what had already gone to press that we can delete it off. Basically, Photoshopping, to use Photoshop as a verb inappropriately, garbage cans and other stuff out of people's black and white, crappy photos. Because he was nice enough to give me a job. I offered and I said, "You know, I can make you a website." He's like, "Yes, the Internet's a fad." I was like, "I'm just trying to build up my portfolio, dude, for you for free." He's like, "Yes, yes, yes, it's not going to stick." I'm like, "Okay." [laughs]
Matt:
All right, buddy.
Snipe:
That's where it started. Then I think I moved to Virginia for a short amount of time, and then Georgia. Got a job at a computer telephony company where I was running their website, and also designing trade show materials like booths and stuff, which, by the way, I had no idea how to do. No one was more surprised than I was when they took pictures of the trade show and the booth actually looked amazing.
Matt:
That should look good.
Snipe:
I was like, "Look, yes."
Matt:
"Hey, look at that."
[laughter]
Snipe:
That's very, very lucky. There was definitely a lot of fake it until you make it. Also, I've never designed a trade show booth, but trade show booths do get designed by someone, and at least a handful of those people have never done it before.
Matt:
Right. I'm relatively intelligent person, I understand the general shape of things.
Snipe:
Yes. Get me some dimensions, I'm sure I could make this work.
Matt:
What is the DPI thing again? [chuckles]
Snipe:
Yes, exactly. That was exciting and fun. Then I moved back to New York to teach web design and graphic design at an extension of Long Island University.
Matt:
Cool.
Snipe:
Yes, it was actually very, very cool. The school was owned by these two teeny-tiny Israeli ladies. They were absolutely fabulous. It was kind of a crash course in Hasidic and Orthodox Jewish culture. It was in Flatbush, so basically, 90% of my students were Hasidic or Orthodox. I think I broke every rule ever. The two owners of the school would just look at me and laugh. They wouldn't offer me any guidance. They just liked watching.
Matt:
Well, it would be awkward. Yes.
Snipe:
Exactly. I'm like, "Why would you do that to me?"
[laughter]
Snipe:
They're just laughing. I could hear them laughing from upstairs-
Matt:
That's hilarious.
Snipe:
-when they knew I was putting my foot in another cultural mess. That was really, really fun. I learned a lot from that. I learned a lot about teaching. I even got to have a deaf student one time, which was great, except I didn't know-- I used to know or still know American sign language, but when I learned, there weren't any computer-related signs.
It was actually a weird barrier that I hadn't thought about.
We're like, "Okay, I can sign as I'm talking," but then I'm like, "Wait, do I have to spell all this stuff out every single time? I have no idea." That was cool. Then I started just doing HTML for a company called Cybergirl, which is not a porn site. I always have to clarify that. Not that there's anything wrong with porn, but it was not, in fact, a porn site. It was an online women's community.
Matt:
Cool.
Snipe:
They weren't really super profitable in the community itself, so they had a separate part that did websites for clients. I was put on to work mostly with their clients. They had stuff written in ASP, ColdFusion. Because the people who had designed it weren't there anymore, I basically had to learn all of these languages. Also, we only had a part time sysadmin, so when we'd hire someone new, I'm like, "I guess I'm creating email accounts for people now." I became a stand-in for a lot of different roles. Got to play with a lot of different languages, some of which I liked vastly better than others. ColdFusion? Really? [laughs]
Matt:
ASP wasn't that bad. There was worse things than classic ASP.
Snipe:
Yes, there are. That is a thing that could be said. That is an opinion one might have.
[laughter]
Matt:
Trying to keep a positive spin on it.
Snipe:
I would say that all of these languages, the ones that are still around, have come a very long way since then, including PHP.
Matt:
Yes, yes. .NET is not a classic ASP. PHP 5, whatever. PHP 7 is no PHP 3, for sure.
Snipe:
Certainly.
Matt:
Were you using PHP at that point already, then? Was that one your--
Snipe:
Yes. That was one I was-- Because I'd already done some Perl stuff, and it just wasn't that hard. One of our clients had a website, I think it was The Bone Marrow Foundation, had their website in PHP. That forced me to do a bit more legwork on it. That was the beginnings, the very beginnings.
Matt:
At that point, we're probably talking about single-page PHP files for each page. At the top, you've got a common.inc that you're doing your database connections. Then below that, it's just a template, right? Okay.
Snipe:
Functions.inc and usually some sort of PHTML. [laughs]
Matt:
God, PHTML, yes. Okay, all right.
Snipe:
I told you, I am an old, old lady.
Matt:
Honestly, we worked on a site that still used PHTML and things like four or five years ago. I was like, "I didn't even know that PHP parser is still allowed for this." Apparently, some of these things still stick around.
Snipe:
Whatever you set as your acceptable file formats, it'll parse.
Matt:
Yes, you can make it happen.
Snipe:
I can have a .dot site file extension if I wanted to.
Matt:
I like that idea now. Jeez. When was the transition? What were the steps between there and ending up where you are now? Are we still many steps behind, or did you get out on your own pretty quickly after that?
Snipe:
I was doing some contract work. Thanks to a friend that I'd met through IRC. I was doing some contract work for a company out in San Diego. They were an ad agency. This is the beginning of the days when marketing companies were trying to own digital, and they were trying to build up their digital departments. They moved me out there because they're like, "You're amazing, so come on out here and build up our team." I did. I built up their team. We had some really cool clients. We had San Diego Zoo, San Diego Padres, California Avocado Commission. At that time, I didn't like avocados. I was giving away free avocados that I did not like.
Matt:
[chuckles] Oh, no. That's so good.
Snipe:
I hate myself now for knowing how many avocados I could have had. [laughs] I got to build lots of custom web apps, all the database-y stuff. That was really fun. I left there, started my own web design company for lack of a better term, where I was basically using PHP, but also pretending like I knew how to design anything at all. Sorry, hang on. Incoming call. Building my own custom applications for people. None of it is really that fancy, but whatever. That was fun. Then I broke my foot. This is before the ACA, and so I had no insurance. Thousands of dollars and a spiral fracture later, I'm like, "Maybe I should get a real job."
[laughter]
Snipe:
I started to work for the San Diego Blood Bank, which was a great gig. It's probably my favorite job. The pay wasn't that great, but my coworkers were great. Your hours were your hours. There was no overtime. If you had to work overtime, you got paid double time and a half, something like that. It was insane.
Matt:
Especially compared to the ad agency world, which is basically the exact opposite.
Snipe:
Yes. Yes. There's no amount of blood you can show to prove that you're loyal to that particular market. I ended up moving back to New York and ended up working for the Village Voice for a little while.
Matt:
Really? That's cool.
Snipe:
Yes, that was cool. Unfortunately, they had already been bought out by Newtimes, and so they were not the Village Voice that I grew up with, the one that warmed the liberal cockles of my heart. It was actually a crap place to work, to be honest. People were getting fired all the time. There was this one guy, he used to hang out in the archives room with an X-Acto blade and a piece of paper and would just cut at the piece of paper. He was actually scary. Everyone was afraid of him, because that's office shooter kind of crazy.
Matt:
Exactly, exactly.
Snipe:
I left there, finally, and worked for another ad agency. That's the one that I was working at when I finally started to work with Snipe-IT. Finally started to make Snipe-IT. For a while, while I was in California, the nice thing about running your own gig back then, because it was like a one-man shop, so I didn't have people that I had to worry about. I got a chance to work with tigers for about a year. It was just exhausting.
That was around the time when I was writing my book, too. Working with tigers, commuting four hours a day, coming home stinking like raw chicken and tiger pee. Then working on my book, and then whatever I can possibly eke out for customers. It was pretty chaotic and definitely exhausting, but they were good times.
Matt:
I don't want to preach too far on this, but I feel like the more of our story that takes us around different aspects of life and different experiences, the more we bring to the thing we're in right now. That's one of the reasons I keep pushing on people having histories before they came to tech or diverse histories in tech. It's not to say that someone who just graduated from college and instantly got a job as a developer is therefore now incomplete, but I think that a lot of what makes a lot of people interesting is what they bring outside.
That's true for anybody, right? What makes you different from the people around you makes you different, and makes you interesting, and it makes you have a perspective to be able to bring that the people around you don't. It sounds like you have quite a few of those, at least as you enter into the communities that I'm asking you from the perspective of whether PHP, or Laravel, or anything like that. I don't know where I'm going with that, but anyway.
Snipe:
[laughs]
Matt:
That's very interesting to hear.
Snipe:
I always say I sound really interesting on paper. I'm not really that interesting to talk to, but when you actually look at all the crap I've done, it's like, "Wow. That's kind of a lot."
Matt:
Right. That is a lot going on.
Snipe:
It's all weird. Weird stuff.
Matt:
If I remember right, the book that you wrote was a Wrox PHP book, right?
Snipe:
Yes, yes. You can still get it on Amazon, but it costs more to ship.
Matt:
Really? I got to--
Snipe:
Actually, I'm not sure. It may just be eBay. The last time I checked, it was selling for $2.95 and costs like $80 to ship. [laughs]
Matt:
Professional PHP4 Web Development Solutions.
Snipe:
Yes.
Matt:
I don't see a Mohawk. I don't know which one's you.
Snipe:
No, no.
Matt:
[laughs]
Snipe:
Yes, I know. Gosh, it's a mystery of the ages, isn't it? [laughs]
Matt:
All right. Yes. $22.99. Wow. What was your experience like writing a book? Would you do it again?
Snipe:
Possibly, but I would need a bit more written assurances up front about how-- This is a co-authored book. Basically, we were not given communication information with each other. We were writing these chapters completely independently and it sucked. I offered to set up a bulletin board just so we could-- For some reason, they didn't want us talking to each other or something. I don't know, but I was like, "Because I don't know where this chapter is going to fall, I want to make sure that I'm not rehashing a thing that's already been discussed, or touching on something that needs more information."
They never facilitated that. They actually pushed back against it. It was really frustrating. You're literally writing chapters in a vacuum that then have to be cohesive when you string them all together. I would need to know if it was going to be a co-authorship. I would need to know that this will truly be collaborative. Because the way it looks on the cover, it looks like we're all hanging out. No, I don't think I've ever spoken to those people ever. [laughs]
Matt:
Wow. Jeez.
Snipe:
It's really weird. It's really weird. I did not like that. I thought that was really just not a way to give the best experience to the reader. If I was going to collaborate, I would have to make sure that there was something like that. I've toyed with writing a couple of books over the last few years. It is also a bit of a time suck.
Matt:
Yes, it is. My perception, what I've told people in the past is that people often ask me, "Should I write a book with a traditional publisher like you did?" Because mine was with O'Reilly. "Or should I self-publish like a lot of the people in our community have?" My general perception has been, if you want to make money, self-publish.
Snipe:
Definitely.
Matt:
If you want reach that's outside of your current ability, then consider a traditional publisher. You've got quite a bit of reach and I wonder whether it's--
Snipe:
This is like 2003, though.
Matt:
I don't mean for them, but I mean now. If you're going at it now. It seems like there'll probably be less of a reason for you to do a traditional publisher at this point.
Snipe:
I don't know, though. I still kind of O'Reilly.
Matt:
You still like it?
Snipe:
Being a published O'Reilly author, I still toy with that, honestly.
Matt:
I tell people I got a degree in secondary English education, basically. This O'Reilly book is my proof that I'm actually a real programmer.
Snipe:
[laughs] You know what? Honestly, that was really important to me back then.
Snipe:
Me too, really.
Matt:
I don't know where things would have gone, I don't know if I would have-- I probably would have stuck with it because I really, really liked it. I think that gave me a bit of confidence that I really needed. Proof, again, because I didn't graduate college. I nearly didn't graduate high school because of the programming class. [laughs] It was a way for me to say not just to the rest of the world, but to myself, like, "Hey, I actually know what I'm talking about."
Matt:
You can't underappreciate just how significant that is. I love that you said it. It's not just to everybody else, it's to you, too.
Snipe:
More than anyone else, to myself, honestly. I don't care what you guys think. [laughs]
Matt:
I spent several thousand hours writing a book with a major publisher so that I can overcome impostor syndrome. It's totally worth it.
[laughter]
Snipe:
I still have it. That's a thing, I have it.
Matt:
I still have it, but maybe a little less.
Snipe:
At least if someone actually pushes the impostor syndrome too far, I'll be like, "I wrote a book. What have you done?"
Matt:
Exactly.
Snipe:
Meanwhile, I go off and rock in the corner as if, "Oh, my God. I don't deserve to be here. I don't deserve to be here."
Matt:
Exactly. It certainly doesn't make it go away, but maybe it's a tool in our arsenal to battle it.
Snipe:
That's a very good way to describe it.
Matt:
I like it.
Snipe:
I would need that to be a bit more of a tighter process.
Matt:
Well, if you decide to write with O'Reilly, I know some people. Just give me a call.
Snipe:
[laughs] I also know some people in O'Reilly.
Matt:
I was just going to say I'm pretty sure you don't need me for any of that kind of stuff. I just had to say it to try and seem like I actually matter, so this works.
Snipe:
Of course, you matter.
Matt:
I matter.
Snipe:
I got up early for you, Matt. I got up early for you.
Matt:
That's true.
Snipe:
You don't have any idea.
Matt:
That's true, this is quite early your time. I appreciate it.
Snipe:
[laughs]
Matt:
I'm trying to not talk forever. I'm trying to move us on even though I'm just my usual caveats, everyone take a drink. You eventually started Snipe-IT. I think we skipped a couple of things. We were talking about you becoming the CTO of the ad agency and being in a place where you needed to manage that kind of stuff. You started Snipe-IT.
You now have a remote team. Could you tell me a little about the makeup of your team, and what it's like running a remote team, and the pros and cons you've experienced, and anything else that you would want to share about what that experience is like for you?
Snipe:
Well, I'm really lucky, first of all, because although our team is remote, we're all also local. We can actually see each other, we'll go out and have beers when we hit a major milestone. We'll go out and have some champagne and celebrate that we do get to see each other's faces. Also, we were friends first, so that helps. It's totally, totally different. If you're looking for advice on how to run a real remote team, that I can't help you with. I can't tell you how to manage your friends through Slack, though. [laughs]
Matt:
Basically, you and a bunch of friends live like an hour driving distance to each other or whatever and choose to work from home?
Snipe:
More like seven minutes. [laughs]
Matt:
Jeez.
Snipe:
Yes, yes.
Matt:
Okay, so this is really just like, "We just don't feel like going to an office," kind of vibe.
Snipe:
It's pants, it's pants. I'm not putting on pants. I've worked too hard in my career to have to put on pants anymore. There is a reason this isn't a video call, Matt. Seriously.
[laughter]
Matt:
I wish that this was one of the podcasts--
Snipe:
I think I just made Matt blush, by the way.
Matt:
I wish this was one of the podcasts where they name each episode, because that would have been the name right there for this episode. I might have to, just for this one, just give it a name just for that. Okay. I hear you. I get it.
Snipe:
The thing is I hadn't actually planned on hiring when I did. The reality is I should have, because I was really buckling under the helpdesk. That customer support load was a lot. It was causing me a great deal of anxiety. Looking back at it now, it was really untenable. Of course, I think that I'm 10 feet tall and bulletproof, so I'm like, "I got this. I got this." Meanwhile, it's four o'clock in the morning and I can't even see straight anymore. I ended up having to hire someone for a personal reason. She's actually worked out great. She's an absolute rock star on the helpdesk. She's never worked a helpdesk before, and she owns it. It's actually really, really great.
Once I'd hired her, I think-- The onboarding takes a little bit. Especially, literally never worked a helpdesk before, so it's not just onboarding with my company, it's like onboarding the entire concept. As soon as she got her footing, she just completely handled it. It was really great. The next hire was a developer/sysadmin that I've known for a while. He is just fantastic. He's actually the harder one because he, I think, requires a little bit more structure, and a little bit more face time. I need to be better. I do. I need to be better about working with that because in my head, I'm still managing this the way that I want to be managed. I forget that that's actually not my job anymore.
Matt:
People are different.
Snipe:
Yes, people are different. Also, not everybody wants what I want. Frankly, it doesn't matter what I want. Ultimately, that's no longer a luxury that I have, caring more about how I want things to go for myself. That priority has shifted, and so I'm having to painfully learn [chuckles] that lesson. Not painfully. I love my entire team. They're absolutely amazing. I'm super, super grateful for them every day that goes by.
Every time one of them takes vacation, we all hold on to our desks. We're like, "Okay, we can get through this, we can get through this." It's a learning curve, certainly. I've run my own small business, I've run dev teams. This is a different thing though, because the reason why I wanted to make this a company instead of just running this as a side project is because I've worked for tons of shitty companies. I want to build the company that I wish I'd worked for.
Matt:
I'm so sorry for doing this, but I was doing that thing where you're hearing somebody talking and waiting for your chance to talk. I literally was about to say Dan and I, when we started Tighten, the first thing we said was, "We want to build the company we want to work for." You just said and I'm like, "Exactly." That introduces the problem you're talking about, which is you just assume everybody wants the same things you want. It also means nobody else gets to force you to put people through things that you wouldn't want to be put through. It's an incredible freedom if you can make it profitable.
Snipe:
Yes. Absolutely. Getting to institute stuff that I think is really worker-friendly. We all make our own hours. We have office hours so that when Victoria's handling the helpdesk, she's got access to the text that she needs during a certain amount of time. In general, she's got a kid. We have to have that flexibility, so that she-- Honestly, she just lets us know that she's going to pick up her kid. It's like, "Okay, cool. See you back in half an hour or whatever." Vacation, she had not had a real vacation in probably 10 or 15 years. Last year, we were like, "You are taking vacation." She kept checking into Slack. I'm like, "Girl, I will actually revoke your credentials."
Matt:
[laughs] Exactly.
Snipe:
Do not play with me.
Matt:
I love it.
Snipe:
This year, I've decided that there's two weeks basically mandatory vacation, and we're going to put $3,000 towards each person's vacation funds-
Matt:
That's cool.
Snipe:
-so that they can actually go and do something awesome, and relaxing, and not stress about money while they're there, and just get to go and actually enjoy things, and come back refreshed and ready to work. It's pretty cool being able to come up with stuff like this and really like, "What would I have needed?" Because when I was working at the ad agencies especially, I would accrue my PTO.
Honestly, that's why Snipe-IT existed. It was because I had two and a half weeks, three weeks of PTO that was not going to roll over. They made me take vacation in November. They wouldn't let me do it in December. They made me do it in November, and I was like, "Yes, three weeks of just relaxing, playing video games." That didn't work. I accidentally the product. [laughs] Now, I accidentally the business.
Matt:
That's awesome. One of the things I often talk about as an entrepreneur, as a business owner is something that I think people are scared of talking about, which is power. Because being a business owner means you get to hire, you get to figure out how money is spent, you get to figure out what pressures are and are not put in the people you work with. I call that power, but I think power doesn't have to be a scary word because, really, what matters is what you do with the power.
When we hear power as a negative thing, it is usually because the people on power are benefiting themselves. I think that something is really beautiful, and wonderful, and we need more of in the world is when we can see power as a positive thing, because people get power and then use it for the benefit of other people. I just want to applaud and affirm what you're doing, because you just described that. It's like, "I got power, and the first thing I did was work to make other people's lives better understanding what the situation that they were in was." I love hearing that. I'm really glad that we got to talk about this today.
Snipe:
Well, thank you. I'm looking forward to coming up with more stuff like that.
Matt:
I love it.
Snipe:
It's super important to me. Our customers are incredibly important to us, obviously, but my staff is as important. You can't have one without the other either direction.
Matt:
In the end, they're just both people who you work with. The hope is that you're able to make both groups of people really have lives that are better because they had a chance to interact with you.
Snipe:
Yes, absolutely.
Matt:
Okay. We are almost out of time. I asked people at Tighten if they had any questions for you. They gave me a million, and I haven't gotten any of them. They're all going to be mad at me, so I'm trying to look at the one that I could pull up that won't turn into a 30-minute long conversation.
Snipe:
I'm Italian. There is literally nothing you can talk to me about that won't turn into a 30-minute conversation. [laughs]
Matt:
All right. I'll literally go with the question that has the least words in it and see if that gets us anywhere. Coffee or tea?
Snipe:
Red Bull.
Matt:
There you go. See how short that was? All right.
Snipe:
This podcast is sponsored by Red Bull.
[laughter]
Matt:
It's so funny that it's been the thing at Tighten for the longest time, where those of us who started the company and the first hires were primarily coffee people. There's one tea holdout, but over time, the tea contingent has grown. Just within the last nine months, we hired two people who are Red Bull addicts. All of a sudden, we're shopping for the company on-site and they're like, "Orange Red Bull, no sugar, energy, blah, blah, blah." I'm like, I have a course in Red Bull flavors. Anyway, I still think it's pretty gross, but I did try some of them.
Snipe:
It's disgusting. No, it is utterly vile. It is really, really gross.
[laughter]
Matt:
I don't get it. Please pitch me on why I would drink red Bull instead of coffee then.
Snipe:
No. If you don't drink Red Bull, then there will be more for me. First of all, I'm not going to pitch that.
Matt:
World's dwindling storage of Red Bull.
Snipe:
Obviously, we buy our stores out of local Red Bull, it's ridiculous. We have a main store, and then we have a failover store. Listen, you don't drink it because it tastes good. It tastes like dog ass, but it wakes you up. It keeps you awake. It feels the same role that coffee does, and frankly, I don't think that coffee tastes that good.
Matt:
Okay. Fair enough.
Snipe:
I can ask the same question to you.
Matt:
Right. For you, it's a combination. You don't like the flavor of either, but one of them you can buy in bulk and throw in the fridge?
Snipe:
Yes, yes.
Matt:
Got it. I get that. I love the flavor of coffee, but I'm like a geek. I have all the equipment, and all that kind of stuff.
Snipe:
Of course, you do.
[laughter]
Matt:
Am I predictable? I am predictable. Okay.
Snipe:
I will neither confirm nor deny. My lawyer has advised me. [laughs]
Matt:
Not to make a statement on this particular-- I have one more and I'm praying that I can make it short, but I probably won't. You are a member of the Laravel community. You use Laravel. You share things every once in a while, but for someone who is such a big name, who's a member of the Laravel community, much of your popularity is not within the Laravel community. You're not popular because you're speaking at Laracon, you're not creating Laravel packages that all the people are consuming.
It's this interesting thing where you're a very well-known person who uses Laravel and is a member of the Laravel community but is not necessarily gaining all that fame within Laravel space. It's an interesting overlap. As someone who does have exposure to lots of the tech communities, you're in the InfoSec world, you've been in PHP for a while, but you're also solidly Laravel.
Do you have any perspectives on either, maybe the differences between InfoSec and PHP, differences between InfoSec and Laravel, and/or is there anything that you would say to the Laravel community, or things you'd either applaud or hope to see grow? Is there anything you just want to say about the way Laravel compares, or connects, or overlaps, or whatever with the rest of the world that you're in?
Snipe It's always an ongoing joke in the InfoSec community. PHP developers are pretty much the easiest punching bag in the InfoSec community.
Matt:
And everywhere else.
Snipe:
In fact, I think just yesterday, I submitted an eye-rolling gift in relation to someone at InfoSec, bagging on PHP developers. I get it. When the language first came out, it was really easy to learn. You didn't need to have any knowledge of programming, or discipline, or best practices. There were no best practices for quite some time in PHP. I totally get that. The thing is that that's not really the world that we live in anymore. It's actually hard to write a PHP application without using a framework these days. Because the frameworks are so much better and it's so much faster, that for me, I'm pretty sure I could still write a PHP application without a framework, but why the hell would?
If I ever have to write another gddmn login auth routine, I'll kill myself. I will actually kill myself. Comparing InfoSec to PHP or Laravel is like comparing apples to orangutans. They're entirely different animals and there is a little bit of overlap, but typically not. In general, PHP has a bad reputation in InfoSec. In fact, I will tell you a very brief story about how I got into InfoSec. This one's always a fun one. I used to run a nonprofit organization when I moved to California the first time.
It was basically like Megan's Law for animal abusers. Criminal animal abuse. I would pull in data, break it down statistically based on a couple of different pointers like domestic violence connection, blah blah blah blah blah, and basically run statistics on that stuff. This was going back a very, very long time when nobody really knew or gave a crap at all about AppSec.
At one point, my website got hacked. The organization's website got hacked. I am literally on my way to speak at a conference in Florida, an animal welfare conference. I'm checking in. I'm like, "Hi, I'm Alison Gionatto. I'm a speaker." She goes, "You're petabuse.com. That's great. I'm so sorry to hear about what happened." I'm like, "I've been on a plane for a couple of hours." I'm like, "Wait, what?" [chuckles] I run to my hotel room, and somebody has defaced the website with an animated GIF, and a song playing in the background which was basically a clip from Meetspin, and they linked to Meatspin. If any of your listeners don't know what Meatspin is-
Matt:
I don't.
Snipe:
-please do not Google that. You can google it, but have safe search on.
Matt:
Is it like Goatse kind of stuff?
Snipe:
Yes. "You spin me right round, baby, right round" playing in the background on autoloop. To this day, when I hear that song, I shiver a little bit.
Matt:
Trigger, yes.
Snipe:
Exactly. I ended up actually talking to this guy who thought that we were a much bigger organization than we were. He was trying to extort money, of course. I was like, "Dude, you have you have no idea. We get like $800 in donations every month. You are barking up the wrong tree." He's like, "I thought you were bigger. I'm sorry, but it is what it is." I toyed with him long enough to figure out what he had done. The thing is, this is on a Cobalt RaQ server. First of all, we're going back. Second of all, those are not exactly going for their security, but it was what I could afford. Honestly, it's what I could afford. I figured it out, I locked him out. I did leave him one final kind of F you text.
[laughter]
Snipe:
Just so that he knew. That was how I got into this in the first place was basically a horrific, horrific internet meme and the defacement of my organization's website. Again, this is 2004, 2005. Application security became really important to me, and that’s why I’m here. [chuckles] That’s why I go to DEF CON. That’s why I speak about application security and security in general. To get back to your original question, there isn’t really an overlap.
There is this disdainful relationship, for the most part, coming from both directions because InfoSec people don’t typically treat programmers in general very well, but especially not PHP developers. PHP developers are tired of getting shit on, and so they don’t necessarily treat-- It becomes a bit of a self-fulfilling--
Matt:
Impostor, yes. Exactly.
Snipe:
Honestly, it’s all just a bunch of dumbass egos and it's stupid. If we would just talk to each other a little bit more, we'd probably be a little better off.
Matt:
Come on, somebody. You’ll be surprised to hear that I could talk about InfoSec and PHP for an hour, but we’re out of time. I don’t know if I’m going to have you back sometime or I don’t know what, but this’s been amazing. I really appreciate you spending some time with me. Before we cut off for the day and I cry because of all the topics I’m not going to cover, is there anything you wanted to talk about? Anything you want to plug, anything you want to cover, anything you want to say to the people that we haven’t got to cover today?
Snipe:
Nothing that really comes to mind. I am still really passionate about AppSec. If you’re using a framework and you’re not utilizing all of the security stuff that’s built in already, specifically Laravel is really good with that. I've had write some Middleware to add some additional CSP headers and things like that. If you’re already paying the price, the overhead of using a framework, then freaking use it.
Actually use all of the bits that are good, not just the bits that you don’t feel like writing. Laravel makes it really hard to avoid the CSRF tokens. You’ll actually have to go out of your way to disable those. I like that about Laravel. I like that it's opinionated. I like that it doesn’t want you to screw this up. That said, any developer left to their own devices sufficiently motivated will still screw it up.
Matt:
Will screw something up, yes.
Snipe:
Yes, Exactly. Frameworks like Laravel, I think once that are headed in the right direction, so your default login already uses bcrypt to hash the password. You would, again, have to go out of your way to write something that would store something in cleartext or MD5. I think it’s a step in the right direction. Use your frameworks, learn what their built-in security functionality is, and use them.
Matt:
Use it. [laughs]
Snipe:
One of the packages I’m actually writing for Laravel right now is an XSS package which will basically walk through your schema, and will try and inject rows of XSS stuff in there so that when you reload the app and if you got to any kind of functional testing or acceptance testing setup, you’ll be able to see very quickly what you've forgotten to escape.
Matt:
I love it.
Snipe:
For a normal Laravel app, that's actually hard to do because the double braces will escape everything. For example, if you're using data from an API, maybe you’re not cleaning it as well or whatever. That’s one of the packages that I actually am working on.
Matt:
That’s great. Also, if you're using JavaScript, it's really common for people to not escape it, and so that all of a sudden, they forget to clean it.
Snipe:
Exactly. I wanted one quick way to basically just check and see how boned I was. That'll be fun.
Matt:
Yes. Does it have a name yet that we can watch for or would you just link it once you have it?
Snipe:
Well, the only name-- You know how the mocking data packages called Faker? You can imagine what I’m considering calling this that I probably won’t call it? [laughs]
Matt:
Probably won’t, but now we can all remember it that way? Yes.
Snipe:
No promises. Absolutely no promises is all I'm saying. [laughs]
Matt:
Assuming it’s safe for work, I will link the name in the show notes later. If not, you could just go-- [crosstalk]
[laughter]
Snipe:
Again, no promises.
Matt:
I like it. Okay. You all have taken enough drinks, so I won’t say my usual ending for you to drink too. Snipe, Alison, thank you so much. Thank you for the ways you have spoken up for a lot of things that really matter both in this call and our community as a whole. Thank you for hopefully helping me but also our entire community get better going forward, but also the things you brought to us in the past in terms of application security. I don’t know why I didn’t say this earlier, but Mr. Rogers is maybe one of my top heroes of all time. That was what was going through my mind when you were talking about running your company.
Thank you for being that force both for running companies that way and taking care of people, and then, of course, by proxy for just the people who you're working with. The more people that are out there doing that, I think the better it is for all of us. This has been ridiculously fun. If anyone wants to follow you on Twitter, what’s your Twitter handle and what are other things they should check out? That URL for Snipe-IT? I will put all of these in the show notes, but I just wanted you to get a chance to say them all at the end.
Snipe:
My Twitter handle is @snipeyhead, because @snipe was taken. I'm still pissed at that guy.
[laughter]
Snipe:
The URL for Snipe-IT is snipeitapp.com. Not very creative. All of our issues are on GitHub. Your pool of requests are welcome.
[laughter]
Snipe:
As always.
Matt:
Nice.
Snipe:
It is free. If it helps you solve some of your problems at your organization, we would love for you to try it out. If you'd like to give us money, that's awesome too. Ultimately, the more people who are using it, the better.
Matt:
Nice. Okay. Well, thank you so much for your time. Everyone, check out the show notes as always. We'll see you again in a couple of weeks with a special episode. I'll tell you more what it is when that one happens. See you.
Snipe:
[chuckles] Thank you so much, Matt.