Logo
    Search

    Podcast Summary

    • Intercepting network traffic for understanding software and hardware functionalityCuriosity and problem-solving skills can lead to intercepting network traffic to gain insights into software or hardware functionality. Tools like web proxies and debugging tools can be used to inspect and analyze network traffic.

      Developers and curious individuals can intercept and debug network traffic for various reasons, including understanding how software or hardware functions and potentially improving user experiences. Scott shared his experience of wanting to build a custom UI for Tonal's workout device, which led him to explore intercepting traffic from the device. He explained that since Tonal doesn't have a public API or web UI for logging in, the only way to understand its functionality was by intercepting the traffic. This discussion highlights the importance of understanding network traffic and the tools and methods to do so. Additionally, the episode mentioned using web proxies and debugging tools like Sentry to inspect and analyze network traffic. Overall, this episode emphasizes the value of curiosity, problem-solving, and the importance of understanding how software and hardware communicate.

    • Reverse engineering APIs without a web interfaceUsing tools like Charles and browser developer tools, it's possible to inspect network requests and responses to understand and access APIs without a web interface

      With the right tools and techniques, it's possible to reverse engineer APIs, even if they don't have a publicly accessible web interface. The speaker described their experience using Charles, an app for proxying network requests, to examine the actual requests being sent by an app and figure out its API. They were able to obtain an API key and use it to access the API and extract information. This method is particularly useful when there's no other way to interact with the API. Another example given was using developer tools in a web browser to inspect requests and responses. This can be helpful when dealing with websites that don't require authentication. The speaker shared how they built a script to log in to their investment website, obtain a token, and download historical data as a CSV file. The speaker also mentioned their curiosity about GitHub Copilot and what information it sends to its servers. They used similar techniques to inspect the requests and responses to gain insights into the data being transmitted. Overall, the discussion emphasized the importance of understanding how APIs function and the methods available to access and analyze them.

    • Understanding HTTP and HTTPS requestsHTTP requests involve sending data to URLs, while HTTPS encrypts these requests to secure sensitive information. Employers can monitor websites accessed but not specific user activity.

      Understanding network traffic, particularly HTTP and HTTPS requests, is crucial for security and privacy. HTTP traffic involves sending a request to a URL with optional data, including session IDs or tokens, which are essential for making subsequent requests. In the past, tools like Black Sheep allowed unauthorized access to this information, enabling users to impersonate others. However, with the advent of HTTPS, requests are encrypted, preventing unauthorized access to sensitive data. Employers can still monitor which websites are being accessed, but not the specifics of the user's activity. It's important to be aware of the information being transmitted over networks and take steps to secure it.

    • Implementing a proxy server with SSLSSL verifies connection authenticity, enabling deeper traffic inspection and control. Understand TCP and UDP for optimal usage in proxy servers.

      Implementing a proxy server with an SSL certificate allows for deeper inspection and control of web traffic. However, it's crucial to install the certificate properly to avoid disrupting normal internet usage. The SSL certificate verifies the authenticity of the connection and enables the proxy to decrypt and analyze the data. Both TCP and UDP are types of network traffic, but they function differently. TCP is a two-way communication protocol where a request is sent and a response is received, making it suitable for web development needs. UDP, on the other hand, is a one-way protocol with no guarantee of delivery or response, making it useful for applications where speed is prioritized over reliability. Running a proxy server can be beneficial for debugging, data manipulation, and security purposes, but it's essential to understand the underlying network protocols and their implications.

    • Inspecting and manipulating network traffic with tools like CharlesLearning to inspect and manipulate network traffic using tools like Charles can provide valuable insights and lead to innovative integrations, but it's crucial to use this knowledge ethically and responsibly.

      Understanding how to inspect and manipulate network traffic is a valuable skill for web developers and those looking to reverse engineer APIs or integrate third-party services. While browser dev tools have improved significantly, there are still situations where dedicated tools like Charles can be useful, especially for mobile apps or client-side validated services. Reverse engineering can lead to innovative integrations, but it also poses risks, such as unauthorized access or spamming. By learning how to hijack requests and pause traffic, one can edit data and gain insights into how APIs function. However, it's essential to use this knowledge ethically and responsibly.

    • Intercepting and Redirecting Data TrafficUnderstanding data flow and creating proxies can replicate internet-connected device functionality, but comes with risks like account lockouts and legal repercussions. Private APIs are particularly vulnerable.

      While user interfaces may change, the fundamental functionality of many internet-connected devices and services can be replicated through various means, including intercepting and redirecting data traffic. This can be achieved by understanding the data being sent and received, and creating a server or proxy that mimics the original functionality. However, this method comes with risks, as some companies have implemented measures to prevent unauthorized access and data interception. Private APIs, which allow for the extraction of specific data, are particularly vulnerable to this type of activity. Companies like Twitter and Instagram have taken steps to prevent unauthorized access through SSL pinning and other security measures. It's important to consider the potential consequences of intercepting data, including the possibility of account lockouts or legal repercussions. Ultimately, it's essential to understand the limitations of the systems we use and the data they transmit, and to use that knowledge responsibly.

    • Exploring Network Traffic with Charles and Proximan.ioUse Charles or Proximan.io to inspect and analyze network traffic, gain insights into data transmitted/received by applications, and identify potential security implications.

      There are numerous tools available for web developers to inspect and analyze network traffic, and these tools can be particularly useful for understanding the data being sent and received by various applications. Two popular options discussed were Charles and Proximan.io. Charles is a well-known tool that allows you to install a proxy certificate on both your computer and your phone, enabling you to inspect traffic from both devices. Proximan.io, on the other hand, stands out for its ability to detect the specific application sending the data. When you turn on Proximan, you'll be surprised by the flood of requests coming from various sources, including Adobe, Riverside, and TweetDeck. Both tools support HTTP, HTTPS, and WebSockets, and they offer additional features like JSON formatting and GraphQL requests. While these tools are powerful and free, it's important to note that they don't support TCP traffic. For instance, if you're trying to inspect GitHub Copilot's data transmission, you might encounter challenges since it likely sends data over an open socket rather than HTTP requests. In such cases, you may need to look into other tools or approaches. Overall, using network traffic inspection tools can provide valuable insights into the data being transmitted and received by your applications, helping you gain a better understanding of their behavior and potential security implications.

    • Understanding and managing network data in real-timeTools like Proximan and Little Snitch offer unique insights into network activity, allowing for real-time decoding and visual representation of network requests, respectively. These tools are essential for developers and users as we increasingly rely on digital services and streaming content.

      As we continue to move towards a more streaming-focused digital world, there is a growing need for more powerful tools to help developers and users visualize and manage network data in real-time. This was discussed in relation to the desire to intercept and decode streaming data using tools like Proximan, which is built on MITMproxy, and the long-standing security tool, Little Snitch. Proximan allows for both programmatic and CLI use to proxy values, while Little Snitch focuses on allowing users to approve or deny network requests before they occur, acting as a security tool and an effective way to block trackers. Both tools offer unique insights into network activity, with Proximan providing real-time decoding capabilities and Little Snitch providing a visual representation of where network requests are being sent. These tools demonstrate the importance of being able to understand and manage network data as we continue to rely on digital services and streaming content.

    • Debugging network traffic with tools like Wireshark, Charles Proxy, and FiddlerLearn to use network debugging tools for efficient and effective application development, gaining insights into network traffic and debugging web applications.

      With the right tools and knowledge, it's possible to intercept and debug network traffic on various devices and applications. During the discussion, the speakers mentioned using tools like Wireshark, Charles Proxy, and Telerik's Fiddler for debugging purposes. They also talked about how someone named Haxor reverse-engineered the Hyundai Blue Link system and shared methods to bypass SSL pinning. Although the process might seem intimidating, installing a certificate for tools like Charles Proxy or Proxyman is a straightforward process. It typically involves visiting a provided web address, clicking "install," and following a few simple steps. The speakers emphasized that it's not as complicated as it may sound. Moreover, the discussion highlighted the importance of understanding how these tools work and their potential applications, such as debugging web applications and gaining insights into how various systems function. If you're interested in learning more about proxying requests, debugging, or just want to explore the fascinating world of network traffic, it's worth checking out the resources mentioned in the podcast. In summary, the takeaway is that with the right tools and knowledge, you can gain valuable insights into network traffic and debug applications, making your development process more efficient and effective.

    Recent Episodes from Syntax - Tasty Web Development Treats

    793: The Local First Landscape

    793: The Local First Landscape

    Scott and Wes dive into the local first landscape, exploring the benefits and possibilities of local first apps. They highlight some of their favorite tools and discuss why local first is gaining traction among developers.

    Show Notes

    Sick Picks

    Shameless Plugs

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    792: Perfect Sitemaps for SEO

    792: Perfect Sitemaps for SEO

    Scott and Wes break down the importance of sitemaps for SEO. They dive into the different file formats, essential fields, and common pitfalls to avoid when creating and submitting your sitemap to search engines.

    Show Notes

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    791: LLRT The Serverless Runtime w/ Richard Davison

    791: LLRT The Serverless Runtime w/ Richard Davison

    Scott and Wes chat with Richard Davison from AWS about LLRT, a new runtime tailored specifically for Lambda. They dive into the benefits of using LLRT, challenges with JavaScript in serverless, and why Rust was chosen for its development.

    Show Notes

    Sick Picks

    Shameless Plugs

    • Richard: Javascript

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    790: State of JS 2023 Reactions

    790: State of JS 2023 Reactions

    Scott and Wes dive into the 2023 State of JavaScript survey, breaking down the latest trends and pain points in front-end frameworks, build tools, and JavaScript runtimes. Tune in for their hot takes and insights on what’s shaping the JavaScript landscape this year!

    Show Notes

    Sick Picks

    Shameless Plugs

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    789: Do More With AI - LLMs With Big Token Counts

    789: Do More With AI - LLMs With Big Token Counts

    Join Scott and CJ as they dive into the fascinating world of AI, exploring topics from LLM token sizes and context windows to understanding input length. They discuss practical use cases and share insights on how web developers can leverage larger token counts to maximize the potential of AI and LLMs.

    Show Notes

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    CJ: X Instagram YouTube TwitchTV

    Randy: X Instagram YouTube Threads

    788: Supabase: Open Source Firebase for Fullstack JS Apps

    788: Supabase: Open Source Firebase for Fullstack JS Apps

    Scott and CJ chat with Paul Copplestone, CEO and co-founder of Supabase, about the journey of building an open source alternative to Firebase. Learn about the tech stack, the story behind their excellent documentation, and how Supabase balances business goals with open-source values.

    Show Notes

    • 00:00 Welcome to Syntax!
    • 00:30 Who is Paul Copplestone?
    • 01:17 Why ‘Supa’ and not ‘Super’?
    • 02:26 How did Supabase start?
    • 08:42 Simplicity in design.
    • 10:32 How do you take Supabase one step beyond the competition?
    • 12:35 How do you decide which libraries are officially supported vs community maintained?
      • 15:17 You don’t need a client library!
    • 16:48 Edge functions for server-side functionality.
    • 18:51 The genesis of pgvector.
    • 20:59 The product strategy.
    • 22:25 What’s the story behind Supabase’s awesome docs?
    • 25:26 The tech behind Supabase.
    • 35:46 How do you balance business goals with open source?
    • 42:01 What’s next for Supabase?
    • 44:15 Supabase’s GA + new features.
    • 48:24 Who runs the X account?
    • 50:39 Sick Picks + Shameless Plugs.

    Sick Picks

    Shameless Plugs

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    CJ: X Instagram YouTube TwitchTV

    Randy: X Instagram YouTube Threads

    787: You Should Try Vue.js

    787: You Should Try Vue.js

    Scott and CJ dive deep into the world of Vue.js, exploring what makes this frontend framework unique and why it stands out from React and Svelte. CJ gives a comprehensive tour, covering everything from getting started to advanced features like state management and Vue’s built-in styles.

    Show Notes

    Vue.js: The Documentary.

    Sick Picks

    Shameless Plugs

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    786: What Open Source license should you use?

    786: What Open Source license should you use?

    Scott and CJ dive into the world of open source, breaking down its meaning, benefits, and the various types of licenses you’ll encounter. From permissive licenses like MIT and Apache 2.0 to copy-left licenses such as GNU GPLv3, they’ll help you choose and apply the right license for your project.

    Show Notes

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    785: What’s Next for NextJS with Tim Neutkens

    785: What’s Next for NextJS with Tim Neutkens

    Scott and Wes dive into the world of Next.js with special guest Tim Neutkens from Vercel. They explore the latest updates, including the React Compiler and React Server Components, discussing their impact on developer workflows and the future of Next.js development.

    Show Notes

    • 00:00 Welcome to Syntax!
    • 00:30 What does the React Compiler do?
    • 05:04 Will React Compiler help with managing Context?
    • 06:39 What happens if you’re not using a React Compiler?
    • 09:30 Will this work on any NextJS version?
    • 12:18 What are React Server Components?
    • 16:28 Shipping all the data inside an encapsulated component.
    • 20:17 Clearing up the frustrations around retrofitting server components.
    • 23:13 Handing migration.
    • 28:30 Is this just a fetch request with props?
    • 36:41 How closely are the NextJS and React teams working?
    • 41:53 Will we ever get Async Client Components?
    • 43:52 Async Local Storage API.
    • 45:31 Turbopack.
    • 57:51 Sick Picks & Shameless Plugs.

    Sick Picks

    Shameless Plugs

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    784: Logging × Blogging × Testing × Freelancing

    784: Logging × Blogging × Testing × Freelancing

    In this Potluck episode, Scott and Wes tackle listener questions on modern blogging, website environmental impact, and using LangChain with LLMs. They also cover CSS hyphens, unit vs. integration testing, and balancing web development with new parenthood.

    Show Notes

    Sick Picks

    Shameless Plugs

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott: X Instagram Tiktok LinkedIn Threads

    Randy: X Instagram YouTube Threads

    Related Episodes

    SSL Certs, Approvals and Cloudflare

    SSL Certs, Approvals and Cloudflare

    In this Hasty Treat, Scott and Wes talk about getting SSL certificates set up between your hosting, Cloudflare, and other web apps you may use.

    Prismic - Sponsor

    Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax.

    LogRocket - Sponsor

    LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.

    Show Notes

    Tweet us your tasty treats

    Futurum Live! From the Show Floor with BMC's April Hickel at SHARE Dallas 2022

    Futurum Live! From the Show Floor with BMC's April Hickel at SHARE Dallas 2022

    Futurum Research Senior Analyst and VP of Sales Steven Dickens is joined by April Hickel, VP of Strategy for BMC. Their conversation centers on her role with BMC, the results of their latest client survey, and the company's focus on three major themes: Security, application development, and how to increase the speed and quality of software that connects to or touches the mainframe.

    To learn more about BMC visit their website.

    Why Apache Druid is Not Like Other OLAP Databases with Muthu Lalapet and David Wang

    Why Apache Druid is Not Like Other OLAP Databases with Muthu Lalapet and David Wang

    On today’s episode, we’re joined by David Wang, VP of Product Marketing at Imply and Muthu Lalapet, Director of Worldwide Sales Engineering at Imply to dig into Apache Druid, a high performance, real-time analytics database. Thousands of companies are already using Druid today, from Netflix to Salesforce. But what is Apache Druid best used for? What types of projects? What data sets are Druid users working with? What are companies doing with Druid?  Listen to hear real-life examples of where Druid works best: Operational visibility at scale, customer-facing analytics, rapid-drill down exploration and real-time decisioning.

    Episode 88: 1. SAP, DFKI and Saarland University: Building Prototypes with SAP BTP 2. SAP & Accenture Partnership and Deep Dive into SAP Process Automation

    Episode 88: 1. SAP, DFKI and Saarland University: Building Prototypes with SAP BTP  2. SAP & Accenture Partnership and Deep Dive into SAP Process Automation
    In this episode we take you through the experience of building prototypes with SAP BTP in a cooperation of SAP, DFKI and Saarland University and a have fruitful discussion between SAP and Accenture about their long-standing partnership and how they bring value to customers using SAP Process Automation.

    744: Docker For Developers

    744: Docker For Developers

    Join Scott and CJ on a rapid-fire journey through Docker. From unraveling containerization to practical advice on incorporating Docker into your workflow, this quick-paced episode has everything you need to navigate the world of container technology.

    Show Notes

    Hit us up on Socials!

    Syntax: X Instagram Tiktok LinkedIn Threads

    Wes: X Instagram Tiktok LinkedIn Threads

    Scott:X Instagram Tiktok LinkedIn Threads

    CJ: X Instagram Tiktok TwitchTV YouTube

    Randy: X Instagram YouTube Threads