1 00:00:00,340 --> 00:00:03,279 -Hey, this is Michael Dyrynda. -And this is Jake Bennett. 2 00:00:05,900 --> 00:00:09,659 And welcome to Episode 179 of the North Meet South Web Podcast. 3 00:00:11,059 --> 00:00:13,020 I thought it was 180. 179, huh? 4 00:00:14,739 --> 00:00:15,159 Yeah. 5 00:00:16,479 --> 00:00:19,239 -179, okay. Well, hey- -Next- next- next week, we'll get to 180. 6 00:00:19,239 --> 00:00:21,539 179 it is, folks. Um, 7 00:00:22,459 --> 00:00:27,280 it is post July 4th, and I'm still sort of hanging on to the mustache thing here- 8 00:00:27,280 --> 00:00:28,039 -It's fine -... a little bit. 9 00:00:28,039 --> 00:00:29,979 I can- I can... Look, the goatie, th- 10 00:00:31,279 --> 00:00:32,959 -the dirty goatie I can live with. -It- it's okay. 11 00:00:32,959 --> 00:00:33,899 The mustache... 12 00:00:34,819 --> 00:00:36,479 -I'm gonna shave it all off for- for- -Maybe, maybe 13 00:00:36,479 --> 00:00:39,380 ... Laracon again. And now you're just gonna have to live with, uh, Jake with the 14 00:00:39,380 --> 00:00:39,959 mustache. 15 00:00:40,840 --> 00:00:44,040 Um, no, I'm not actually not gonna do that. I'm gonna- I'm gonna- I'm gonna just 16 00:00:44,040 --> 00:00:48,239 put it all back to how it- how it should normally be. Um, but in other news- 17 00:00:48,239 --> 00:00:50,739 -I was just- -We- we are actually staying at the same 18 00:00:50,739 --> 00:00:51,200 hotel. 19 00:00:52,479 --> 00:00:54,099 -I'm pretty stoked. -Yes, finally. 20 00:00:54,099 --> 00:00:56,099 -Finally, yes. -That- that worked out well in the end. 21 00:00:56,099 --> 00:00:58,419 -It did end up working out well. -Worked out well in the end because 22 00:00:59,099 --> 00:01:02,439 I said back in February, like, "I've bo- bought my ticket, I've booked my 23 00:01:02,439 --> 00:01:03,340 -accommodation-" -Yep, yep. 24 00:01:03,340 --> 00:01:07,579 "... this is the closest hotel." And it ended up- ended up- ended up being one of 25 00:01:07,579 --> 00:01:08,540 -the- -Yeah, the conference, yeah 26 00:01:08,540 --> 00:01:10,440 ... the official, I guess, conference hotels. 27 00:01:11,060 --> 00:01:13,599 And so by the time you booked, three weeks before the event- 28 00:01:13,599 --> 00:01:13,879 Yeah. 29 00:01:15,080 --> 00:01:17,719 -You're like, "There's no rooms anywhere." -Yeah, you were like, oh- 30 00:01:17,719 --> 00:01:20,619 -I wonder why, you know? -Right, yeah. And so they ended up opening 31 00:01:20,619 --> 00:01:22,480 -up, and, uh, yep. -1,200 people- 32 00:01:22,480 --> 00:01:24,079 -So- -1,200 people coming in. Yeah, so that 33 00:01:24,079 --> 00:01:28,179 -worked out. -It's gonna be awesome. I'm so excited. We 34 00:01:28,179 --> 00:01:31,019 can do, like, pillow fights middle of the night, just like- 35 00:01:31,019 --> 00:01:31,760 -Pillow fights. -Yep. 36 00:01:31,760 --> 00:01:33,839 -Yeah, yep. -Just gonna find out whose room is it. We 37 00:01:33,839 --> 00:01:37,199 gotta have- have so many people there. Knock on the doors and just hit people 38 00:01:37,199 --> 00:01:40,539 -with pillows. It's gonna be good times. -It's gonna be a bit like that. It's, um... 39 00:01:40,539 --> 00:01:45,199 Yeah, I looked, 'cause I, um, I messaged Matt, Matt Stouffer, and I said, "What are 40 00:01:45,199 --> 00:01:49,279 we doing for coffee?" Because I know it's only three days, but I can't drink 41 00:01:49,279 --> 00:01:50,439 -Starbucks for three days. -Yep. 42 00:01:50,439 --> 00:01:51,799 -Like, that's not an option. -Yep, yep. 43 00:01:51,799 --> 00:01:57,659 I need good coffee. It turns out... Now, whether or not it is good is to be seen, 44 00:01:57,659 --> 00:02:02,639 but it turns out that in that hotel, in the Vib by Best Western, for those of you 45 00:02:02,639 --> 00:02:05,839 who are staying there, there is a coffee, there's, like, a cafe- 46 00:02:05,839 --> 00:02:07,099 -Nice. Okay, okay -... downstairs in the hotel. 47 00:02:08,419 --> 00:02:13,159 So it- it has, like, a four-and-a-half star rating, so I'm hoping- 48 00:02:13,159 --> 00:02:15,059 -Sweet -... that that's good enough. 49 00:02:15,059 --> 00:02:17,659 -That'll be good. -There is also, for those of you staying 50 00:02:17,659 --> 00:02:21,959 there, a taqueria downstairs. So tacos and coffee, we should be sorted. 51 00:02:21,959 --> 00:02:25,499 Sounds amazing. Yeah, I'm- I'm really excited. It looks like a really nice hotel 52 00:02:25,499 --> 00:02:27,559 -as well. Um, like you said- -Mm-hmm 53 00:02:27,559 --> 00:02:30,779 ... it's like, I think the closest hotel to the venue of the ones that there are 54 00:02:30,779 --> 00:02:31,319 -on- -Yeah 55 00:02:31,319 --> 00:02:32,679 -... that are on there. So, um- -Mm-hmm 56 00:02:32,679 --> 00:02:36,499 ... yeah, it's- it's gonna be amazing. I'm so excited. I cannot wait. I'm flying in 57 00:02:36,499 --> 00:02:42,679 Monday, leaving Thursday evening. So if any of you have no plans for Thursday, 58 00:02:42,679 --> 00:02:46,099 meaning you've stayed Wednesday, you did the afterparty on Wednesday, you slept in 59 00:02:46,099 --> 00:02:49,239 on Thursday, and now it's Thursday afternoon and you're looking for something 60 00:02:49,239 --> 00:02:53,999 to do, hit me up on Telegram. I'd love to hang out because Michael will probably be 61 00:02:53,999 --> 00:02:56,079 gone by then. Michael, will you be out by then? 62 00:02:56,079 --> 00:02:57,519 -Yeah. -Yeah, so I'll be leaving at 5:30- 63 00:02:57,519 --> 00:02:59,379 -Yeah, we- we get in at, like, 3:00 -... which means I'll have a bit of time 64 00:02:59,379 --> 00:02:59,919 -for lunch. -Yeah. 65 00:02:59,919 --> 00:03:02,219 I'll be able to... I'll be free for lunch if anybody wants to hang out. 66 00:03:03,679 --> 00:03:06,759 -Yeah, we get in at 3:00-ish on- -Monday, yep 67 00:03:06,759 --> 00:03:10,919 ... Monday, Aaron and I. And then, we were supposed to leave at 6:00 or something 68 00:03:10,919 --> 00:03:14,019 -like that, 6:00 PM on Thursday. -Yeah. 69 00:03:14,019 --> 00:03:17,179 But our flight got pulled back to 11:00 AM. 70 00:03:17,179 --> 00:03:18,579 -Ah. -So we're probably gonna be at the airport 71 00:03:18,579 --> 00:03:20,799 at, like, I don't know, 8:00, just to be safe. 72 00:03:20,799 --> 00:03:21,619 -Yeah. -Just who knows? 73 00:03:21,619 --> 00:03:22,919 Yeah, we can catch coffee. You and I can catch coffee. 74 00:03:22,919 --> 00:03:26,459 Although I saw recently... Yeah, yeah, we'll be all right. We'll- the- we'll have 75 00:03:26,459 --> 00:03:29,839 plenty of opportunities to- to see each other over the- the three days- 76 00:03:29,839 --> 00:03:30,799 -For sure -... that- that we're there, but 77 00:03:31,439 --> 00:03:36,019 yeah, I am... I saw- I saw on the news or something, there was an article the other 78 00:03:36,019 --> 00:03:39,839 day that, like, tourism is way down for Australians into 79 00:03:40,679 --> 00:03:43,839 -the US at the moment, like 12 or 15%- -Wow, that's crazy 80 00:03:43,839 --> 00:03:45,439 -... on what they were expecting normally. -Yeah. 81 00:03:46,079 --> 00:03:51,459 So I'm- I'm hoping that we have, like, a lo- although these- these flights that we 82 00:03:51,459 --> 00:03:55,419 bought were on sale, so they're sale dates, so I suspect that maybe they will 83 00:03:55,419 --> 00:03:59,119 be booked-booked. But it'd be nice to see if there's a bit of, uh, 84 00:03:59,819 --> 00:04:03,119 -bit of space on the plane actually. -Some extra legroom. Yeah, for sure. 85 00:04:03,119 --> 00:04:03,839 -Yeah. -I actually- 86 00:04:03,839 --> 00:04:05,479 -We'll see what happens -... there was a lady sitting in my seat on 87 00:04:05,479 --> 00:04:06,659 the last flight I was on. 88 00:04:07,659 --> 00:04:10,359 And I didn't bother her 'cause, like, it doesn't matter, there's extra seats. And 89 00:04:10,359 --> 00:04:13,079 so I told the attendant, I was like, "Do you mind if I sit in another seat?" And 90 00:04:13,079 --> 00:04:15,659 she's like, "Yeah, that's fine." I said, "Why- why don't I just go sit in first 91 00:04:15,659 --> 00:04:18,559 class, it's like it's enough, should I sit up there?" She was like, "It's fine with 92 00:04:18,559 --> 00:04:21,999 me." She's like, "But let me check." And so she checked and the lady up front was 93 00:04:21,999 --> 00:04:25,039 like, "No". I was like, "Come on", so I just took an exit seat. It was fine. 94 00:04:25,039 --> 00:04:27,479 -Ah, you tried. -I did try. She was almost, I mean, almost 95 00:04:27,479 --> 00:04:28,179 -had her. -You tried. 96 00:04:28,179 --> 00:04:31,119 -Yep. I was almost there. -Almost. Almost there. Almost got it. Yeah, 97 00:04:31,119 --> 00:04:36,199 we- we definitely for the long haul flights, the, uh, Sydney to Dallas and 98 00:04:36,199 --> 00:04:39,079 then the LA to Melbourne on the way back, we- 99 00:04:40,119 --> 00:04:42,379 -we went for exit seats. -Nice, there you go. 100 00:04:42,379 --> 00:04:44,199 -Aaron and I just- -Yeah, some extra room. 101 00:04:44,199 --> 00:04:48,539 Um, and hopefully these are good exit seats because the last time I was coming 102 00:04:48,539 --> 00:04:49,839 back from the US, I went 103 00:04:50,679 --> 00:04:54,499 thinking that it'd be good to sit in the, like, the- the bulkhead row- 104 00:04:54,499 --> 00:04:56,199 -Yeah -... behind the- the bathrooms. 105 00:04:56,199 --> 00:04:58,939 -Yeah. -Terrible idea. Don't ever do that. Because 106 00:04:58,939 --> 00:05:00,399 -number one, the armrests- -Oh, no. 107 00:05:00,399 --> 00:05:04,379 Like, the armrests are fixed, so you can't move them. So I had, like... I was 108 00:05:04,379 --> 00:05:08,459 uncomfortable the whole time. And you think because you're at the bulkhead, 109 00:05:08,459 --> 00:05:11,679 there's a bit more room, and there is physically a bit more room to stretch your 110 00:05:11,679 --> 00:05:14,739 legs out. But the problem is people walk past there to go- 111 00:05:14,739 --> 00:05:16,799 -Oh, God. -... to the bathroom from the bathroom. So 112 00:05:17,799 --> 00:05:20,579 yeah, no good. So we are on the... We're by the galley, 113 00:05:21,399 --> 00:05:26,239 um, on the exit- exit row this time, and to, like, the- the- the left of the plane. 114 00:05:26,239 --> 00:05:31,279 So hopefully that'll be a better seat. But I didn't... I looked at even premium 115 00:05:31,279 --> 00:05:34,619 c- premium economy was like $6,000 return or something like that. 116 00:05:34,619 --> 00:05:35,819 -My gosh. -I said, "Nah. Not." 117 00:05:35,819 --> 00:05:37,799 -Hey, okay, I've got one- -No thank you, not for me 118 00:05:37,799 --> 00:05:38,899 ... one quick tip for you here 119 00:05:39,759 --> 00:05:41,019 -for sleeping on planes. -Mm-hmm. 120 00:05:41,019 --> 00:05:41,299 Okay? 121 00:05:41,959 --> 00:05:46,099 There is this amazing product called the Sleeper Hold. 122 00:05:46,939 --> 00:05:48,479 -Sleeper Hold. Is- -Right. 123 00:05:48,479 --> 00:05:51,319 -No, seriously. It was invented by an- -Nonsense 124 00:05:51,319 --> 00:05:54,119 -... an MMA guy, a UFC fighter- -Mm-hmm 125 00:05:54,119 --> 00:05:57,359 ... who had to go on flights and trips and stuff like that all the time. And he was, 126 00:05:57,359 --> 00:06:00,739 like, sick of, like, not being able to sleep well on these- on these trips. 127 00:06:00,739 --> 00:06:02,359 -Mm-hmm. -So he invented this thing called the 128 00:06:02,359 --> 00:06:04,639 Sleeper Hold. Now, I got one at a conference. I was like, "What is this 129 00:06:04,639 --> 00:06:11,619 nonsense?"Oh, my gosh. I will never travel without it again. It is amazing, and you 130 00:06:11,619 --> 00:06:15,459 can actually sleep well on flights or on buses or on- 131 00:06:15,459 --> 00:06:17,040 -Right -... on anything like that- ... that has, 132 00:06:17,040 --> 00:06:18,679 like a rest... Like, a seat behind you. 133 00:06:19,319 --> 00:06:22,819 It is incredible. So if you... I mean, because you're gonna be on these insane 134 00:06:22,819 --> 00:06:26,359 flights, you know, you're gonna be hitting 14 and a half hour time difference jet 135 00:06:26,359 --> 00:06:26,919 lag thing, 136 00:06:27,519 --> 00:06:31,559 I would suggest snapping one of these up. Now, they're not inexpensive, but they are 137 00:06:31,559 --> 00:06:35,740 amazing, amazing. And so, um, check it out. Sleeper- 138 00:06:35,740 --> 00:06:36,500 Oh, the travel pillow. Right, right, right, right. 139 00:06:36,500 --> 00:06:37,520 Sleeper Hold. Yeah, yeah. It's a s- it's a no- 140 00:06:37,520 --> 00:06:40,760 -When you say sleeper hold- -And I know, and I know, it's- it's not, 141 00:06:40,760 --> 00:06:42,740 -you know, it's not just a travel pillow. -Yeah. 142 00:06:42,740 --> 00:06:44,159 -It's- it's- it's a little bit different. -Yeah, yeah, yeah. 143 00:06:44,159 --> 00:06:47,100 They've got some really good marketing as well, but I've actually used it and the 144 00:06:47,100 --> 00:06:50,219 marketing holds up. The hype holds up. It's really good. So for any of you 145 00:06:50,219 --> 00:06:53,839 listening who are gonna be going to Laracon, grab a Sleeper Hold. Tell them 146 00:06:53,839 --> 00:06:57,019 Jake sent you, there's no referral code or anything. Sorry, otherwise I would give 147 00:06:57,019 --> 00:07:00,319 it to you. But, uh, they're pretty sweet. Pretty sweet. So... 148 00:07:00,319 --> 00:07:04,099 Right. So this thing, you strap to the... You strap to the seat, and it kind of 149 00:07:04,099 --> 00:07:05,759 holds your head so your face doesn't flop forward. 150 00:07:05,759 --> 00:07:07,239 That's right. Yeah, so you have a little neck thing that- 151 00:07:07,239 --> 00:07:09,119 -Yeah, cool -... goes behind, just behind the- the, 152 00:07:09,119 --> 00:07:12,439 like, the little dip in your neck, in the back of your neck. You just put the pillow 153 00:07:12,439 --> 00:07:12,779 -there- -Mm-hmm 154 00:07:12,779 --> 00:07:15,659 ... and then there is a strap that goes around the back of the seat. And then 155 00:07:15,659 --> 00:07:19,839 there's like a eye mask that kind of goes over the front of your eyes and holds your 156 00:07:19,839 --> 00:07:23,419 head in place up against the back of the seat. And you don't, you know- 157 00:07:23,419 --> 00:07:24,599 -Yeah, right -... those neck cushions, they don't 158 00:07:24,599 --> 00:07:27,319 actually hold your head up, so you- you kind of, you have to try- 159 00:07:27,319 --> 00:07:28,679 -Yeah, yeah, yeah -... lean your head back. It doesn't work 160 00:07:28,679 --> 00:07:32,599 very well. This works amazingly, and I have slept like a baby on flights with 161 00:07:32,599 --> 00:07:36,879 -this thing. So, highly suggest it. -I'm, uh... I have sent this to my wife. 162 00:07:36,879 --> 00:07:41,999 -Mm-hmm. -I am very fortunate in that I, generally 163 00:07:41,999 --> 00:07:46,199 speaking, on a flight, will close my eyes and wake up eight or nine hours later. 164 00:07:46,199 --> 00:07:49,579 -That's amazing. -Especially on the way back. Especially on 165 00:07:49,579 --> 00:07:54,839 the way back, because it'll be, you know, three days of go, go, go. We've got the- 166 00:07:54,839 --> 00:07:57,179 the mostly technical party on Monday night. 167 00:07:57,179 --> 00:08:00,379 -Yep, Monday night. -We've got after dark on- on Tuesday night, 168 00:08:00,379 --> 00:08:03,359 then there's like... I assume we'll do something on- 169 00:08:03,359 --> 00:08:04,879 -Wednesday night, yeah. Did you- -... on Wednesday night as well, and then 170 00:08:04,879 --> 00:08:06,719 -we're gonna be up- -There's a link, I'll send it to you. 171 00:08:06,719 --> 00:08:10,159 -There's a Luma something. -Yeah, yeah, yeah. I- 172 00:08:10,159 --> 00:08:11,599 -You get that one? -Yes, that was for Tuesday night, I think, 173 00:08:11,599 --> 00:08:12,779 -that one. Yeah, I got that one s- -I think that was- 174 00:08:12,779 --> 00:08:13,779 -So, did that, um... -I thought that- I thought that was for 175 00:08:13,779 --> 00:08:14,239 Wednesday. 176 00:08:16,159 --> 00:08:16,639 Let me look. 177 00:08:17,839 --> 00:08:19,799 -Luma after party. -Can you double check? 178 00:08:19,799 --> 00:08:23,259 Yep, I'm looking right now. Tuesday. You're right, it is Tuesday. Yep. 179 00:08:23,259 --> 00:08:23,959 -Mm-hmm. -My bad. 180 00:08:23,959 --> 00:08:24,199 Yeah. 181 00:08:24,839 --> 00:08:29,199 Yeah, so, um, that, and then Wednesday night, I assume we'll do something. Go 182 00:08:29,199 --> 00:08:30,359 -grab dinner or something- -Yeah, yeah 183 00:08:30,359 --> 00:08:33,019 ... with the- with the guys. Anyone who's- who's keen for that. 184 00:08:33,019 --> 00:08:35,859 -For sure. -Um, and then Wednesday we'll be up early, 185 00:08:35,859 --> 00:08:40,659 and then we're just gonna have to try and power through LA. Um, Aaron and I are 186 00:08:40,659 --> 00:08:44,619 gonna go and do the unthinkable. And I don't know if we're actually gonna do 187 00:08:44,619 --> 00:08:48,979 this, but I- I joked to Aaron, I said, "So, outside of LAX, there's a Five Guys, 188 00:08:48,979 --> 00:08:51,879 -an In-N-Out, and a Chick-fil-A." -Gotta do it. 189 00:08:51,879 --> 00:08:53,479 And I'm like, "We'll just eat all of them. We'll just do all three." 190 00:08:53,479 --> 00:08:53,859 You gotta do it. 191 00:08:54,659 --> 00:08:56,339 And then, uh, yeah. So 192 00:08:57,039 --> 00:09:00,559 by the time I get on that plane, and- and this has happened every time I've left the 193 00:09:00,559 --> 00:09:06,619 US for- for any trip that I've been over there, I'm asleep before wheels up. Like, 194 00:09:06,619 --> 00:09:08,359 before we leave the ground- ... my eyes are shut. I'm out. 195 00:09:08,359 --> 00:09:08,519 Yeah. 196 00:09:09,399 --> 00:09:11,279 -Oh, my gosh. -And they come- they come at like an hour 197 00:09:11,279 --> 00:09:13,999 or- or- or two later, and they're like, "Do you want dinner?" I'm like, "It's 198 00:09:13,999 --> 00:09:15,759 midnight. I don't- I don't want dinner. Go away." 199 00:09:15,759 --> 00:09:16,999 -That's funny. -"Why did you wake me up for this?" So... 200 00:09:16,999 --> 00:09:20,259 -That's hilarious. -This light- this light keeps on flicking 201 00:09:20,259 --> 00:09:23,039 off and on for some reason, I don't know why. So every now and then I get shrouded 202 00:09:23,039 --> 00:09:23,659 in darkness. 203 00:09:24,899 --> 00:09:25,999 -Well- -So yeah, Laracon, uh, this- 204 00:09:25,999 --> 00:09:26,859 Anyway, long story short. Yeah, absolutely 205 00:09:26,859 --> 00:09:32,319 ... this will be our last- last North Meet South before Laracon. Uh, we've got... 206 00:09:32,319 --> 00:09:35,559 We'll do an episode of Laravel News next week. Mm-hmm. 207 00:09:35,559 --> 00:09:37,099 And then we'll be on location. 208 00:09:38,319 --> 00:09:43,179 Is it that quick? No. Oh, no. We will have one more North Meet South before Laracon. 209 00:09:43,179 --> 00:09:43,339 Okay. Okay. 210 00:09:43,339 --> 00:09:45,899 And then we'll be on location. Yep, yep, yep, yep, yep. 211 00:09:47,519 --> 00:09:51,659 So yeah. A- and then for Laravel News, you and I will be, 212 00:09:52,259 --> 00:09:54,999 uh, running around. You did a day one recap last year with- 213 00:09:54,999 --> 00:09:56,039 -Yes -... David Hemphill. 214 00:09:56,039 --> 00:09:59,019 -Yes. -Which made- made me feel very slighted, 215 00:09:59,019 --> 00:09:59,839 -uh, that you would- -I'm so sorry. 216 00:09:59,839 --> 00:10:01,579 ... you would do something like- like that . 217 00:10:01,579 --> 00:10:02,739 I think I mentioned you. I thought I mentioned you. 218 00:10:02,739 --> 00:10:03,879 -You did- you did mention me. -Okay. 219 00:10:03,879 --> 00:10:07,519 But, uh, you know, I will- I will- I'll be there this time, so you watch yourself. 220 00:10:07,519 --> 00:10:10,419 And so it will definitely be you and me. Yeah, Hemphill. Watch it, you're gonna 221 00:10:10,419 --> 00:10:12,059 -get- you're gonna get a- -So yeah, we'll do- 222 00:10:12,059 --> 00:10:13,999 -... shiv. -We'll do a recap day one and we'll do day 223 00:10:13,999 --> 00:10:15,399 two, 'cause there was no day two last year. 224 00:10:15,399 --> 00:10:17,959 -Right. -Um, and I think we're gonna go around and 225 00:10:17,959 --> 00:10:19,319 -do some like vox pops- -Absolutely 226 00:10:19,319 --> 00:10:23,199 ... and speak to people and- and talk to them as well for Laravel News, so that'll 227 00:10:23,199 --> 00:10:24,339 be a bit of fun. Something- something to do. 228 00:10:24,339 --> 00:10:26,979 -Should be a good time. -So if- if you are interested 229 00:10:27,599 --> 00:10:31,139 in doing that, keep an eye out for us. We'll- we'd love to talk to you about what 230 00:10:31,139 --> 00:10:34,299 you think. I saw Taylor's got like a two-hour 231 00:10:34,979 --> 00:10:36,759 -keynote at the end of day one. -Wow. 232 00:10:36,759 --> 00:10:39,999 So that'll be- that'll be a bit of fun. And looks like there's a lot of variety in 233 00:10:39,999 --> 00:10:42,959 the talks as well. If you've- if you've seen the schedule, there's some- there's 234 00:10:42,959 --> 00:10:47,339 some, um, you know, 30-minute talks, 20-minute talks. They're all over the 235 00:10:47,339 --> 00:10:51,059 place this year, which- which is good. I think- I think mixing things up like that 236 00:10:51,059 --> 00:10:57,019 is- is good for the audience as well. Um, getting a- a mix of lengths and types and- 237 00:10:57,019 --> 00:10:57,919 and all sorts. So 238 00:10:58,959 --> 00:11:00,399 -very excited to get back over there- -Yeah 239 00:11:00,399 --> 00:11:02,699 ... after, what, six years or whatever it's been. 240 00:11:02,699 --> 00:11:05,839 Yep. It's gonna be incredible to have you, dude. It's been too long. Too long since 241 00:11:05,839 --> 00:11:09,839 we've been able to hang out in- in, uh, the real, right? In 3D. 242 00:11:09,839 --> 00:11:12,919 -Mm-hmm. -So it'll be fun. It'll be lots of fun. Hey 243 00:11:12,919 --> 00:11:17,839 folks, we have a couple different topics that I would like to talk about today. The 244 00:11:17,839 --> 00:11:21,599 first one is this. Should you have 245 00:11:22,239 --> 00:11:27,979 a middleware call inside the constructor of a controller? Okay, so 246 00:11:28,999 --> 00:11:29,699 set it up for you. 247 00:11:30,439 --> 00:11:32,739 This is something that used to be supported and I do not think it's 248 00:11:32,739 --> 00:11:36,919 supported anymore in Laravel 12, which is this. Inside of a controller you can, in 249 00:11:36,919 --> 00:11:41,359 the constructor, say, "This middleware," and then specify a middleware. And what 250 00:11:41,359 --> 00:11:45,419 this will do is this will apply that middleware to anything that you're going 251 00:11:45,419 --> 00:11:47,659 to be accessing that controller 252 00:11:48,699 --> 00:11:52,899 through, right? Any route that references anything that points to that controller, 253 00:11:52,899 --> 00:11:56,639 you can have a middleware in the constructor of that controller. Okay. Are 254 00:11:56,639 --> 00:11:57,019 you ready? 255 00:11:57,639 --> 00:12:01,159 Think about it for a second. Make up your mind. Do you think you should put it there 256 00:12:01,159 --> 00:12:01,859 or not? 257 00:12:02,579 --> 00:12:03,059 And 258 00:12:03,899 --> 00:12:05,119 go. All right, what do you think, Michael? 259 00:12:06,859 --> 00:12:09,959 No. And you, you, you posted this the other day- 260 00:12:09,959 --> 00:12:11,979 -I did -... in Telegram, and I- 261 00:12:11,979 --> 00:12:15,119 I'm gonna grab a water while you formulate your response and, and tell me why I 262 00:12:15,119 --> 00:12:18,020 shouldn't do it, so then I can actually come back and tell you why I think you 263 00:12:18,020 --> 00:12:18,779 should. But go ahead. 264 00:12:19,680 --> 00:12:19,919 Yeah. 265 00:12:20,539 --> 00:12:24,339 I mean, Laravel 12, you said you can't do it, so that's, that's as good a reason as 266 00:12:24,339 --> 00:12:26,899 any to not do it. Um, I know 267 00:12:27,539 --> 00:12:32,600 there used to be some explicit reason to do it. Like, you... There was some part of 268 00:12:32,600 --> 00:12:36,939 the request lifecycle that wasn't available inside of 269 00:12:37,680 --> 00:12:40,799 your route definitions, which is why you, you maybe wouldn't have done it 270 00:12:40,799 --> 00:12:43,520 previously. Like, you wanted to dynamically apply a middleware or 271 00:12:43,520 --> 00:12:46,219 something like that inside of the controller constructor. 272 00:12:47,499 --> 00:12:48,860 The, the reason I don't 273 00:12:49,540 --> 00:12:53,359 like the idea of putting the middleware in the controller 274 00:12:53,979 --> 00:12:57,119 is kind of similar to why I don't like using, um, 275 00:12:57,739 --> 00:13:02,259 events too much. I don't particularly like using observers and, and global scopes, 276 00:13:02,259 --> 00:13:04,299 although those things are a little bit more 277 00:13:05,079 --> 00:13:06,619 -opaque now- -Yeah, for sure they are 278 00:13:06,619 --> 00:13:10,079 ... because we've got the attributes to say, like, observed by, scoped by, and all 279 00:13:10,079 --> 00:13:11,839 of that kind of stuff. But I feel like 280 00:13:14,040 --> 00:13:18,599 the routes file is the first place that I'm going to look in a new application to 281 00:13:18,599 --> 00:13:22,079 see everything that's happening across the application. Like, I know what 282 00:13:22,079 --> 00:13:26,300 functionality is available, I know where to reach it. It's a very quick and easy 283 00:13:26,300 --> 00:13:29,999 way. W- this is the same reason I don't like route definitions inside of 284 00:13:29,999 --> 00:13:32,499 controllers using attributes, which is a thing that has- 285 00:13:32,499 --> 00:13:34,139 -Fair enough -... like, come and gone in the past. 286 00:13:34,139 --> 00:13:38,639 Because if you want to s- I mean, you can always do a route list and see the route 287 00:13:38,639 --> 00:13:42,659 list that way, but I think opening up the routes file and just scrolling through it 288 00:13:42,659 --> 00:13:47,279 and seeing everything that's there is my preferred method for, for dealing with 289 00:13:47,279 --> 00:13:48,079 that kind of stuff. 290 00:13:48,959 --> 00:13:53,319 When you start putting things in- inside a constructor, it's, it becomes 291 00:13:54,079 --> 00:13:54,939 less visible. 292 00:13:55,560 --> 00:13:59,359 Um, it... Like, does it still appear in the route list if you d- define a 293 00:13:59,359 --> 00:14:01,019 -middleware there? -That's a good question. I honestly don't 294 00:14:01,019 --> 00:14:02,179 -know. -'Cause that would be my hesitation. 295 00:14:02,179 --> 00:14:04,479 -I'm not sure. -Yeah. 'Cause that would be, that would be 296 00:14:04,479 --> 00:14:07,079 -another hesitation of mine- -I kinda feel like it wouldn't 297 00:14:07,079 --> 00:14:09,819 -... is that you don't know. -I kinda feel like it would not. Yeah. 298 00:14:09,819 --> 00:14:10,099 Yeah. 299 00:14:11,539 --> 00:14:16,439 Um, so yeah, my, eh, I never, I never do. Um, 300 00:14:17,359 --> 00:14:21,339 all of my middlewares are defined inside of 301 00:14:21,959 --> 00:14:26,379 -the routes file. Yeah. -Fair enough. Now that being said, uh, I 302 00:14:26,379 --> 00:14:30,799 mean there are multiple other places where there are middlewares being placed onto 303 00:14:30,799 --> 00:14:35,619 things without your knowledge or just explicitly by the framework. So, 304 00:14:36,239 --> 00:14:37,699 you know, one of those places is in the 305 00:14:38,359 --> 00:14:41,899 bootstrap, uh, app.php file, where you're- 306 00:14:41,899 --> 00:14:43,079 -Mm-hmm -... setting up all your routes and all 307 00:14:43,079 --> 00:14:48,939 those things. And if you use a then, uh, portion of the section there when you're 308 00:14:48,939 --> 00:14:53,059 defining those different routes, then you can apply middlewares there and things 309 00:14:53,059 --> 00:14:56,579 like that. You know, you can set up a new stack essentially. You have web, you have 310 00:14:56,579 --> 00:15:00,379 API, you have console, which are all getting set up. You have up, which is also 311 00:15:00,379 --> 00:15:02,199 another one that ships by default with Laravel 11. 312 00:15:02,999 --> 00:15:05,999 But if you have a then, you know, you might do something like development 313 00:15:05,999 --> 00:15:08,559 routes. Like, if you're in development, you will, then you'd bind these 314 00:15:08,559 --> 00:15:13,419 development routes, and you could put, uh, prefixes or middlewares on it in there. 315 00:15:13,419 --> 00:15:17,039 Uh, there was previously in, you know, previous versions where you had a, a route 316 00:15:17,039 --> 00:15:22,039 service provider or something like that, or the HTTP kernel, you could do things in 317 00:15:22,039 --> 00:15:23,899 -there as well when you'd register those- -Mm-hmm 318 00:15:23,899 --> 00:15:27,919 ... or when you'd bind those sorts of things. And so, it's not like it's only 319 00:15:27,919 --> 00:15:32,039 ever been that the routes file is the only place where middlewares are applied. I 320 00:15:32,039 --> 00:15:33,199 -mean, there's a web- -Right. 321 00:15:33,199 --> 00:15:35,539 There's a web stack that's applied by default. 322 00:15:35,539 --> 00:15:36,119 -Yeah, yeah. -So 323 00:15:36,999 --> 00:15:40,259 I get the argument that, like, if you can just go see the web.php, you can see 324 00:15:40,259 --> 00:15:43,699 everything on there, but it's not actually true. Like, there's... That's all the 325 00:15:43,699 --> 00:15:44,059 -things- -Mm-hmm 326 00:15:44,059 --> 00:15:46,439 ... that you would put on there, but it's definitely not all- 327 00:15:46,439 --> 00:15:47,739 -Yeah -... the things that are on there. 328 00:15:47,739 --> 00:15:50,539 -Yeah. -So, um, I would say that, like, as far as 329 00:15:50,539 --> 00:15:54,919 the user definitions are defined, I agree that the web.php is where you would go see 330 00:15:54,919 --> 00:15:59,179 all the user-defined things most of the time. Um, you do have to be a little bit 331 00:15:59,179 --> 00:16:02,399 careful if you're migrating from legacy applications, and that's the situation 332 00:16:02,399 --> 00:16:05,099 here. That's why we ran into this, is we've... You know, we've been on this 333 00:16:05,099 --> 00:16:09,119 since Laravel 4, and so this very particular application has been upgraded 334 00:16:09,119 --> 00:16:12,499 to 4, 5, 6, 7, 8, 9, 10, 11, 12. And so, 12- 335 00:16:12,499 --> 00:16:13,219 -Yeah -... is when it sort of- 336 00:16:13,219 --> 00:16:14,619 -Yeah -... dropped support for it and caused some 337 00:16:14,619 --> 00:16:20,119 issues for us. The one thing I will say that is helpful, and maybe the reason why, 338 00:16:20,119 --> 00:16:24,359 um, what you were talking about, is like if you wanted to resolve something out of 339 00:16:24,359 --> 00:16:27,919 the constructor in order to be able to apply that to a middleware or s- pass that 340 00:16:27,919 --> 00:16:31,419 in as something to the middleware, it's possible that at one point that was not 341 00:16:31,419 --> 00:16:34,819 available. But obviously now you can make your own middleware classes and things 342 00:16:34,819 --> 00:16:36,759 like that, so it's not a problem. Um, 343 00:16:37,539 --> 00:16:37,799 but 344 00:16:38,759 --> 00:16:42,859 if there is a middleware that you want to apply to every single method inside of 345 00:16:42,859 --> 00:16:43,679 that controller, 346 00:16:45,079 --> 00:16:49,139 it is possible for someone to miss that when they're defining a new route for that 347 00:16:49,139 --> 00:16:53,559 controller, right? Maybe they don't look and see the other places. Maybe that 348 00:16:53,559 --> 00:16:58,639 control... Maybe the, the locations where, uh, those are defined are not co-located. 349 00:16:58,639 --> 00:17:01,299 Maybe they're just adding a new one to the bottom of the list and they don't go 350 00:17:01,299 --> 00:17:05,939 find it. That controller middleware, uh, is not gonna be applied now. And so, 351 00:17:06,679 --> 00:17:11,239 that could be problematic. Now, that's... Maybe there's ways around that. Maybe you 352 00:17:11,239 --> 00:17:14,999 can put an architecture test in place. But that was the particular argument that I 353 00:17:14,999 --> 00:17:18,799 had, which was like, it's not necessarily all bad to be able to define it in the 354 00:17:18,799 --> 00:17:21,879 controller. I can see the arguments for why you maybe wouldn't, 355 00:17:22,519 --> 00:17:24,059 -but I don't think it's- -Mm-hmm 356 00:17:24,059 --> 00:17:26,999 ... I don't think it's that bad. I don't know. I don't know. 357 00:17:26,999 --> 00:17:27,319 Yeah. 358 00:17:27,999 --> 00:17:33,359 I'm just trying to look back on when, when it was actually... 'Cause there's nothing 359 00:17:33,359 --> 00:17:35,879 in the Laravel 12 upgrade guide that I can see 360 00:17:36,539 --> 00:17:38,399 that's obvious that says this has been 361 00:17:39,079 --> 00:17:40,279 removed. So... 362 00:17:41,139 --> 00:17:43,199 -All I know is it was throwing an error. -Controller middleware. 363 00:17:43,199 --> 00:17:44,099 -Yeah. -Oh no, it's still here. 364 00:17:44,099 --> 00:17:46,339 -It was throwing an error. -Controller middleware. 365 00:17:46,339 --> 00:17:47,819 -Go ahead. Yeah, maybe just- -Ouch 366 00:17:47,819 --> 00:17:52,739 -... maybe the way that we defined it. -Oh, you put it... Yeah. So used to be in 367 00:17:52,739 --> 00:17:54,319 a, um, 368 00:17:55,579 --> 00:18:01,219 cons- in the construct method, and now you can define it as a stat- a public static 369 00:18:01,219 --> 00:18:04,119 method that returns an array inside the controller. 370 00:18:04,119 --> 00:18:04,559 I got it. 371 00:18:05,459 --> 00:18:07,779 -So it's still able to be used- -And you, and you implement the has 372 00:18:07,779 --> 00:18:09,339 -middleware -... just not in the same way. Oh, I see. I 373 00:18:09,339 --> 00:18:09,879 -see. -Mm-hmm. 374 00:18:09,879 --> 00:18:12,419 Yep. Just not in the same way. Okay. Fair enough. 375 00:18:13,371 --> 00:18:16,931 Fair enough. Middleware may be assigned to the controller's routes in your routes 376 00:18:16,931 --> 00:18:20,451 file. You may find it convenient to specify middleware within your controller 377 00:18:20,451 --> 00:18:24,552 class. To do so, your controller should implement the HasMiddleware interface, 378 00:18:24,552 --> 00:18:28,811 which dictates that the controller should have a static middleware method. From this 379 00:18:28,811 --> 00:18:31,811 method, you may return an array of middleware that should be applied to the 380 00:18:31,811 --> 00:18:37,071 controller's actions, and you may also define ControllerMiddleware as closures- 381 00:18:37,071 --> 00:18:38,971 -Hmm, interesting -... which provides a convenient way to 382 00:18:38,971 --> 00:18:43,231 define an inline middleware without writing an entire middleware class. But it 383 00:18:43,231 --> 00:18:43,671 doesn't, 384 00:18:45,252 --> 00:18:49,471 doesn't really say why or when you would do this- 385 00:18:49,471 --> 00:18:51,811 -Sharp knives -... which I guess is... You know, sharp 386 00:18:51,811 --> 00:18:53,132 knives, right? Laravel 387 00:18:53,851 --> 00:18:59,992 provides many ways to do the same thing. I would, I would posit that doing it inside 388 00:18:59,992 --> 00:19:02,771 of the controller is potentially a less, 389 00:19:04,211 --> 00:19:04,671 um, 390 00:19:05,551 --> 00:19:06,292 what's the word? 391 00:19:07,171 --> 00:19:08,571 Like, a less conventional way of doing it. 392 00:19:08,571 --> 00:19:11,191 -I agree. I do agree with that. -But, you know, it's documented. Um, 393 00:19:12,291 --> 00:19:13,611 yeah. I don- I mean, 394 00:19:14,331 --> 00:19:18,711 yeah, i- for... I wouldn't do it in the controller for the same reason that I 395 00:19:18,711 --> 00:19:19,032 wouldn't, 396 00:19:19,812 --> 00:19:23,751 that I don't subscribe to, to doing route definitions inside of the controller. 397 00:19:23,751 --> 00:19:25,011 -And that's fair. -Um... 398 00:19:25,011 --> 00:19:29,072 I, I do get that. Yeah, and, and so it sounds like it's not necessarily... Th- 399 00:19:29,072 --> 00:19:32,892 the method by which we were using it is deprecated, but the, the idea itself- 400 00:19:32,892 --> 00:19:34,951 -Mm-hmm -... is still very much documented and 401 00:19:34,951 --> 00:19:39,012 relevant inside of Laravel. So, fair enough. I, I think that's, uh... You know, 402 00:19:39,012 --> 00:19:42,531 it's again, sharp knives, use them if you want to, uh, if you don't... If you cut 403 00:19:42,531 --> 00:19:42,951 -yourself- -Yeah 404 00:19:42,951 --> 00:19:45,231 ... don't complain, right? Just deal with it. So... 405 00:19:45,231 --> 00:19:45,451 Yeah. 406 00:19:46,111 --> 00:19:48,531 It's certainly like a top level documentation item. 407 00:19:48,531 --> 00:19:49,391 -Yeah. -Right? It's 408 00:19:50,012 --> 00:19:53,771 in, on this page, introduction, writing controllers, controller middleware. So 409 00:19:53,771 --> 00:19:56,911 it's not hidden. It's not one of those things that, like, gets pushed 410 00:19:57,531 --> 00:20:00,771 down the documentation until one day it disappears and then you know that it's... 411 00:20:01,371 --> 00:20:01,532 It, 412 00:20:02,171 --> 00:20:04,411 it likely won't ever be removed. 413 00:20:05,332 --> 00:20:08,711 Eh, in, you know, the way that Laravel typically handles deprecations, is just 414 00:20:08,711 --> 00:20:09,571 that at some point 415 00:20:10,371 --> 00:20:13,731 it's determined to be not the best practice or, you know, there's another way 416 00:20:13,731 --> 00:20:17,692 of doing it that's, that's more appropriate or more, uh, efficient or 417 00:20:17,692 --> 00:20:21,971 whatever else. And so the documented approach becomes the way to do things, and 418 00:20:21,971 --> 00:20:22,852 stuff that drops out 419 00:20:23,491 --> 00:20:28,231 might get deprecated eventually, you know, in two or three major releases time. But, 420 00:20:29,051 --> 00:20:34,171 um, it typically survives even though it's not documented. So it's still, still 421 00:20:34,171 --> 00:20:35,571 there as a top level thing. But 422 00:20:36,411 --> 00:20:40,671 yeah, I don't, I don't see where this... I, I'd have to dig to find out, you know, 423 00:20:40,671 --> 00:20:44,711 why you would do it in a constructor. Like, what, what was the documented reason 424 00:20:44,711 --> 00:20:45,751 -for doing it- -Yeah 425 00:20:45,751 --> 00:20:47,451 -... essentially? -Yeah. I, I don't even know if I could tell 426 00:20:47,451 --> 00:20:50,872 you in this case. I, I think it... This one is honestly just... It was like a 427 00:20:50,872 --> 00:20:54,452 authorization check to see if somebody had a particular role or something like that, 428 00:20:54,452 --> 00:20:55,811 -that's all it was. -Mm-hmm. Mm-hmm. 429 00:20:56,471 --> 00:21:00,011 Like, "Can they do this particular thing?" If they can't do this particular thing, 430 00:21:00,011 --> 00:21:03,531 then there's no reason for them to see the view, the update, the create, the delete. 431 00:21:03,531 --> 00:21:06,051 Th- they shouldn't be able to do any of that stuff, like, don't bother even- 432 00:21:06,051 --> 00:21:07,531 -Right -... doing a policy on it. There was... 433 00:21:07,531 --> 00:21:10,471 This was before policies were a thing. You just said, "At the controller level, 434 00:21:10,471 --> 00:21:14,212 don't bother, just abort. Before they ever do anything with it, just abort." 435 00:21:15,112 --> 00:21:16,651 Which brings me to my next question. 436 00:21:18,152 --> 00:21:22,491 Um, unless you have anything else you wanna talk about, which I... So, I've got 437 00:21:22,491 --> 00:21:24,112 -one more thing and that's- -No, no, go for it. 438 00:21:24,112 --> 00:21:26,571 -Okay. Okay. -Are you... You meant, you, you, you 439 00:21:26,571 --> 00:21:30,231 floated this, like you got in early with this one, so you've... It's obviously on 440 00:21:30,231 --> 00:21:30,872 -your mind- -It is 441 00:21:30,872 --> 00:21:33,091 -... so let's talk about- -Yes. Okay. So we talked about this with 442 00:21:33,091 --> 00:21:35,311 the other devs on the team earlier today. Okay. So 443 00:21:36,151 --> 00:21:41,212 I'm gonna try and set up the world for you a little bit and then we can chat. And I 444 00:21:41,212 --> 00:21:44,551 think you can help me point out maybe some p- some potential flaws, 445 00:21:45,151 --> 00:21:49,411 or maybe not flaws but pitfalls that I might be looking into or that I might need 446 00:21:49,411 --> 00:21:53,911 to investigate and/or better ways to structure this. Okay, so here it is. 447 00:21:53,911 --> 00:21:57,351 -Mm-hmm. -Let's say I have 20 apps, which I do, and 448 00:21:57,351 --> 00:22:02,071 let's say that each of those applications has, currently has their own roles. 449 00:22:02,671 --> 00:22:06,451 And the way that we're checking permissions or abilities inside of any of 450 00:22:06,451 --> 00:22:10,831 these locations and inside of any of these applications is only through checking of 451 00:22:10,831 --> 00:22:15,851 if a user has a role. Okay? So that is, that is the way that we've done it. Now, 452 00:22:15,851 --> 00:22:16,991 the problem with that 453 00:22:17,751 --> 00:22:22,751 is that the onl- if you only define roles, the only way to give somebody permission 454 00:22:22,751 --> 00:22:25,491 to do something is to assign them a role. 455 00:22:26,151 --> 00:22:27,051 Does this make sense? 456 00:22:28,051 --> 00:22:28,571 -So- -Mm-hmm. Yep 457 00:22:28,571 --> 00:22:31,811 ... if you have a person, let's say that there's a manager who's stepping out for a 458 00:22:31,811 --> 00:22:36,071 week and they have a person on their team who's like their number two, right, 459 00:22:36,071 --> 00:22:40,791 assistant to the regional manager if you will. And they need this , they need this 460 00:22:40,791 --> 00:22:46,951 user to sort of take their place, interim, uh, manager, uh, for a week. The only 461 00:22:46,951 --> 00:22:49,971 way, i- but they really only need them to do one part of their job, which is that 462 00:22:49,971 --> 00:22:53,411 they need to run this report every day and send it to the CEO. Let's say that's the 463 00:22:53,411 --> 00:22:53,671 -deal. -Yeah. 464 00:22:53,671 --> 00:22:54,831 Right? That's it. That's all they need to do. 465 00:22:55,551 --> 00:22:59,511 But because the only way to give them that permission is to assign them that role, 466 00:22:59,511 --> 00:23:02,831 in addition to getting the ability to run the report, they also get the ability to 467 00:23:02,831 --> 00:23:08,151 put in coaching entries or reprimand other peop- or s- read entries for other 468 00:23:08,151 --> 00:23:11,671 teams', um, employees or team members that are on that team, right? Not what you're 469 00:23:11,671 --> 00:23:13,871 -asking for, not what you're looking for. -No. 470 00:23:13,871 --> 00:23:18,331 Certainly, like, not a least privileged situation. And so what we're running into 471 00:23:18,331 --> 00:23:21,751 is that we have people who have permissions that they should never have 472 00:23:21,751 --> 00:23:25,571 just because they were given them temporarily and then they were never 473 00:23:25,571 --> 00:23:29,351 removed. Right? So the only way that we can catch this is if we do these audits, 474 00:23:29,351 --> 00:23:32,311 which we end up doing, but it's a big pain in the neck. And there are ways, there 475 00:23:32,311 --> 00:23:34,731 are better ways to do this. So, 476 00:23:35,831 --> 00:23:40,031 I'm gonna ex- I'll explain to you sort of our proposition and then I'll continue to 477 00:23:40,031 --> 00:23:43,711 kinda go through how we wanna manage it. The proposition is in any place where we 478 00:23:43,711 --> 00:23:48,291 have a HasRoleCheck, we're gonna remove that HasRoleCheck and we're going to name 479 00:23:48,291 --> 00:23:53,231 the thing that they're trying to do at that check. So, instead of 480 00:23:54,091 --> 00:23:59,911 HasRole, we're going to s- HasRoleManager, we're gonna say CanRunReports. In that 481 00:23:59,911 --> 00:24:03,631 spot, that one spot where they check to see if they ha- if they're a manager. 482 00:24:03,631 --> 00:24:06,591 Instead we're going to say name that thing that they're trying to do, they're trying 483 00:24:06,591 --> 00:24:11,971 to run a report, and then we're going to ask the question User CanRunReports. 484 00:24:11,971 --> 00:24:15,791 Right? Okay. So we're going to change it from a role to a permission or ability. 485 00:24:15,791 --> 00:24:19,271 Permission and ability are the same word, essentially. Which do you prefer? 486 00:24:22,115 --> 00:24:28,635 Mm-hmm. I I think the, the general advice, like the 90%, 95% use case, is to assign 487 00:24:28,635 --> 00:24:30,856 -roles and check permissions. -Okay. Permissions. 488 00:24:30,856 --> 00:24:34,575 It's certainly the way that, that we operate, is that we will always check that 489 00:24:34,575 --> 00:24:37,415 -the user can do something. -Yeah. Okay. 490 00:24:37,415 --> 00:24:38,435 We would never... Well, 491 00:24:39,155 --> 00:24:45,435 I say never. In our modern stuff , in our new stuff, it's always a permission check. 492 00:24:45,435 --> 00:24:45,995 Okay. 493 00:24:45,995 --> 00:24:51,315 Uh, or a policy check or whatever else. Previously, in our old code, it w- it was 494 00:24:51,315 --> 00:24:53,276 -base... Like, we would assign roles. -Yeah. Yeah. 495 00:24:53,276 --> 00:24:56,915 We had a permissions table, but p- but permissions were never implemented, so it 496 00:24:56,915 --> 00:25:00,195 was always like, "Is... Does this user have a role?" 497 00:25:00,195 --> 00:25:01,515 -Yeah. -We would always check are they an admin, 498 00:25:01,515 --> 00:25:02,215 -are they a manager. -Yep. 499 00:25:02,215 --> 00:25:07,175 Are they a group manager. We had, um... And, and like you say, that then means 500 00:25:07,175 --> 00:25:10,235 that that person has access to everything 501 00:25:11,195 --> 00:25:13,216 that that role enables them, 502 00:25:13,915 --> 00:25:19,155 um, whereas you want, typically, I think, your permissions to be as granular as 503 00:25:19,155 --> 00:25:19,655 possible. 504 00:25:20,455 --> 00:25:25,055 Yes. The... Yes, correct. I agree with all of that. Um, my question specifically is, 505 00:25:25,055 --> 00:25:28,635 when we're talking about that, you're using the word permissions to talk about a 506 00:25:28,635 --> 00:25:32,415 granular level thing that they can do. Another word that I've heard used for that 507 00:25:32,415 --> 00:25:34,575 -is ability. So, my question is- -Mm-hmm 508 00:25:34,575 --> 00:25:37,675 ... for the remainder of our discussion, would you prefer me call them permissions 509 00:25:37,675 --> 00:25:38,475 or abilities? 510 00:25:41,155 --> 00:25:44,075 It depends on what you... If you're just using Lyro stuff, I'd call them 511 00:25:44,075 --> 00:25:46,755 -permissions. -Okay. So, yeah, permissions. And that's 512 00:25:46,755 --> 00:25:48,175 -what my guys sort of said too. They said- -And you- 513 00:25:48,175 --> 00:25:50,815 ... "Oh, we like to call them permissions instead of abilities." 'Cause I've called 514 00:25:50,815 --> 00:25:51,415 -them abilities- -Yeah 515 00:25:51,415 --> 00:25:52,995 ... in the past, and I th- we can call them- 516 00:25:52,995 --> 00:25:53,755 -Yeah -... permissions. That's fine. 517 00:25:53,755 --> 00:25:56,015 -It's a bit... Like, I think bouncer? -Yes. 518 00:25:56,015 --> 00:25:57,275 'Cause I know you've used bouncer in the past. 519 00:25:57,275 --> 00:25:57,715 Well that, well that's because of abilities. 520 00:25:57,715 --> 00:25:59,195 Bouncer refers to the roles and abilities. 521 00:25:59,195 --> 00:26:01,975 -Yeah. Yeah. -Yeah, right. Um, I think... How would you 522 00:26:01,975 --> 00:26:03,255 -think about this? -And then there are no permissions, we're 523 00:26:03,255 --> 00:26:04,515 first giving out permissions. 524 00:26:05,755 --> 00:26:06,055 Yeah. 525 00:26:06,855 --> 00:26:10,495 Like, you have permission to do something, but you have the ability 526 00:26:12,135 --> 00:26:12,595 to 527 00:26:14,395 --> 00:26:17,035 -enact that, that something, right? -Yeah. Yeah. 528 00:26:17,035 --> 00:26:20,475 So, I think it depends on which way you're looking at... You know, is the user 529 00:26:21,255 --> 00:26:25,175 the one that... You know, does the user have the ability to do this thing? 530 00:26:26,935 --> 00:26:29,055 -It- -I know. They're, they're synonymous. 531 00:26:29,055 --> 00:26:30,515 -The user has the ability- -They're synonymous. Yeah. 532 00:26:30,515 --> 00:26:32,075 Or does the user have the permission? Yeah. 533 00:26:32,075 --> 00:26:34,955 Yeah. And so, I'm just trying to establish, like, uh, the domain language 534 00:26:34,955 --> 00:26:38,255 for our team, like, whether we're gonna be using the word ability, permission. I've 535 00:26:38,255 --> 00:26:39,315 -used the word ability- -Yeah 536 00:26:39,315 --> 00:26:40,695 ... but I think we're switching over to using the word permission. 537 00:26:40,695 --> 00:26:43,355 Sounds like if the rest of your... Yeah, I was gonna say, it sounds like if the rest 538 00:26:43,355 --> 00:26:43,795 -of your team- -Yeah 539 00:26:43,795 --> 00:26:45,675 -... is using permission- -Yeah, that's the word that they would like 540 00:26:45,675 --> 00:26:47,175 -to use -... then, then you're using permission. 541 00:26:47,175 --> 00:26:50,195 -Agreed. -Um, and like I said, I, I think the, the 542 00:26:50,195 --> 00:26:50,595 fact that 543 00:26:51,295 --> 00:26:54,235 ability is in your head is probably owing to the fact that you used- 544 00:26:54,235 --> 00:26:55,735 -100% -... that you've used bouncer in the past 545 00:26:55,735 --> 00:26:56,795 -as well. -Yes, it is. 546 00:26:56,795 --> 00:26:59,315 But, like, the Sparcy, Sparcy has a permissions package. 547 00:26:59,315 --> 00:27:01,095 -Yeah. -I think generally when people speak about 548 00:27:01,095 --> 00:27:04,975 -it, it's permission rather than... Yeah. -Yeah. Okay. So, 549 00:27:05,835 --> 00:27:09,275 we've got permissions, right? In every spot where we're doing the HasRole, we're 550 00:27:09,275 --> 00:27:12,995 going to check, uh... Instead of HasRole, we're gonna say HasPermission essentially. 551 00:27:12,995 --> 00:27:17,435 Think about it that way, right? So, we're gonna make everything very granular, and 552 00:27:17,435 --> 00:27:20,935 so our application will check for permissions. Now, 553 00:27:21,675 --> 00:27:27,295 the second part of this is imagine that across those 20 apps, you know, every app 554 00:27:27,295 --> 00:27:31,875 has its own set of permissions that, that are a part of that, right? 555 00:27:32,715 --> 00:27:33,475 -Now- -Mm-hmm 556 00:27:33,475 --> 00:27:38,915 ... who manages those permissions is the question. Who gets to manage those? Well, 557 00:27:38,915 --> 00:27:43,895 I will tell you, my preference is that I never ever manage those. I want my team to 558 00:27:43,895 --> 00:27:49,275 write the code that enables people who have that permission to do that thing. 559 00:27:49,275 --> 00:27:50,955 -That's what I want my team to do. -Mm-hmm. 560 00:27:50,955 --> 00:27:55,435 But I do not want my team to manage permissions. I want the IT staff to do 561 00:27:55,435 --> 00:27:55,735 that. 562 00:27:56,395 --> 00:27:56,995 -Um- -Right 563 00:27:56,995 --> 00:27:57,255 ... and 564 00:27:58,115 --> 00:27:58,595 for them, 565 00:27:59,375 --> 00:28:02,355 even only in a limited capacity. So, um, 566 00:28:03,075 --> 00:28:07,855 what I would like to have happen then is if you can think of a 567 00:28:08,515 --> 00:28:11,835 different application... So you have these 20 applications that live on the bottom 568 00:28:11,835 --> 00:28:14,795 level there, and all those le- all those are doing is they're checking for 569 00:28:14,795 --> 00:28:16,355 abilities. So, there is essentially no, 570 00:28:17,195 --> 00:28:21,975 no concept of roles anymore in those. We're gonna rip those out of that 571 00:28:21,975 --> 00:28:27,255 application. No roles anymore. It's just permission checks. We're gonna go up a 572 00:28:27,255 --> 00:28:31,255 layer, and now you're gonna have an application, uh, one layer above that 573 00:28:31,255 --> 00:28:33,355 knows about all the different applications 574 00:28:34,095 --> 00:28:38,975 and then knows about all the different roles in those applications, and then 575 00:28:38,975 --> 00:28:42,915 groups together different permissions for those particular roles. 576 00:28:44,515 --> 00:28:45,615 -Mm-hmm. -Does that make sense? Now, that 577 00:28:45,615 --> 00:28:49,995 application that sits above that is active directory, essentially, is the idea, 578 00:28:49,995 --> 00:28:51,315 -right? -It's exactly what that is. Yeah. 579 00:28:51,315 --> 00:28:54,635 I mean, that's what it is. And so, and so what we're thinking is, like, why reinvent 580 00:28:54,635 --> 00:28:58,275 the wheel on that? E- essentially what we do is we have a user, 581 00:28:58,895 --> 00:29:03,035 and that user will have a job function, which is essentially their job title, 582 00:29:03,035 --> 00:29:06,655 right? So if I have a banking manager, 583 00:29:07,475 --> 00:29:12,795 um, that banking manager is going to have specific permissions inside of each of 584 00:29:12,795 --> 00:29:17,555 those 20 different applications, right? Inside of some of those applications, they 585 00:29:17,555 --> 00:29:22,755 may have a role of manager. So, like in the case of, like, coaching, right? 586 00:29:23,735 --> 00:29:25,995 -Mm-hmm. -Because they're a manager, they're going 587 00:29:25,995 --> 00:29:30,735 to have likely a coaching manager role inside that application, but the 588 00:29:30,735 --> 00:29:34,655 application doesn't know anything about that. All it knows about at the end of the 589 00:29:34,655 --> 00:29:38,515 day is which permissions that user was granted when they come in. 590 00:29:39,215 --> 00:29:43,255 The way that this will be structured then in Active Directory is you will have a 591 00:29:43,255 --> 00:29:43,915 coaching_, 592 00:29:45,155 --> 00:29:50,375 so it's actually namespaced in Active Directory. App_coaching, which is the name 593 00:29:50,375 --> 00:29:53,795 of the app, _role or ability. So, 594 00:29:54,435 --> 00:29:58,975 app_coaching_manager. That's the role, right? 595 00:29:58,975 --> 00:30:01,575 -Mm-hmm. Mm-hmm. -And then nested underneath that 596 00:30:02,375 --> 00:30:07,455 would be additional security groups that would apply to that particular role, 597 00:30:07,455 --> 00:30:11,535 right? So app_coaching can add new coaching log. 598 00:30:12,335 --> 00:30:13,675 App_coaching- 599 00:30:14,275 --> 00:30:15,795 -Yep -... can run coaching reports. 600 00:30:16,475 --> 00:30:20,915 And those abilities may only live under app coaching manager, but they also may 601 00:30:20,915 --> 00:30:26,656 run under... May live under app coaching admin.Right? So those abilities have 602 00:30:26,656 --> 00:30:29,795 basically a one-to-many relationship between- 603 00:30:29,795 --> 00:30:32,715 -Mm-hmm -... those, uh, those different security 604 00:30:32,715 --> 00:30:37,095 groups. Okay? And then each user would get assigned to one of those security roles. 605 00:30:37,095 --> 00:30:39,935 Okay. The reason why that's all important is because 606 00:30:40,535 --> 00:30:44,775 when a user is created in the system, they will get a single 607 00:30:45,496 --> 00:30:46,116 set of 608 00:30:47,715 --> 00:30:51,115 roles. That's it, that's what they get. They get the ones that belong to their 609 00:30:51,115 --> 00:30:53,655 particular job function and nothing else. 610 00:30:54,475 --> 00:30:55,635 -So if- -Mm-hmm 611 00:30:55,635 --> 00:30:59,356 ... that user that was previously mentioned needs to take over for their 612 00:30:59,356 --> 00:31:02,176 manager for a week to run that report, 613 00:31:03,035 --> 00:31:05,336 instead of giving them 614 00:31:06,016 --> 00:31:12,695 app_coaching_runreport, or sorry, a- app_coaching_manager, they would get the 615 00:31:12,695 --> 00:31:17,595 ability of app_coaching_cannrunreport. They would get that single ability rather 616 00:31:17,595 --> 00:31:20,435 than the manager role. Now here's the really interesting thing. 617 00:31:21,875 --> 00:31:26,155 We are going to say that anybody who needs an additional permission outside of the 618 00:31:26,155 --> 00:31:31,535 ones that apply to their specific role, they only get a lease on that permission. 619 00:31:33,515 --> 00:31:34,775 -Yeah. -Does that make sense? So it's- 620 00:31:34,775 --> 00:31:37,075 -Yep -... expiring, meaning that they can ask 621 00:31:37,075 --> 00:31:42,555 for it for a period of time, and then after that, it goes away. It gets removed- 622 00:31:42,555 --> 00:31:42,675 Yeah 623 00:31:42,675 --> 00:31:43,775 -... from their user- -Yeah 624 00:31:43,775 --> 00:31:46,835 ... so that we don't end up with this mess of what we're talking about, where a user 625 00:31:46,835 --> 00:31:50,435 gets a permission and it just is signed forever. So you have somebody who started 626 00:31:50,435 --> 00:31:53,655 in one team and they've moved three times, and now they have inherited permissions 627 00:31:53,655 --> 00:31:55,675 for every single team they've ever been on. 628 00:31:55,675 --> 00:31:58,015 -Yeah. Mm-hmm. -Which is a freaking disaster mess. 629 00:31:58,655 --> 00:31:59,615 -Um- -Yeah 630 00:31:59,615 --> 00:32:02,855 ... and it's really unclear what they actually still need and what they don't 631 00:32:02,855 --> 00:32:04,035 -because they were never removed. -Mm-hmm. 632 00:32:05,075 --> 00:32:05,415 -Yeah. -And so 633 00:32:06,015 --> 00:32:07,715 that's the big picture of what we're trying to- 634 00:32:07,715 --> 00:32:08,975 -So- -... accomplish. Yeah. 635 00:32:09,855 --> 00:32:14,835 Mm-hmm. So are these, the expiring permissions, are they being managed inside 636 00:32:14,835 --> 00:32:19,255 of Active Directory, or are you doing that, like some scheduled task that goes 637 00:32:19,255 --> 00:32:23,075 through and, and cleans up these permissions where expiry date is in the 638 00:32:23,075 --> 00:32:25,355 -past? -Yeah, you got it. And so it's actually a 639 00:32:25,355 --> 00:32:28,915 little bit silly. We're using AD LDAP, so Active Directory- 640 00:32:28,915 --> 00:32:31,275 -Mm-hmm -... L- LDAP. What is, uh, listing 641 00:32:31,275 --> 00:32:33,855 directory? I don't know. It's, like, that protocol basically that lets you- 642 00:32:33,855 --> 00:32:35,375 -Yeah, yeah, yeah -... talk to those things. 643 00:32:35,375 --> 00:32:37,315 -Yeah. -And what we do is when somebody wants an 644 00:32:37,315 --> 00:32:40,775 additional permission, we can say, "Okay, they want..." You know, select the 645 00:32:40,775 --> 00:32:43,355 application you're trying to get permissions for. Coaching. "All right, 646 00:32:43,355 --> 00:32:47,355 here are all the ab- roles and the abilities that are available for you to 647 00:32:47,355 --> 00:32:51,475 lease." "Okay, I want to be able to run the report." "Okay. When does it, when 648 00:32:51,475 --> 00:32:55,555 does it expire?" "It expires in, in a week." And then they say, "Okay, request." 649 00:32:55,555 --> 00:32:59,715 Their manager has to look at it, approve it, and once their manager approves it, it 650 00:32:59,715 --> 00:33:00,115 will then 651 00:33:00,775 --> 00:33:07,655 send that off to our auth application, and then that thing actually adds that, uh, 652 00:33:07,655 --> 00:33:08,135 group... 653 00:33:09,115 --> 00:33:10,375 -Uh, sorry, adds that user- -Mm-hmm 654 00:33:10,375 --> 00:33:13,555 -... sorry, to that group. -Yeah. 655 00:33:13,555 --> 00:33:14,055 And then 656 00:33:14,715 --> 00:33:19,755 it will, you know, check the end date every day at 7:00 AM, and when the end day 657 00:33:19,755 --> 00:33:23,695 hits, it will remove that user from that group. And then when they log in the next 658 00:33:23,695 --> 00:33:28,275 time, it will look at the AD groups that they are a part of and it will remove the 659 00:33:28,275 --> 00:33:31,255 ability that they previously had, uh, when they logged in- 660 00:33:31,255 --> 00:33:32,035 -Right -... last time. 661 00:33:32,035 --> 00:33:34,015 -Mm-hmm. -So that's the idea. Now the, the big 662 00:33:34,015 --> 00:33:37,915 challenges that I'm running into here is that this top level app, 663 00:33:38,535 --> 00:33:41,735 uh, that's going to help manage all these things has to be aware of all the 664 00:33:41,735 --> 00:33:45,115 different mappings that I have for these abilities inside of all these different 665 00:33:45,115 --> 00:33:47,375 -applications, which is- -Yeah 666 00:33:47,375 --> 00:33:52,355 ... that is the pain, but I don't really know of a better way to do it if I don't 667 00:33:52,355 --> 00:33:52,675 -want- -Yeah 668 00:33:52,675 --> 00:33:53,755 ... my team to manage it. 669 00:33:55,215 --> 00:33:57,595 Yeah. And it also means that anytime you add a permission 670 00:33:58,215 --> 00:33:59,775 somewhere, you've gotta do it in two places. 671 00:33:59,775 --> 00:34:01,335 -Yes, correct. -You've gotta do it in the app, and you've 672 00:34:01,335 --> 00:34:03,195 -gotta do it in the- -Active Directory 673 00:34:03,195 --> 00:34:04,195 -... the overseer- -Yeah 674 00:34:04,195 --> 00:34:04,995 -... as well. -Yeah. 675 00:34:04,995 --> 00:34:05,115 Yeah. 676 00:34:06,995 --> 00:34:12,255 But yeah, I mean, and, and expiring permission is a good way to, to deal with 677 00:34:12,255 --> 00:34:14,735 it, I think, especially from a compliance perspective. 678 00:34:14,735 --> 00:34:16,455 -Yeah, exactly. -You know, no one should have access to 679 00:34:16,455 --> 00:34:18,215 things that they shouldn't have access to, so having that- 680 00:34:18,215 --> 00:34:20,075 -And we can see when they requested it -... That's amazing. And it's like... 681 00:34:20,875 --> 00:34:24,295 Yeah. Yeah, if you're keeping audit trail of it, that's, that's gonna be helpful for 682 00:34:24,295 --> 00:34:27,555 that kind of stuff as well, 'cause you know that no one's got access to anything 683 00:34:27,555 --> 00:34:31,535 that they shouldn't. And if they do, you know, they shouldn't typically have access 684 00:34:31,535 --> 00:34:34,995 to it. You know when they requested it, when it was approved, by who, and when it 685 00:34:34,995 --> 00:34:37,455 was removed. And, um, 686 00:34:39,195 --> 00:34:42,595 yeah, I mean, it's no different to how when you create GitHub tokens and things 687 00:34:42,595 --> 00:34:46,215 like that, you can request for it to be, you know, seven days or 30 days or 90 days 688 00:34:46,215 --> 00:34:50,495 or, or, or unlimited. And as much as it annoys me every 30 days to have to, to 689 00:34:50,495 --> 00:34:51,575 -roll a token- -I know, right 690 00:34:51,575 --> 00:34:55,535 ... I think probably having a, a 30 day token is, is still the, the correct answer 691 00:34:55,535 --> 00:34:56,315 for most things. 692 00:34:57,115 --> 00:34:59,675 -Yeah, there's, um, the- -Spreaker. Spreaker on the pitch. 693 00:34:59,675 --> 00:35:00,475 Yeah. Oh, he's 694 00:35:01,095 --> 00:35:01,395 ... 695 00:35:02,055 --> 00:35:02,135 He- 696 00:35:02,815 --> 00:35:06,275 he's got his, uh, he's got his pajamas on. Harrison, you wanna say hi 697 00:35:07,675 --> 00:35:09,715 real quick? Come here. Come here. Yeah, that's fine. 698 00:35:09,715 --> 00:35:12,555 -The baby of the bunch. -Har- come say hi here. Hold on. Hold on. 699 00:35:12,555 --> 00:35:13,415 Let me put your head phone. 700 00:35:14,395 --> 00:35:16,395 -Look at him. -Say, say hey, Michael. 701 00:35:16,395 --> 00:35:17,335 Hi, Michael. So big. 702 00:35:18,495 --> 00:35:19,355 Hey, man. How you doing? 703 00:35:20,215 --> 00:35:20,235 He's s- 704 00:35:20,875 --> 00:35:22,955 -He's doing good. -I remember the, the last time I saw him 705 00:35:22,955 --> 00:35:25,275 was teeny tiny in a pram 706 00:35:25,955 --> 00:35:26,695 in New York. 707 00:35:27,355 --> 00:35:30,135 -That's how long ago that was. -Oh, that's right. Dude, that was Laracon. 708 00:35:30,135 --> 00:35:31,075 -No, look at him. -Harrison, you were in Laracon. 709 00:35:31,075 --> 00:35:32,575 -Yeah. -You were at Laracon with us at eight weeks 710 00:35:32,575 --> 00:35:33,235 old, remember? 711 00:35:34,515 --> 00:35:35,175 You don't remember. 712 00:35:36,095 --> 00:35:38,395 -I don't remember. -No, he don't remember. All right, say, 713 00:35:38,395 --> 00:35:39,175 say, "Hello world." 714 00:35:40,135 --> 00:35:41,455 Say it l- nice and loud to everybody. 715 00:35:42,155 --> 00:35:43,775 Hello world. 716 00:35:45,195 --> 00:35:46,615 -There he is. -I love the eye roll. Sorry. 717 00:35:46,615 --> 00:35:47,435 Sorry. Bye, Harry. 718 00:35:48,595 --> 00:35:48,875 Um, 719 00:35:49,595 --> 00:35:54,075 so, uh, yeah, what was the last thing I was gonna s- oh, here's the other piece of 720 00:35:54,075 --> 00:35:55,535 this which is really interesting, I think. 721 00:35:56,135 --> 00:35:57,315 Um, if, so 722 00:35:57,935 --> 00:36:02,435 when a permission is about to expire, we can send an email out and say, "Hey, you 723 00:36:02,435 --> 00:36:05,815 have this permission which is about to expire. If you need to extend your lease 724 00:36:05,815 --> 00:36:06,535 -on it- -Mm-hmm 725 00:36:06,535 --> 00:36:10,235 ... you can request, uh, an extension here." And they could click it. It could 726 00:36:10,235 --> 00:36:10,475 -fire- -Yeah 727 00:36:10,475 --> 00:36:13,155 ... off that extension request, and then their manager could approve it again, and 728 00:36:13,155 --> 00:36:17,175 then it could happen. Right. So I think it re- and so what that allows essentially, 729 00:36:17,175 --> 00:36:20,875 is that allows me to not only actually remove the burden from my software 730 00:36:20,875 --> 00:36:24,875 development team, it actually also removes the ability of my IT guys to get 731 00:36:24,875 --> 00:36:26,955 involved. They'll have to add new permissions- 732 00:36:26,955 --> 00:36:29,135 -Mm-hmm -... but they should never really have to 733 00:36:29,135 --> 00:36:33,555 get involved in the modifying of permissions outside of- 734 00:36:33,555 --> 00:36:35,255 -Yeah -... if we need to add a default permission 735 00:36:35,255 --> 00:36:41,423 to a particular job function or job role. Right? Um...So it'll be a little bit of 736 00:36:41,423 --> 00:36:44,803 like a hand in glove situation where we do need to work closely with them on some of 737 00:36:44,803 --> 00:36:48,484 those things. But as it is right now, it's sort of a pain the neck because 738 00:36:48,484 --> 00:36:51,663 they'll have to message one of the software devs and be like, "Hey, somebody 739 00:36:51,663 --> 00:36:54,904 said they need to run that report. What role do they need?" That's, that's... 740 00:36:54,904 --> 00:36:56,484 'Cause there's, it's not transparent to them at all- 741 00:36:56,484 --> 00:36:58,723 -Yeah -... what, what roles are needed for what 742 00:36:58,723 --> 00:37:00,123 particular abilities. And so 743 00:37:00,864 --> 00:37:03,663 it's just we're trading problems, and I think it's a better solution. 744 00:37:03,663 --> 00:37:03,964 Yeah. 745 00:37:04,944 --> 00:37:07,043 -So. -So two, two things that I just thought of. 746 00:37:07,043 --> 00:37:12,823 Number one, um, how easy are you making it? So if I have to go and request 747 00:37:12,823 --> 00:37:17,183 permission to do some report, is it fairly obvious that I'm like, "This is the 748 00:37:17,183 --> 00:37:18,243 permission that I want"? 749 00:37:18,884 --> 00:37:21,303 -Right. Like- -Are you naming them in such a way? 'Cause- 750 00:37:21,303 --> 00:37:21,944 Yeah 751 00:37:21,944 --> 00:37:26,603 ... most, most permission stuff would be transparent to... I mean, maybe managers 752 00:37:26,603 --> 00:37:30,403 know what the permissions are. You know, there would be some level of knowledge 753 00:37:30,403 --> 00:37:34,283 there depending on their technical skill. But for most, most workers, I would 754 00:37:34,283 --> 00:37:36,364 imagine that they don't know what they're asking for. 755 00:37:36,364 --> 00:37:40,563 That's agreed. That- that's true. And I think right now, it's completely obli- n- 756 00:37:40,563 --> 00:37:42,763 -nobody knows. There's no good catalog- -Yeah 757 00:37:42,763 --> 00:37:46,523 ... of abilities, right? And so what we would have to do as part of this is we'd 758 00:37:46,523 --> 00:37:49,543 have to... You know, we'd give it a good name, and we've got a convention that 759 00:37:49,543 --> 00:37:52,063 we're using to convert the abilities, um, 760 00:37:52,883 --> 00:37:58,943 to good named AD security objects. And then we need to give good definitions to 761 00:37:58,943 --> 00:38:00,943 them as well. A- and so that'll be part of- 762 00:38:00,943 --> 00:38:02,663 -Yeah -... the process of converting these over, 763 00:38:02,663 --> 00:38:06,603 is just making sure that we give good descriptions of what they are. And then 764 00:38:06,603 --> 00:38:10,663 we'll probably have to do something like a package, honestly, something that's going 765 00:38:10,663 --> 00:38:14,563 to help to coordinate the different abilities between the different 766 00:38:14,563 --> 00:38:20,323 applications. Or we'll have to create an endpoint that lives on these applications 767 00:38:20,323 --> 00:38:24,683 where they can be hit and queried, and then they can return back those, those 768 00:38:24,683 --> 00:38:26,903 pieces of data. 'Cause I really don't wanna have to 769 00:38:27,703 --> 00:38:28,583 update... 770 00:38:29,523 --> 00:38:31,943 I- I don't wanna have to update a package every time I wanna add a new ability. I 771 00:38:31,943 --> 00:38:33,643 -don't wanna have to do that. And so- -Right 772 00:38:33,643 --> 00:38:36,603 ... I think if we just created an endpoint that was like, "Hey, give me all the 773 00:38:36,603 --> 00:38:40,803 different ability. Give me, give me your permissions catalog," and it could, it 774 00:38:40,803 --> 00:38:45,403 could say what those are, then we can just essentially advertise that and, you know, 775 00:38:45,403 --> 00:38:49,803 use an API token, go grab the abilities, uh, the abilities catalog, and then, um, 776 00:38:51,103 --> 00:38:53,963 push those into a config item or something like that. You know what I mean? I'm not 777 00:38:53,963 --> 00:38:54,303 -using the- -Yeah 778 00:38:54,303 --> 00:38:55,043 -... right wording here, but that- -Yeah 779 00:38:55,043 --> 00:38:57,063 ... that would be the idea. So yeah, that, I think- 780 00:38:57,063 --> 00:38:58,083 -Yeah -... that would be how you'd do it. You 781 00:38:58,083 --> 00:39:00,943 would try and make it as obvious as we could. So that was, that was number one. 782 00:39:00,943 --> 00:39:01,223 Yeah. 783 00:39:02,363 --> 00:39:04,923 -And you had number two. -Um, I think the, the other thing, the 784 00:39:04,923 --> 00:39:09,603 other thing was, you know, if, if you needed to request an extension... I mean, 785 00:39:09,603 --> 00:39:10,863 you, you said at the top that 786 00:39:12,143 --> 00:39:15,783 people would be asking for permission to do something because their manager is 787 00:39:15,783 --> 00:39:17,443 -going to be away. So if they need- -Ah 788 00:39:17,443 --> 00:39:19,823 ... to extend that, who's, who's approving that? 789 00:39:19,823 --> 00:39:21,643 -Yeah, no. -Because the manager's obviously, you know, 790 00:39:21,643 --> 00:39:23,663 -away for a bit longer, so there's- -That's a good- 791 00:39:23,663 --> 00:39:26,043 -... that's something to consider as well. -That's a good question. Um- 792 00:39:26,043 --> 00:39:27,563 Like, someone would have to approve it, 793 00:39:28,203 --> 00:39:29,063 -um- -Yeah 794 00:39:29,063 --> 00:39:32,063 ... and they would probably... Like, I would, I would say that that is more the 795 00:39:32,063 --> 00:39:36,043 exception than the norm, where maybe, you know, your team or IT would have to step 796 00:39:36,043 --> 00:39:36,383 -in and go- -Yes 797 00:39:36,383 --> 00:39:37,363 ... "Well, they had it." 798 00:39:38,183 --> 00:39:39,963 Yeah, typically, that, that has happened before. 799 00:39:39,963 --> 00:39:41,703 -But then you'd have- -Yeah, where, where we would have somebody 800 00:39:41,703 --> 00:39:44,003 -who's away- -And I think you would probably have some 801 00:39:44,003 --> 00:39:45,423 -rules around that as well. -Yeah. 802 00:39:45,423 --> 00:39:49,883 Like, you can only request one extension, or the extension can only be for two days 803 00:39:49,883 --> 00:39:50,943 -or something like that. -Yeah. 804 00:39:50,943 --> 00:39:54,863 And we did a, we did a similar kind of thing with, 805 00:39:55,823 --> 00:40:00,303 um, like invoices. When you've got an overdue invoice, you can request an 806 00:40:00,303 --> 00:40:04,283 extension. And so the, the frontline staff would have permission to request an 807 00:40:04,283 --> 00:40:07,643 extension, and there'd be, there was a series of rules. Like, you could, you 808 00:40:07,643 --> 00:40:12,243 could ask for s- uh, 14 days or seven days, but you could only ask for each 809 00:40:12,243 --> 00:40:16,303 once. So initially, you'd get like a 14-day buffer. And then if you had already 810 00:40:16,303 --> 00:40:19,943 asked for 14 days, you could only ask for a seven-day extension from there. 811 00:40:20,583 --> 00:40:23,843 And then there was like... that was it. And that was, like, enforcing business 812 00:40:23,843 --> 00:40:28,163 rules ar- around those kinds of things. Because there's also this expectation of, 813 00:40:28,163 --> 00:40:32,323 um... This was in telecommunications, so there's, there's a whole code of practice 814 00:40:32,323 --> 00:40:34,363 around, um, not 815 00:40:35,303 --> 00:40:38,283 l- allowing customers to get, you know, dig themselves into debt- 816 00:40:38,283 --> 00:40:40,143 -Yeah, yeah -... over these kinds of things that, you 817 00:40:40,143 --> 00:40:43,643 know, you would have to, you'd have to cut them off. You wouldn't be able to keep 818 00:40:43,643 --> 00:40:46,283 extending them so that you didn't keep charging them for a service that they 819 00:40:46,283 --> 00:40:47,463 -clearly can't pay for or- -Yeah 820 00:40:47,463 --> 00:40:49,343 ... or had no interest in paying for. So, 821 00:40:49,943 --> 00:40:53,523 um, yeah, maybe something like that where, you know, you get one, 822 00:40:54,583 --> 00:40:58,743 one, um, bump. You know, it gives you an extra three days or something. 823 00:40:59,543 --> 00:41:02,663 And then beyond that, you have to ask for a whole new thing. 824 00:41:02,663 --> 00:41:03,543 -Yeah. -Um, 825 00:41:04,323 --> 00:41:08,743 that, you know... Yeah, w- what that looks like for, for your organization and, and 826 00:41:08,743 --> 00:41:12,463 how you implement that or what the, what the business rules around that is, 827 00:41:13,423 --> 00:41:16,943 you know, up to, up to you guys. But it might be one approach that, that could be 828 00:41:16,943 --> 00:41:19,683 -suitable. -It's a good idea to have a maximum number 829 00:41:19,683 --> 00:41:23,663 of, um, extensions that you could do though. I think that's a great idea. It's 830 00:41:23,663 --> 00:41:24,223 -not something- -Right 831 00:41:24,223 --> 00:41:27,003 ... I'd thought of before. 'Cause yeah, otherwise you could just have somebody 832 00:41:27,003 --> 00:41:29,863 continue to request extensions and just kind of go that way. And- 833 00:41:29,863 --> 00:41:31,423 -Mm-hmm -... that does defeat the purpose a little 834 00:41:31,423 --> 00:41:33,663 bit, especially if we have, like, long-term leases. 835 00:41:33,663 --> 00:41:37,083 You could ask for a new... Yeah, but you could, you could ask for a new- 836 00:41:37,083 --> 00:41:37,883 -Correct -... extension. 837 00:41:37,883 --> 00:41:41,463 -Yes. Absolutely. Yeah, you- -But it would, like, you couldn't just, you 838 00:41:41,463 --> 00:41:44,683 couldn't have like a seven-day extension for the time that manager's away, and then 839 00:41:44,683 --> 00:41:47,243 you would just ask for like... I would just top that up for another three days, 840 00:41:47,243 --> 00:41:47,763 -another three days- -Yeah 841 00:41:47,763 --> 00:41:49,823 ... another three days. Like, you would wanna set a cap on that. 842 00:41:49,823 --> 00:41:51,803 -Yeah. -But if they, there was genuinely a need 843 00:41:51,803 --> 00:41:54,703 for it, you know, if the manager had delegated the responsibility of running 844 00:41:54,703 --> 00:41:58,703 that report to someone else, then, you know, that would just have to request that 845 00:41:58,703 --> 00:41:59,863 -permission, you know- -Absolutely 846 00:41:59,863 --> 00:42:02,343 -... and say, "Okay, yes-" -And we have, I think the solution- 847 00:42:02,343 --> 00:42:04,403 "... let's do it again. Here's another seven days or here's 30 days now." 848 00:42:04,403 --> 00:42:07,723 Yeah, the solution in that instance would be like these long-term leases that we 849 00:42:07,723 --> 00:42:09,243 -would have, that would be like- -Mm-hmm 850 00:42:09,243 --> 00:42:12,383 ... you could request up to like a six-month lease or something like that. If 851 00:42:12,383 --> 00:42:12,643 -you're- -Yeah 852 00:42:12,643 --> 00:42:15,563 ... if, you know, in some instances, maybe it'd go through an additional approval 853 00:42:15,563 --> 00:42:18,563 process or something where it's like, "Why are you asking for a six-month approval?" 854 00:42:18,563 --> 00:42:19,103 Mm-hmm. 855 00:42:19,103 --> 00:42:21,783 Uh, you have to have the approval of two... Or sorry, a six-month lease, you 856 00:42:21,783 --> 00:42:24,983 have to have the approval of two people in order to get that or something. Um, and 857 00:42:24,983 --> 00:42:27,783 if it was gonna be made a more permanent part of a role or delegated to somebody 858 00:42:27,783 --> 00:42:31,643 else, then we might need to make an additional layer, an initial role, like a 859 00:42:31,643 --> 00:42:35,623 training, uh, assistant. You know what I mean? Something like that role. And then 860 00:42:35,623 --> 00:42:40,103 they just get that ability as well. Um, but again, the nice thing about this is 861 00:42:40,103 --> 00:42:43,503 that if we needed to make that role, we would not have to be involved with that at 862 00:42:43,503 --> 00:42:45,863 all. That decision can be made higher up the chain- 863 00:42:45,863 --> 00:42:47,103 -Mm-hmm -... and we just check for the ability. 864 00:42:47,103 --> 00:42:49,163 -Yeah. -So it's really nice. 865 00:42:49,163 --> 00:42:50,283 -Yeah. -It allows the IT teams- 866 00:42:50,283 --> 00:42:52,363 -Yeah. The roles can be created whenever. -You got it. 867 00:42:52,363 --> 00:42:55,323 Yeah, roles can be created whenever, as long as they're composed of existing 868 00:42:55,323 --> 00:42:57,583 -permissions. -You got it exactly right. And so I think 869 00:42:57,583 --> 00:43:03,023 that really frees them up to do a lot of work. Now-... um, the, the trick is naming 870 00:43:03,023 --> 00:43:07,023 the abilities well, and then the second trick is making sure that they kinda stay 871 00:43:07,023 --> 00:43:13,363 in sync across this, uh, orchestrating, uh, entity that, th- that sits above it. 872 00:43:13,363 --> 00:43:13,884 And so... 873 00:43:14,803 --> 00:43:18,364 That's it. That's it, but I, I think, I think that works. Um, 874 00:43:19,783 --> 00:43:23,824 and I think we actually might be able to get away without using permissions or 875 00:43:23,824 --> 00:43:27,723 bouncer, Laravel permissions or bouncer, actually. Because we already have... 876 00:43:27,723 --> 00:43:29,723 -Mm-hmm -... a process by which when a user logs 877 00:43:29,723 --> 00:43:34,224 in, we look at all the security groups they're a part of, and we can inspect that 878 00:43:34,224 --> 00:43:36,163 and assign permissions, 879 00:43:36,923 --> 00:43:39,703 uh, it's basically just an array. It's just an array of permissions- 880 00:43:39,703 --> 00:43:41,203 -Yeah -... which would be an enum cast 881 00:43:41,844 --> 00:43:48,703 of, you know, w- of AD groups, AD security groups mapped to named permissions. And 882 00:43:48,703 --> 00:43:50,763 we'll just cast them to an enum on that user and that's it. 883 00:43:50,763 --> 00:43:52,303 -Yeah. -There's no, there's no need for, like, 884 00:43:52,303 --> 00:43:52,704 -this one- -Yeah, I think- 885 00:43:52,704 --> 00:43:55,563 ... to many whatever, because we're not gonna do roles inside of the application. 886 00:43:56,763 --> 00:43:59,824 Right. Yeah. I think if, if the permissions for your application are 887 00:43:59,824 --> 00:44:02,743 coming from something like Active Directory, then there's, there's no need 888 00:44:02,743 --> 00:44:03,023 to 889 00:44:03,664 --> 00:44:05,723 -layer the package on top. -Agreed. 890 00:44:05,723 --> 00:44:10,604 As long as you've got some way of translating those things into... You know, 891 00:44:10,604 --> 00:44:13,843 I mean, you could d- dynamically register policies or whatever else, or, or gates 892 00:44:13,843 --> 00:44:14,944 -and things like that- -Mm-hmm 893 00:44:14,944 --> 00:44:18,984 ... based on this. And then, whether you cache that, you know, for 894 00:44:19,864 --> 00:44:22,423 24 hours, do you cache that just for the request, like do you use- 895 00:44:22,423 --> 00:44:24,143 -It's... Yeah, just for the session -... it once or whatever? 896 00:44:24,143 --> 00:44:24,544 -Yeah, it's just... Yep. -Yeah. 897 00:44:24,544 --> 00:44:28,463 Yeah, and when they log in again, it does the check again. So it, it goes and talks 898 00:44:28,463 --> 00:44:31,483 to AD and says give me the list of, uh, security groups they have. 899 00:44:31,483 --> 00:44:31,663 -So you're not- -Yeah. 900 00:44:33,044 --> 00:44:37,044 So how are you, how are you dealing with, like, changing in permissions if, if 901 00:44:37,044 --> 00:44:38,284 -someone like- -Doesn't log in? 902 00:44:38,284 --> 00:44:41,264 -... has a permission unassigned- -Yeah, right 903 00:44:41,264 --> 00:44:44,643 -... while, like, during a session? -This is a good question. And, and this is- 904 00:44:44,643 --> 00:44:45,063 Are you- 905 00:44:45,063 --> 00:44:48,163 I don't have a good solution to this. This is a good, this is a good question to 906 00:44:48,163 --> 00:44:48,623 ask. 907 00:44:49,443 --> 00:44:52,303 So, wh- what I will say is like right now, and the way that they've had to do it, 908 00:44:52,303 --> 00:44:54,583 like if they've had to add a permission is they'll add the permission and then 909 00:44:54,583 --> 00:44:56,223 they'll ask the user to sign out and sign back in, 910 00:44:56,903 --> 00:44:59,323 right? They sign out, they sign back in, when they sign back in- 911 00:44:59,323 --> 00:44:59,903 -Yeah. Yeah, adding, adding is fine. -Yep. 912 00:44:59,903 --> 00:45:02,363 Because someone, because someone wants that, I want extra things- 913 00:45:02,363 --> 00:45:04,123 -Yes -... yeah, I'll do, do the work to sign out 914 00:45:04,123 --> 00:45:05,763 -and sign back in. -Exactly. Now, the question is- 915 00:45:05,763 --> 00:45:07,283 -But if you are having some permission- -... do we revoke that? 916 00:45:07,283 --> 00:45:08,523 -... revoked. -Yeah. Yeah. 917 00:45:08,523 --> 00:45:10,223 -Yeah. -Now, the way that we've got it set up 918 00:45:10,223 --> 00:45:11,703 -right now- -Or, or if, or if it's a lease that it 919 00:45:11,703 --> 00:45:12,323 -expires- -Yeah 920 00:45:12,323 --> 00:45:14,823 ... like it's gonna have to log you out somehow. 921 00:45:14,823 --> 00:45:18,363 Yeah, so the way that we do it right now is, yeah, the thought is that we expire 922 00:45:18,363 --> 00:45:23,003 the lease at like 6:00 AM. So at 6:00 AM on that day we say it should expire this 923 00:45:23,003 --> 00:45:25,803 day, we revoke it. And if they haven't logged in that day, which it's very 924 00:45:25,803 --> 00:45:28,783 unlikely that they have, then when they log in that day- 925 00:45:29,423 --> 00:45:31,363 -Mm-hmm -... the permission will be revoked. Now, 926 00:45:31,363 --> 00:45:35,683 in some weird case where we needed to revoke a permission for somebody 927 00:45:37,083 --> 00:45:40,523 in the middle of the day, which I, I don't really see that happening. We don't 928 00:45:40,523 --> 00:45:45,763 typically get requests to take permissions away. We get plenty of requests to add 929 00:45:45,763 --> 00:45:50,003 permissions, but almost never. The only case I can think of where we say like we 930 00:45:50,003 --> 00:45:52,263 would revoke permissions would be when somebody's getting terminated. 931 00:45:52,923 --> 00:45:54,383 -You know, that happens. -Mm-hmm. 932 00:45:54,383 --> 00:45:56,463 -But typically the way that that works is- -Yeah 933 00:45:56,463 --> 00:45:59,003 ... a manager will set a time to say, "Hey, at 1:00 we're gonna have the 934 00:45:59,003 --> 00:46:02,943 conversation with this person, we need to terminate this user at 1:00." And so 935 00:46:02,943 --> 00:46:06,283 they'll pull them in, the IT team schedules the termination for 1:00, they 936 00:46:06,283 --> 00:46:09,383 then revoke that user's access and then by the time they get back to their machine, 937 00:46:09,383 --> 00:46:12,143 it's locked and they can't get logged back in and it's fine. So- 938 00:46:12,143 --> 00:46:12,383 Yeah. 939 00:46:13,063 --> 00:46:17,263 I don't... It's, it's a, it's an interesting question to posit but I'm not 940 00:46:17,263 --> 00:46:17,703 sure 941 00:46:18,483 --> 00:46:23,483 that it's a critical component of what I'm hoping to accomplish. I, I don't- 942 00:46:23,483 --> 00:46:24,723 -Yeah. -I don't know. 943 00:46:26,083 --> 00:46:30,703 Yeah. And, and I assume in an organization like yours you'd have a risk register 944 00:46:30,703 --> 00:46:34,103 somewhere, and these are the kind of questions that I sit there and I come up 945 00:46:34,103 --> 00:46:37,583 with and I send it to the risk team, and they put it in the risk register and we 946 00:46:37,583 --> 00:46:39,283 say, "Okay, we know about this but we don't care about it." 947 00:46:39,283 --> 00:46:41,443 -Yeah, exactly. -And as long as it's in the risk register- 948 00:46:42,063 --> 00:46:44,263 -Yes -... you know, it has been raised, it is, 949 00:46:44,263 --> 00:46:47,043 you know, we've decided that it's not something that we're terribly concerned 950 00:46:47,043 --> 00:46:50,223 -with, fine, but it's been noted. -Exactly. We mark it as an acceptable risk. 951 00:46:50,223 --> 00:46:50,903 And it's better to have something on the 952 00:46:50,903 --> 00:46:52,063 -risk register- -Yes. 953 00:46:52,063 --> 00:46:53,723 Yeah, right, yeah, yeah. And it's better, 954 00:46:54,343 --> 00:46:58,663 for those of you listening who are in, in smaller organizations or you're, you know, 955 00:46:58,663 --> 00:46:59,883 on your own or whatever, 956 00:47:00,523 --> 00:47:03,103 it's probably fine, you don't have to worry about it. But in, in big 957 00:47:03,103 --> 00:47:09,183 organizations especially those that are, you know, ISO 27001 or their SOC 1, SOC 2, 958 00:47:09,803 --> 00:47:13,663 whatever else, these are the kinds of things that it's, it is okay 959 00:47:14,343 --> 00:47:19,743 to have these kinds of things sat on a risk register and you just say, "That's a 960 00:47:19,743 --> 00:47:23,903 low risk, medium risk, it's acceptable," you know, we don't care about it but we, 961 00:47:23,903 --> 00:47:25,883 b- but you still need to think about these kinds of things. 962 00:47:25,883 --> 00:47:28,563 -Absolutely. -And then what you do with it is you just, 963 00:47:28,563 --> 00:47:33,003 you decide, is it something that I need to, to put into code to protect against? 964 00:47:33,003 --> 00:47:36,643 Or, is it okay to just, just to acknowledge that yes, that is something 965 00:47:36,643 --> 00:47:40,383 that we are aware of, but we're not worried about it being an actual concern? 966 00:47:40,383 --> 00:47:44,903 Yeah. I- so the two words that we typically use in those instances is that 967 00:47:44,903 --> 00:47:48,563 we would say number one, it's a known, it's a known risk but it's a, 968 00:47:49,303 --> 00:47:50,043 it's A, 969 00:47:50,663 --> 00:47:54,843 it is an acceptable risk, and B, here is a compensating control. 970 00:47:55,703 --> 00:48:01,123 Auditors love that phrase, a compensating control which just means we're aware of 971 00:48:01,123 --> 00:48:04,443 this issue but we're solving it in a different way. So we would say the 972 00:48:04,443 --> 00:48:09,963 compensating control is referenced user termination policy line 15, right? Where 973 00:48:09,963 --> 00:48:15,043 it says, uh, you know, all user terminations will happen within 15 minutes 974 00:48:15,043 --> 00:48:18,963 of a termination request or at the scheduled time requested by the manager. 975 00:48:18,963 --> 00:48:22,463 And then you, you know, you basically reference, hey, here's the pla- place 976 00:48:22,463 --> 00:48:25,943 where we say this is how we do it and this is why it's not a concern. That the 977 00:48:25,943 --> 00:48:31,743 application handles it because our process handles it this way. Um, and so anyway, 978 00:48:31,743 --> 00:48:35,303 those, those are good points to bring up, especially when you're trying to do those 979 00:48:35,303 --> 00:48:39,003 things, SOC 1, SOC 2. If an auditor brings that up and you don't have a solution for 980 00:48:39,003 --> 00:48:43,983 it like in code, i- if you have a solution for it in policy, um, then that's 981 00:48:43,983 --> 00:48:45,643 usually good enough, so... 982 00:48:46,383 --> 00:48:47,403 Yeah. Yeah. 983 00:48:48,183 --> 00:48:49,603 -Well folks, that's all I've got. -Cool. 984 00:48:49,603 --> 00:48:52,663 Michael, you got any... Uh, thanks for your help on that. I, I appreciate you 985 00:48:52,663 --> 00:48:54,383 thinking through that with me. Um, 986 00:48:55,163 --> 00:48:59,083 I think we're gonna move forward with that and I'll let you know kinda how things 987 00:48:59,083 --> 00:49:02,903 go, uh, on that front. But, I think it'll be good. I think it's definitely gonna be 988 00:49:02,903 --> 00:49:05,123 an improvement over what we've been doing. 989 00:49:05,123 --> 00:49:07,143 -Yeah. Yeah, I think so. -Yeah. Yeah. So... 990 00:49:07,143 --> 00:49:07,603 For sure. 991 00:49:08,783 --> 00:49:13,543 All right my friend, Episode 179 of the North Meets South web podcast is in the 992 00:49:13,543 --> 00:49:15,963 books. If you'd like to find show notes for this episode find them at 993 00:49:15,963 --> 00:49:22,223 northmeetsouth.audio/179. If you'd like to talk to us on Twitter, on X, on all the 994 00:49:22,223 --> 00:49:26,903 things, hit us up @michaeldurant, @jacobbennett or @northsouthaudio. And if 995 00:49:26,903 --> 00:49:30,143 you liked the podcast we'd really appreciate it if you'd rate it up in your 996 00:49:30,143 --> 00:49:33,823 podcatcher of choice, five stars would be absolutely incredible. Folks, we hope to 997 00:49:33,823 --> 00:49:38,943 see you at Laracon, please say hello. We would love to talk to you in person. We 998 00:49:38,943 --> 00:49:42,603 don't get to see any of you. Typically, for us this feels like speaking into the 999 00:49:42,603 --> 00:49:46,183 void. It feels like nobody's listening to this ever until we get there and we hear 1000 00:49:46,183 --> 00:49:49,303 from all of you wonderful people. It's an encouragement every year to keep going- 1001 00:49:49,303 --> 00:49:51,703 -Oh -... and keep doing it, because... 1002 00:49:51,703 --> 00:49:55,343 I, I, I enjoy it. I think it's, it's good to know that people do listen but it's 1003 00:49:55,343 --> 00:49:57,683 -also a very bizarre experience. -Mm-hmm. 1004 00:49:57,683 --> 00:50:01,283 Because people know so much about you and you're like, "Hello person." 1005 00:50:01,283 --> 00:50:02,563 Oh, that's so funny. 1006 00:50:03,403 --> 00:50:05,723 -Yeah. -Don't let that deterr- d- don't, don't let 1007 00:50:05,723 --> 00:50:09,043 that deter you from doing it though, I love, love to meet the people. Um, and 1008 00:50:09,043 --> 00:50:12,023 it's been, you know, like I said, six years since I got to meet the people. 1009 00:50:12,023 --> 00:50:14,683 -Absolutely. -So. Except for those of you who are kind 1010 00:50:14,683 --> 00:50:17,203 and caring enough to come all the way down to Laracon AU. 1011 00:50:17,203 --> 00:50:18,883 One of these years I'm gonna get there folks. 1012 00:50:19,503 --> 00:50:20,183 All right everybody. 1013 00:50:21,003 --> 00:50:23,583 Till next time, we'll see you.