Static Websites in 2025 with Stacy Cashmore
01:03:00 Share

This holiday season, spread a little extra cheer with bmw. For every new bmw bought in the month of november will donate two hundred meals. The families in need through feeding america.

Over the last seven years, bmw has probably help provide over seventeen million meals to those in need. And with your help, that number will continue to grow. Visit your local bmw center for details, or visit bmw U.

S. A dot com slash drives and hunger today. Take advantage of exceptional offers during bmw drive and hunger event.

How do you feel when you switch to biko and save on your car insurance? It's like going to work on one thursday morning and thinking to yourself just one more day until friday, but then somebody in the elevator says, happy friday. Then you check your phone quickly and discovered today, actually friday.

So, yes, happy friday. Random stranger in the elevator. Happy friday indeed. Yep, switching and saving with geico feels just like that. Get more with my co.

How do you like to listen to that? Net rocks with no ads? easy. Become a patron for just five dollars a month.

You get access to a private R S S feed where all the shows have no ads. Twenty dollars. I'll get you that end, a special dot net rocks patron mug. Sign up now at patron on t dot net rocks dot com.

Hey, guess what? It's dot net rocks show nineteen twenty six wow, carl Franklin and that's Richard cambell. Hey, Richard.

hello, I am Stacy cashmore is with this.

We're going to have a good old talk, but I haven't talked to you in a while.

Richard, what's up? Yeah, I did the run out, did a show indonesians unus called uh, dave dot net. And then went up to build stuff, which is the ringer st.

Conference in lithuanian in billions. Build stuff. Build stuff.

Yeah, I fun. Did you build stuff? I did not. I told stories, but that's what I usually do. You know, i've written this new nuclear power geek out and this seems to be been very president because now all the tech companies are keen about nuclear power. So that talk is in demand.

They need power for their AI .

stuff stuff. Yeah and so they're and they're now they're can't put crush on the grid. I just wondered for heading down that sort of William gives an cyberpunk and really you're going to you know now your electricity comes through the amazon prime account like is that .

the path were .

on on the other hand, if if those companies shoots to mature the small modular reactor concept, that could the whole world in the carbon zed.

and every every town could have some nuclear stuff. I think stuff should be the official word of nineteen twenty six show one thousand twenty .

six stuff you want. You want something industry have in one thousand six, when gotta flu, the first liquid field rocket was in nineteen six.

wow.

But super curse. And also the first transit lane telephone call.

No kidding. yeah. beginning. I don't know what to say about that, may accept that. Hello.

hello, can you hear me?

And you know, hello was a word that used to be holo and IT wasn't a word that they used to answer phones way that was IT was like an explanation, like, you know, something extraordinary happened. Hello, hello, hello. right? Yes, exactly.

And then he turned into, I don't know who started, maybe Edison and or somebody started picking up the phone. hello. And anyway, that's not important right now. Let's get started with Better, no framework.

awesome.

Remember what you got? So while we were sleeping, the whole world seems got off of x and onto blue sky. I think .

it's starter pack cept. I've said this before that the the problem with these new social media sizes, nobody has time to build a social graph again like it's just no thanks, right? And I thought threads had an event because that was borrowing the instagram social ground.

But the blue guy guys came up with that starter pack where you can basically lay put a bunch of accounts that you think are related into a list yeah and that makes IT easy, everyone else. So i'll just take a started back and follow them. So like there's an MVP list and a dot net list and things like that. Yeah like, so i've been getting one hundred plus news subscribers a day.

Me too. Yeah, crazy. So mine is carl Frankland, B, S, K, Y, that social and yours, rich camel. So carl Frank, rich cambell could be, yeah right well that's not my B K A F. My B K A F is actually a github reao um it's called awesome blue sky and oh as the names it's a list of resources for blue sky. Nice and it's it's kind of got stuff for programmer but I noticed there's nothing .

that's c sharp D A net code .

that involved. Yes, but they're alternative clients. There's a bunch of tools. There's post managers, migration tools, feed labels and starter packs.

So it's like a feed creator, an R S S feed generator called blue stream. There's some really good stuff on here. And so yeah, let's go.

Nice find. Good tool. Good tool. Seems that making things to the lazy for you, it's going to see the press to starting to head over the blue sky now too, right?

That was one of the things that made the old twitter powerful, is that you get news there first, and blue sky is going take that, but they get, whether done something going go from for fifty to twenty million users in lesson a month. yeah. So going sudden, shocking growth is exciting.

And our friends are hang up, so see you over there. I'm actually posting things there then i'm not posting anywhere else just to try to you lure people over and starts in conversations. And so far it's been really good.

Yeah, my great. What's what I got? cool. no. what? Learn to love. Who's talking to us, Richard?

Grab B A common top of last week show. That's then krone. We talked about bit about dot net nine. So twenty twenty five in our friend jo hiller, I pad a great comment. He said glen brought something up that i've heard a lot about using an LLM to generate unit tests from your code.

We do not ideally make more sense the other way to generate your code from reading your test yeah otherwise you just have unit tests that validate the bugs you've already written that's good point except, you know what are the chances you're onna write bugs in the your test are going to generate code that passes with bugs also yeah ah I think the big argument against that is that most of us consider writing unit test toil and writing code fun. And so you know we want these new automation tools to take away the toil from our software. Yeah but as for accuracy, I don't see either strategy providing more actually yeah right.

absolutely. So job, thanks so much. You are common. I know you've ready got a copy music cobi, but if you'd like a copy music, I had a common on the website N A com or the facebooks or the blue skies as we post the shows there and if you comment out there and when reading on the show.

we'll send you a copy years ago and as I had mentioned before, I am working on um track number twenty two from musi C2Code by and I e ve n got som e ear ly fee dback on my blu e guy acc ount. So look for that. I don't know I don't know when, but i'm working on IT good things. It's IT and as we said before, we've been on x forever. We're also unmasked on i'm carl Franklin .

attack up that social .

rich campo sdl and you can find us sky to carl Franklin rich camel so get in touch and you might win .

stuff I don't know about this whole migration thing like you really want to move your posts from twitter over the best guy. This seems strange to me. I don't and they certainly you're followers again, I want to rebuild my social graph but you know they the rest that's much okay.

not so much. And that brings us to our guest today's daily cash more is a veteran of dot nett rocks she's been on before and also attack, explore dev ops and only plan in a microsoft MVP in developing technologies. She's been developing software since the mid nineties and has been speaking about improving the way we develop software conferences and meet ups since twenty nine as well as spiring with the software architect about technical issues.

SHE spends her time helping the development team and the wider company with continuous improvement in terms of technical work process and of course, working together as a team outside of work he enjoys spending time with her classic car cooking, playing the piano badly and spending time with her family, doing, among some of things, building a lego modular building city in their house. And I have no idea what that means. I think we talked about that last time, but you're also reading a book, right?

Yeah, i'm just updating my book. It's I wrote IT a couple years ago getting started with blazer in as your started, we have help and I was asked if I wanted to update for, but I suggested they put IT off partly because with my health, there's just not a chance I could have done IT in time. But also IT was gonna released in sort of october for donor eight.

And let's not do that. Let's waiting to chinua. exactly.

So don't like there is that wildly different either, right?

Like A B be fine. no. Yeah, it's some it's the only thing that I found different is the project template for as your functions is different enough that you can't simply update from version eight to version nine, there's other stuff in there that causes issues. So I I just have to cheat with my personal website. I year created a new as your function project and just brought everything into IT.

Otherwise there what you do IT caused issues. Ah, so I just upgrade of customers. Big multiprocessors luck from eight to nine and no issues. Now of course, if you just changed net eight point note and net nine point out, that doesn't really do the upgrade. You have to chain, you have to upgrade the new get packages for, you know, all of the blazer stuff, but you know that that was a good first start any .

day that you don't burst into flames is a good day.

absolutely.

So you're .

anything when you do Better in the flames, you can always go back to the flame proof for version.

they. Revert includes a fire extinguisher.

exactly as long as you don't get IT like half working, forget to do your local commit and then break something.

but not know what. Yeah and yeah now you just give me Charles.

I've never done that honestly, ever.

never, never happened thing.

So so need us to say maybe your favorite static website platform is blazer with the other functions .

could possibly be air. And I and I may see shop developer, I can write into the languages, but I may see shop developer and .

IT IT just makes IT easy. no. sure. So what other static website platforms had experiences with ARM or tribes? Maybe he says, honestly.

due to the fact that i'm kind of a sea shop developer, I kind of heaven, aside from running a work press site, which I don't think really counts. No.

as you stay away from plugging, those seem to be evil. Yes, word press plugins on security this week. Every week, there's a vulnerability in a secure press wordpress plugging.

I stuck at vanilla, just putting a over the top to make IT look pretty and just kind of lifted at that, but not outside of that. It's I didn't have the time or energy to really figure out a different platform. And then I just happen to fall into study webs on as you when they are in preview. And IT was just a whole. I G, this is so easy.

especially with visual studio code. I found the the visuals to your code template. T was like, easy.

It's literally three step. bing. bang. boom. M, and you're done. And now if you got to do is change IT to what you want.

Yeah, exactly. You just me that finds IT weird that we talk about aso static web apps and then you also talk about blazer, the most dynamic thing going .

yeah that .

and i've started to get this question a lot in talks. And germany from people, and a lot of them just like to have the left with IT, but there's a couple that have been really augmentative about, right. I don't know .

what there is to argue about. Blazer comes in two flavors, web assembly in the browser and best server. That's dynamic.

It's not java script hates tem l. It's not static in IT. It's like the miles that aesthetic. The files are static on the server. And then the brother this with them who who has a website that has zero java script these .

days yeah well, I mean, the other way to spend this is you don't burn any compute with a static. It's just to file transfer effectively supposed to doing computation on the back end to generate that file even though you're to gender the same darnin file every time.

Customer asked me once, can you write this in java script? And I said, I can't write java script from where I live. They said, where do you live? Said twenty, twenty .

four K.

Yeah, yeah.

So I have written some angular and view static web apps when i'd been asked to give a talk at a conference. IT wasn't, don't that right? And I think the really nice when those you don't need to do anything, the stead of weather just work so you're gotto do, is make sure that your front term works.

Copilot can be both useful and annoying. There it's IT gets you on the right path, and then IT makes one slight mistake. And then IT just goes.

man of van circles. I find the suggestions in copilot to be sometimes brilliant and sometimes they're like, you know, clippy, hey, you wanted do this? no.

How about this? You want to do that, right? No, shut up.

Yes.

go away.

I'm trying to help. Not really. Yeah, i'm trying to help. Yeah, I I like the idea of no pop ups just when I have a question or i'm trying to figure something out, being able to put IT in just no different than I would have into a search box yeah maybe a little bit different text and know in some ways just using in the search just a little more savy one when it's savi about what you're doing.

I couldn't, instead of make an automatic like this, the shaded kind of suggestions, I took IT to a kestrike like control till day or something that I never .

use that be cool because .

I only want IT when I want IT.

Well, I mean, the new copilot plus PC have a copilot button.

Yeah, they have a bunch of other annoying things like full page advertising there is. Did you hear about that?

Is this a non european thing? Because I look, would have IT bad luck would have IT. I just had to replace my main laptop, OK.

And I got one of the lunae from asis beautiful little machine. Yeah, absolutely love IT. And IT has that .

copilot button, yes.

But actually all IT does is open up a window, which is like a web up of copilot. So so AR, it's okay to go to being and do this, but it's nice. Just Better to go clicking its there but no efforts yeah we don't can advert some windows .

over here yeah I could .

be a thing yeah I think could be a gdpr like just stopping that right thank good as for my pie hole to try and drain them out of IT. But and what would be interesting is being in visual studio and clicking on that key and get up go. Yes, I don't think IT does that, but that would be because you currently can change IT. So whether you can be make a contact sense that to say when I could this key.

what's currently open, run the appropriate or you know, I didn't have full page pop up ads and windows in america, the entire U. S. Economy would collapse.

True, you know, know, U. S, can we be less annoyed?

Less annoyed. But you know.

immediate lately with the pie hole filter, all that means as a page pops up and it's blank.

Would you put a link to the pie hole thing on this show, Richard?

So I made this just a piece of hardware. Become local DNF server. Yeah, yeah, yeah.

You have to run linux, but it's also a good filter .

for things like that. Just have to run linux. That's all. Yes, people want IT. I'm sure they're heard of him just like the new house, new reconfiguration, new guzman. I've got a couple of rasberries and those are my local DNA servers.

Man, some of these new rasberries are really fast.

They're talky ah yeah you know not that you need that much for doing DNF, but now that is pretty turkey think you do a lot turkey anyway we are talking about yeah the static pages right? I mean, the other thing about the static page is you can glue have the local like for a demo perspective at a conference when the internet tanks not the whatever happens, your demos still works yeah and .

I want .

to say kind of i've studied using code spaces for my demos.

I .

like.

well, I am supposed to be able to presume there's an internet connection .

when you're doing at them yeah and I never got said the europe so always got my my tethering. I have plenty of data on that as as i've got a signal inside .

of the continent.

Not always well, but I always have running locally just in case I yeah .

always when we can .

do the OK if the internet was working, this is what you would be seeing on the internet is supposed to work.

Now i've definitely done that talk. That's true. yes. What do you like about code spaces?

What I like about code spaces, I scratch ched, the surface of them. It's one of those things that I know can do way more than I use. But just what I love bad IT, is I don't have to get any code down to my machine, so I can just go into any one of my get to gree pose start code space and I convert everything.

There is not good for resetting too. Like if you do a particular demo and then you know when you finish, you can say, okay, revert back to the state like now you have an isolate place just for that demo. You're not mixing all the stuff together in your machines now that we have been for a while more isolation Better.

So I have a question about that. When you when you're in that code space environment and you run is IT going to run a browser within the code space or is going to use your local .

browser when you if you try to win something within the code space, IT will spin up the server inside of the code space. And then I will forward that port are externally, and then you have the choice. You can either forward IT, by default is protected. So you have to be logged in to get her in order to access that expose port or you can make IT public if you want somebody else to be able to see IT.

It's interesting. Can you have a choice?

And IT works ninety nine percent of the time.

So it's not quite a vm, then it's sort of like a hybrid yeah .

no visual studio in the cloud .

and then you get to decide where you want to run your brows .

er yeah it's as soon as i'm a way it's just a just a it's a dock container yeah that you connect IT OK isn't IT wonderful different technology that we have today. You can it's just a container that spends up somewhere in the cloud and I actually like and yeah everything happens automatically.

please also then is awesome. Well.

and I mean, the original pitch for this thing was you've got a new developer instead of them, spending the next two days building that machine and trying to get to a state. Here's your credentials or you have credentials. I've never give you access to the code space for the company. You have a working pretty figure distance. You wait to go, you can start coding today.

Also, there's the trick of you know you check in your code and then you have another clone repo of that somewhere else. You get the latest on that machine, download the latest and run IT. There means it's a little bit more of of a cycle but i've used that technique to get around like you know stuff with um macos and mari programs where you know the whole you .

know run on your iphone .

kind of thing never works for me and just i'm going to run IT just use the back, right? But I don't want to develop .

IT on the back.

no. So static websites, let's talk about what kind of applications learn themself to a static website. In a static website, of course, something that you can distribute you know with, you can distribute IT without a server.

It's a server less application so you can use a cdn, you know and people will get get IT quicker because it's closer to them. But you still have if it's in a web assembly blazer application, let's say you still have that requirement of downloading the web simple bits. You still have .

the climate of download in the by assembly um and depending on what your APP is, depends on whether or not that really an issue. Yeah, I see lots of people comparing at something like facebook, the download to get your blaze up working as smaller than the download you need to get facebook work in locally. Yeah, I am.

That kind of puts any .

perspective.

Doesn't there is just good for IT, right? Used flash the yeah .

nice facebook. But I think it's anything which is an actual application where being disconnected can be useful. So offloading a lot of processing onto the browse with the client, things like that, that is the best case scenario, I think, for these your .

static web apps, right?

Doing what I do for my website, because my personal website is also built on an a geo static web out, of course, because I build to play with them. Terrible idea. And don't do IT.

I write books on this technology, but good nose.

don't use IT don't. What are you? What you doing? Anything that needs safe is just an absolute known .

of that needs safe.

So I search engine .

up to C O. Yeah, no. IT might be a dirty thing.

I learned from the marketers in my last company, they were .

always going on about.

it's bad for s it's really bad s nothing right? yeah. So the problem is that these things went on the browser. So when the read qual comes in, they don't see. And if and they just see an empty page.

this is the old blazer kind inside problem. yeah.

Well, preventing ing works in blazer web assembly, but only if you have a server that does the preventive ing.

which you don't have on to stand without. And they are bringing IT in its in a public tree view for next J. S. Yeah, I haven't played with that. I cannot tell you how well they were because I don't do much with next J. S, but that should alleviate the problem with that language, but gets, but everything else, unless you are serving and static, a real static application using hate email, which you can do from these resources.

Now I wonder, yeah, no, there is. There is no solution to S, O. I mean, there is a solution to pretender's that you could just manually create an index HTML file and somehow figure out how a jury rig that as the first thing you see. But seo is a real problem.

and those S O algorithms are very sensitive to spoofs data. So they really want, they really much analyze what are you actually showing on the page. You can't hide stuff for any those sorts of things. They downgrade your page quality for that. So anything clever often is up being excluded from the social.

And so you're in the situation where you don't need you or sao probably because you're you know this is a business to business application or something in internal application, but you want the distribution of a city n and you want the the the ease of IT. I guess other than you know the distribution, what is the simplest thing about IT? It's great about a static without .

the amount of things that you get in one single vest.

without IT down, less file .

being pulled down. And so I started with these, your function that IT came with, how do the box then that was upgraded to? You could bring your own functions, you could bring an APP service, you could bring A P M manager as your container apps, and you could hook them through this same resource and get an access to all of the authenticity that you got in a your study where that, but using your own back end.

And so that started to grow IT. Now you've got the data, A P, I builder, which is currently improve you i've just been playing with that because that's a current chat to the book that i'm working on. That's new for the new version of the book.

And that's just again, is so cold you can just access your data via your your study web out. You can set up a data P I build at any way outside of a study web bp, but is still a second resource. And this just brings everything inside and just makes that deployment, that one step simpler yeah and they just have so much inside of that in order to make IT useful.

And one of the ones which I think my previous company would have absolutely loved is the ability to her slippers into your application so you can set up that every page is going again at a particular piece of java script or particular piece of hate. Cml, I either put into the header or put into the body where you want to. This was always a nightmare in my last job because IT changed stances.

IT was always a fight between marketing and product who's gonna the developers time? Because we were finally we sort 也是， why do you want to spend your time doing this, be enabled to just put this into the resource itself. And IT just injects IT kinder takes IT out of our hands, is developers and gives, i'm not going to say, self service because i'm sure the marketing people don't want to play around with the stuff that needs IT. But IT makes IT a whole lot simper, then they're just gonna complain IT slow anyway.

But that was going to have regardless. The real question is when when does IT break something and how true?

Yeah, that's one thing I love about places server, is that the debugging in building development experiences is just so simple. Yeah, yeah. Easy to figure things out, easy to keep, you know, don't need an A P, I layer.

You know, you could use a manager. You can use the all the different patterns for data. That's fine. But at the end of the day, all your stuff is running on the server. So with with any kind of web assembly application, you have to build those API layers and you have to make sure they're secure again.

But that that security again is something that you get out of the box.

Would this start IT whit?

It's yeah sure you do. There is aside from if you want to access information about the user inside of your A P I, then you need to do something to get the authenticity information out of the header that gets past. I have A A nugget package for that. Actually, I will give you the link to the nuit package for that, which helps you get access to all of this, all the information inside of blazer and internet functions. But the actual i'm access to the API that is all taking care of again by the of your study web for you, so you can set up different routes and you can have different access for different H, T, T, P verbs. So you know, anybody can read, but only certain people can write is something you can easily set up for your aps, whether that's the data A P, I, or the is your functions A, P, I, and you don't need to put that into your actual code, which can be swing among about I had a discussion at um tech around a couple of years ago. Someone was giving A A static web at talk did all of his own authentic .

ation yes yeah and I just crack yeah .

and I asked him why he did that. And the reason why he did that, I think I was A, I don't if I would do what he did, but he was a valid reasoning. If he puts everything inside of the conflict file, how does he test this? How does he test the conflict file is correct, whether if he decorate his aps, he can do test on that and make sure that everything is secure as IT should be rather than having these conflict and as in different places.

right, until you need to change security profile, right?

We're going to a take a quick break hold IT right there, and we'll ll be back after these important messages. And as a reminder, if you don't want to hear these ads, you can get an add free feed, go to patron on the dot net rocks that com, and for five books a months, you can get and free. Hey, you're looking to speed up your surveys less functions on A W S lambda. Now you can reduce cold start time for dot net functions with lambda snapp start snaps. Start delivers faster start up performance from several seconds to his lowest sub second.

Learn more at A W S that amazon dot com flash dot net, attention dot net developers looking for the ultimate SDK to handle electronic document processing, meet tx text control, tx text controls, your go to solution for seamless PDF generation, secure electronic signatures and efficient digital forms processing all within your dotted applications, empower your products with robust document management capabilities, boost productivity, and deliver top notch solutions to your clients trusted by developers worldwide, including me and Richard. Tx text control is the SDK that makes a difference. Check out demos that tax control dot com for live online demos and see IT in action .

and we're back and start in .

net rocks and karl Frankland, that's Richard cambell and that's daily cash more. Hello, and we're talking about static websites and we assembly blazer and static websites particularly. And you mentioned something before. And I just want to make sure people understand you said one of the benefits is that everything is in one resource. Does that mean like in your azure function that serves the web assembly, you can also have in points that the web semble um could call you and you could do your sort of server stuff that you would Normally do in an API project or multiple controllers right there in the static web up.

Ah you do IT right in the static web up. And what you do is set up different as your functions. So my project that I have for my website is the client application, a shared project for all of the models that I use for communication.

And then and is your function project, which has all of the A P. S. I need to access.

right? And so because they are in the same resource, you don't have the cross boundary problems .

and you don't have the cost of problem cause is not an issue anymore. Um IT tastes camera that because this is still two resources causing this, when you go weight down into the guts of this thing, it's still static files IT gets served underneath your function. Yeah, but that lay with magic on top that and shows the you don't have to deal with that. It's done for you and you don't need to open up your for any cause. It's just by default, it's gonna work that's very.

very enticing.

Yes, I gotto say it's that that bit, one of the ones was quite good fun. And even running locally, you have A C I told as to be way, see a line. And that is a node server that pretends to be in a geodetic web APP.

That will be your interface when you're developing locally. So you run your frontage, you run your functions and then you run this no application pointing IT to both of them. That gives you another end point, which is what you use for testing.

And IT will root IT to the appropriate one as needed in order to get the information back. And that even does the data, A P I now and including A G edit. So you can even write your calls inside of your Browns are locally and check them against your data model.

And that's one of the sort of claims to fame here. This is a more testable way to build web. yes. I mean, now you go back to your fellow who built his own prety implementation because of the stability. Like really what are you doing?

Yeah, I think it's going to do an integration test for that. You can find .

that in a different way. Yeah, building your own off smells .

like funny blue cheese to me. Yes, you algorithms. M, I mean, what could go wrong? Wait, I want to write my own garbage collector. That's a good idea.

I'm sorry, right? My own database.

scary enough. I know people that have been down that road.

Oh, sure. yeah. In an earlier day, I was one of those people. I never went so far, I still like write my own network protocol.

but I know people who've done that. Erato, one of enough I to make yeah. Dep, no, you don't. I'm just lazy.

If somebody y's built up and I can use IT .

and then somebody else's problem.

I can be reasonably certain.

It's gonna a work. It's ten thousand five star ratings. Okay.

yeah, why is there fifteen ways to do this? We should count with something stated. There sixteen ways to do that. The classic X.

K city. Yeah, yeah.

Like, no, use the one that's there. And good, great thing. About fifteen is at least you can choose a .

few or delbert member of the token ring thing. Anybody seen the token? I lost that somewhere where to go.

okay, you know, on on, on the surface of a token rain made a lot of sense in practice, was terrible. Know, sometimes you will lose the top.

I think I am lucky ough. I'm Young enough to miss that in well because we fixed .

the collision detection and avoid this problem of networking by just making IT faster. That's yes. We never there's nothing like an ether net storm. It's just an international storm. And to gag a bit as tRicky.

are we having A A fail .

contest here?

How about more than one person trying to access and access database over a network?

Halloween is already gone by. You can't go back to halloween.

That's all sort of like greatest .

network failure is a hardware failure. No, yeah, I was at the point where we had the my ethos. So before R J. Forty five was really in the widespread the .

cox version .

and I was asked to set up the networking in the new building and i've never done this before and ended up cutting the um shooting like half is sent to me to two short and they all worked until somebody touched the computer and then IT disconnected.

I was not .

the most light person in the office for a week once we went around trying to fine yeah well.

you know talk about don't make write your own crypto protocol, don't make your own cables.

don't do any of that. Don't don't it's no, it's it's solved problem. We live in twenty twenty four can't do that from where we live.

yes. Now it's so much nice .

and that should we talk about some of the botches of static websites? Yeah some things you need to watch out for.

the things you need to watch out for um first up is just to activate what i've saying before. Make sure that you don't need any S O or C O, right? Make sure that what you're doing is really something that you can handle. Yeah, just not having any google results on IT. Yeah.

you know look helpful for people to find this site through search. You are going to give them the link to IT.

That's the end of that. Actually, if they can find IT through search, you're got a problem kind .

of not the future.

right? So yes, so I think that's one of the biggest cottages. And of course, that that your functions is always to be start problem. Yeah yeah. And I I think if I look at my website, because it's not the most visited thing on the planet.

hesitation.

sometimes you can go there and it's like you've got await a few seconds for the functions to find you things to happen.

Now that can you keep IT on all the time? And if you do that, does that not kind of defeat the purpose you .

can keep all all the time? I think that the defeat, the purpose, not so much funding as your functions because i'm sure microsoft is used to people gaming as your functions in this way by now.

But IT turns your bill.

But you are gonna need A A second resource yeah because it's inside of a standard web that you only have hate T T P functions. So if you want something to run on a crown drop, are you then enough to make a second resource that does that and then access to IT and .

to keep IT up? Oh, okay. So if you how about this now, Richard is probably right, but I want to throw IT out there anyway. If you do have a second thing like like a front and static HTML page, even if its services rendered blazer or something like that, that shows first, then would route you to your static .

web .

up maybe after it's had time to come to light. I don't know, is that a possibility? Have any has anybody kind of tried that little hack?

I know that jeff for um clip p had a wonderful mechanism that was complicated the absolute shift kiss in implementation that sounds like jeff it's .

he used front .

door and if a boat came to his sight then IT was redirected to a really small, really cheap APP service that rent service side, blazer service side rendered very cool. I say IT might have even just been m VC, but I just got very minimum results that didn't look pretty yeah the same. And anybody that came that wasn't abbot, they were redirected to the static web up where they got the the full flavor, right? Jeff.

we're going to have a conversation.

This is cool, sounds like a good little conversation by itself, but just doing some smart writing that way. I don't know how we figured out these are bots.

That's that's a tRicky one, but I have no idea. But he spoke the conference that I organized on halloween for static web apps, and he closed IT for us. And he he gave us the story of .

clip p yeah, which I think is now gone. And right.

I did. That was the end of the story. Unfortunately, I it's sam, very popular website. I'm not going to tell his story for him, but yeah, it's sam.

You know what would be to be a cause, a great story and IT certainly dot net sick.

And so absolutely yeah, I I would not trying to be done to now.

Definitely recommended, not engh.

So have been in the country too long. I slip into the occasion .

now that's fair closed enough.

But but I think that that also that whole story that will talk about touches on another problem that you do have with that IT is very opinionated in what IT does in that IT is a server for a web application that is IT and it's IT is not a microtest. It's not an entire architecture. This is your application, right? You can talk to microwave in the back end and you can do all of that kind of stuff.

sure. But that your brothers are calling through to services?

yes. So that is you pass IT on IT. You you sure if your functions to write uh events to buses and that type of thing and then that happens in the background, but within your actual static web up, you are limited to just hate T T, P functions. Yes, in order to make things when I think think that that might be a gotcher for people if they're thinking, I like this and I can write a message and I can do a thing for this processing and it's like what you can, but not this topic web.

you've gotta take kit. You could be calling .

out of IT for that.

outside for that. Yeah, you can use, I think, result, right? You can do streaming. You can up from your own points.

Yeah, I believe you can do that.

And if it's blazer, you might be able to g RPC. Can you make a gRPC service on the in the function?

I don't think i've ever seen one, but that doesn't mean to say it's not that no .

reason he couldn't call to IT, right? It's it's just to call a browse can .

make that call what calling to IT is one of. But having a service like you would have to register a service in the back, and i'm not so sure you could do that. And and as a function.

yeah and I think that's why your problems going probably come in.

right? But you could call on any point in your as a function that then uses the gpc client to call out. I would assume that .

you can do if you've .

got sea sharp yeah anything .

that you can do in sea shop, you can do, but it's any technologies you're going to be struggling to move outside yeah and I think the other one is, again, the authenticity and they say that is there a double let? So to a double side of coin, one of the two on the bright side.

I suppose your single side of going, I don't know .

that makes sense.

Single nail to the wall, Richard.

It's very late on this side of the advantest.

Sorry, sorry.

But where was if my minds come blank now?

Yes, no. I'm not a .

blessing or curse.

Said of so um the thing with authentication is IT is both super easy and annoying ly hard at the same time. So if .

you just yes.

if you just use a building stuff um which used to be quite brought but with certain changes to you know bluebird sites and things like that, I got smaller and smaller so you used to have facebook is a preview that I don't believe ever left review before IT disappeared. Google with that. Tweety with that. And then I should I get up and active directory.

Yeah A D right? Yeah, active directory. No, sorry. Now tra.

I was just going to say.

Is which set this up in the portal, the browse now IT still says microsoft is your active directory .

when you're picking the type of.

but that's the problem. You now only have get hub and intra. So if you want more than that, then you or if you want title control of IT, then you're gonna to roll your own. They have .

what about esp in car identity?

No, no. IT just uses an implementation of easy auth.

interesting.

So IT puts everything into a client principle in the blazer client or in your angular client. Whatever one you have, you call a specific n point, and the end point will read your barret token and return you your climb principle, which you can then use in your APP.

When you're calling the A P, I, IT puts a specific header into the message so that inside of your function you can see what this person or how this person is authenticated, which isn't this game. Is that sounds because IT does do the check. I did do a check on this one. I first, so I thought this could be dangerous. But if you put anything into that head, IT gets stripped out in production.

嗯， okay, not when you're .

running on this on the C, L, I, when you're running locally, IT will let you do what you like there, which is what scared me initially. But no production is at a safe same.

I mean, my instinct here is that i'm using this in a company environment likely for an eternal APP but visible externally yeah and so intra all the way because i've wanted use the existing identities that are exist .

in the organization yeah and if you're doing that and if IT doesn't matter who logs in, it's fine. The second that .

comes whose logs in being any employee.

whose logs in being anybody, because it's always open to the world OK.

So why am I dicing all .

you can access the site as anonymous, then you know that person is anonymous. You can do anything, you can authenticate. But then you need to figure out, okay, should this person be able to do anything? So that's what you think. And there you've gone a lot, a lot of limitations. In the free tier, you can only have fifty users with explicit roles.

so not fifty roles. There can be one role, but only fifty people sign .

to free the authorized view.

And in blazer, up with roles equals .

inside the blazer. Yep, inside the place of all you do is set up your own authentication state provider that reads from this specific in point to get the information and big yeah, you really got fifty. So outside of anything hobby, if you need to use authorization, you're going na be using the standard team. You're going to be using custom. Oh yeah ah you can easily integrate into entry, twitter, apple, whatever that .

matters. What's the nut for that? How much looking?

I know. Euros, it's eight and half euros. So guessing that month?

Yes, that's IT. T T.

IT is still not expensive. no. I which escape when you consider some of the things on is your .

is yeah and there is there is a band with cap two right to a certain matter of band with they start .

charging in like twenty cents of gig yeah and like a hundred gig i'm just .

looking list it's one hundred gig per per subscription and on the free tear just cuts you off at one hundred gig and at on the standard and the dedicated, which is the enterprise one, it's twenty per gig after the hundred. Yes, pero OK, but then .

you really bad. It's not that bad. But then you really have to roll your own both your own north is when you have to set up an explicit or yeah, yeah, yes. Now we're .

back to, I just wanted use and tricks already have all things. Now I have to maintain .

a list of who has privileges here to. And if you use that system and you use the user I D that you get with that system, if anything happens to your site, web up, all of your records just become often.

hey, no say happens .

like web and update.

if you have to recreate your APP for whatever reason, right? And then every resource that person gets an explicit yeah, has to be resigned and they will get a different user. I D so if I go to my website and I go to my demo sites, two different user ideas.

Sure, of course. So I I now need to build into the deployment pipeline, go pick up all the security context and repopulate them.

Yeah, so use the custom one if you're doing this because it's just a whole lot Better, I think IT making shop that people are log, then I think that's fine for some things on the free tier. But as a hobby thing is, IT is the free tier, is the hobby tear. You want to use this inside of a company, hay the money.

If to me, the real issue here is I have to go to finance and say, hey, i'm going to spend ten dollars a month on this APP do we really need this APP? I mean, when you talk about web as the side of companies, there can literally be hundreds.

If not, they say it's either this or the coffee budget, which would you like?

what? coffee?

Yeah, right? So browser storage. And one thing I know about blazer is that you can only encrypt browser storage if you are starting, if you have a server that can do the encysted.

But what options are there? I mean, what if I want to encrypt something? And brother storage, which I get, you know, five make bites per URL, per user, per browser.

what? What can I put in there? What kind of not put in there?

And can you encysted IT? I would assume, and this says an assumption, I would assume that that down to the the specific framework that you are using because by the time you're working on the browser, IT has nothing to do with the study weather.

right? Ah this is all in the browser storage yeah but I will persist between, well, will IT will you get a different URL every time you go to that static web out?

No is the same.

Well, are right. So you can load and save serialized j on whenever.

yep, you can load and save civilized things.

Just its clear text.

Just that's the problem. Yeah, just it's clear attacks. And unless you can encysted IT in some way.

yeah, unless you care, which I didn't .

realize that blazer websites. Ly, I wouldn't enrich that.

No blazer server, you can use protected browse storage for blather. No, it's clear text. Now, if you don't care, because let's face IT, you are using S S L. yeah. So the only real danger is that on the disk, at your desk or on your phone, somebody could look in the browser tools and see that data you might not care about.

right? The cash at risk on the end device is not encysted.

Yeah, you might not care about that. So that might be a good way to save state between, you know, between sessions, for lack of Better word.

Yeah, I can see people still complaining about that, though.

of course, are you at the own the interruption .

problem yourself? I remember doing a blazer talk, but just at the very beginning of blaze, IT wasn't even out yet. And I did to talk in in new york city at the microsoft building. And some I was explaining IT.

And somebody from the fin tech sector said women, so anybody can just look at my sea sharp code that's running in the browser that's really insecure is that and I said, use java script. So then the light bob kind of goes office like, oh yeah alright. So obviously, your secret sauce going to run on the client, you put IT by an API call. Yes.

we've just had this discussion in the office because we're just riding widget that customers can use to put fancy calculations on their website with no coding. And we've had that whole conversation of people trying to figure out how can we keep this secure. We're not doing personal data over IT yet.

That will be a whole different cattle efficient have completely different authenticating over IT. That'll be fine. But how do we stop people running this weekend on their own website if they copy the code is like, well, the literally the only thing you can do is White list the the main name, which is a foolproof, but it's gonna stop most people. But what if we just put a key on there as well? Think it's in the browser.

So why would you want to restrict access to something that's beni? That's my .

question because it's using our calculation engines in the background and that's where we make a money form.

Well, then you put your calculations behind the P I, N point, right?

The calculations are behind the end point. But if you can call this from the a widget, which is just code that goes on the client side.

so you authorized the A, P I.

cause that is what we're going to be doing for the um anything which involves personal data. Yeah but these ones are and say you are an insurance broker and you want to give people calculation so that they can just come to your site, put these types defend and get some ref information.

Yes, anonymity, anonymity.

And these are the tools that we want to doing. You you're not going to make people log in order to get that because as soon as you say, hey, making account, you can do this.

It's gonna be yeah by right. So the next thing I would say is to put some API service in between the client and the API so that you can prevent stuff like you can throat IT, for example.

Oh yeah, we have all that in place and the suttles and everything else is going to be there and we are just going to do the .

the main White listing calculations.

Sorry.

no way.

Yeah that kind of thing. Yeah me there is if you are just using this and Brown before you buy a house, you're not gonna firing off. Calculations are second and right that kind of stuff we can catch that.

That's not the problem. It's more rare you somebody just putting the widget on their own website when they are not supposed to. Nothing bad can happen.

It's just onna use our computer power. Feel like we continue talking about blazer and in static websites and everything, but we are at the time. So there anything that we missed stay, see that you want to make a mention of.

I think the only thing that I would make a mention of is the shameless self plug of watch out for my book next year. Yeah.

update to the book.

Update to the book is going to recover IT everything we've talked about now and it's even going to include making static web up as infrastructure.

as code wow.

And whats the name of the book.

So the book is beginning as your static web apps building and deploying dynamic weather applications with player by static.

just roll off the tank.

Yeah, thank you. Said, you said that so much Better than I can.

thanks. Do this for a limit.

See, it's been IT to like.

as always. See again. yeah. Thank you very much.

Thanks for having me.

All right. I will talk to you next time on dot networks.

Dota rox has brought you by Franklins net and produced by pop studios, a full service audio, video and post production facility located physically in new london, connecticut. Of course, in the cloud online A P W O P dot com. This is a our website, A D O T N T R O C K S dot come for R S S, feed, downloads, mobile apps, comments and access to the full archives.

Going back to show number one recorded in september two thousand two and make sure you check out our sponsors. They keep us in business. Now go right, some code. See you next time.

So I will try my.

This holiday season, spread a little extra cheer with bmw. For every new bmw bought in the month of november, will donate two hundred meals. The families need feeding america.

Over the last seven years, bmw has probably help provide over seventeen million meals to those in need. And with your help, that number will continue to grow. Visit your local bmw center for details, or visit bmw USA dot com slash drives and hungry today. Take advantage of exceptional offers during bmw drive and hunger event.

How do you feel when you switch to biko and save on your car insurance? It's like going to work on one thursday morning and talking to yourself just one more day until friday, but then somebody in the elevator says, happy friday. Then you check your phone quickly and discover today, actually friday.

So yes, happy friday. Random stranger in the elevator. Y indeed, yp switching and saving with guy co feels just like that. Get more with geo.