Modern Web

Modern Web
undefined
Oct 7, 2025 • 36min

How NPM Auto-Updates & Post-Install Scripts Could Hijack Your Org

In this Modern Web Podcast, Rob Ocel and Danny Thompson break down the recent string of NPM supply chain attacks that have shaken the JavaScript ecosystem. They cover the NX compromise, the phishing campaign that hit libraries like Chalk, and the Shy Halood exploit, showing how small changes in dependencies can have massive effects. Along the way, they share practical defenses like using package lock and npm ci, avoiding phishing links, reviewing third party code, applying least privilege, staging deployments, and maintaining incident response plans. They also highlight vendor interventions such as Vercel blocking malicious deployments and stress why companies must support open source maintainers if the ecosystem is to remain secure.Key Points from this Episode:- Lock down installs. Pin versions, commit package-lock.json, use npm ci in CI, and disable scripts in CI (npm config set ignore-scripts true) to neutralize post-install attacks.- Harden people & permissions. Phishing hygiene (never click-through emails), 2FA/hardware keys, least-privilege by default, and separate/purpose-scoped publishing accounts.- Stage & detect early. Canary/staged deploys, feature flags, and tight observability to catch dependency drift, suspicious network egress, or monkey-patched APIs fast.- Practice incident response. Two-hour containment target: revoke/rotate tokens, reimage affected machines, roll back artifacts, notify vendors, and run a post-mortem playbook.Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: https://ai.thisdot.co/
undefined
Oct 1, 2025 • 48min

Cracking Tech Interviews When AI Changes the Rules

In this episode of the Modern Web Podcast, Rob Ocel and Danny Thompson talk with Wes Eklund from AWS ProServe about interviews, practical AI, and the future of developer workflows. Wes shares what trips candidates up in coding and behavioral rounds, how to ask better questions, and why prepping multiple honest STAR narratives matters. Danny introduces the Thrive Framework for behavioral interviews and Rob underscores the discipline required to stand out in a crowded market. The trio then digs into 100 Days of Code in the AI era, smart ways juniors can learn with AI, and how Wes’s team uses MCP servers and Amazon Q to speed design, onboarding, and day-to-day delivery. They cover the lull in MCP hype, real security concerns, the “80 percent is a win” mindset when AI accelerates work, and when it actually makes sense to build agents. They close on thin, purpose-built agents, enterprise adoption patterns, and why frameworks like DSPy could reshape moats and costs.Key Takeaways from this episode:- Wes explains how candidates often fail because they neglect behavioral prep, and Danny introduces the Thrive Framework as a system to stand out.- The group debates whether juniors should use AI. Wes frames it as a tool for strategy and reflection, not a shortcut, while Danny emphasizes using it to deepen knowledge and accountability.- Wes shares how his AWS team leverages MCP servers and Amazon Q to speed design, boost onboarding, and solve problems faster, while Danny highlights enterprise-level use cases like multilingual documentation.- They discuss whether developers should build agents, the risks of security gaps, and how frameworks like DSPy could make optimized, lightweight agents a new competitive edge.Chapters0:00 MCP servers: security reality check0:33 Modern Web Podcast intro0:55 Guest: Wes Ecklan (AWS ProServe)2:02 Job hunt & interview mistakes5:05 Danny’s THRIVE framework7:39 Researching values & STAR stories11:12 Sponsor + quality & discipline in applications13:04 100 Days of Code in the AI era18:03 Using AI at work (MCP + Amazon Q)23:13 Hackathons & making time to innovate25:06 MCPs in practice: adoption & security36:00 Agents: when they help vs. hype — close & linksWes Eklund on Linkedin: https://www.linkedin.com/in/weseklund/Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: https://ai.thisdot.co/
undefined
Sep 23, 2025 • 36min

Every AI Cloud-Native Expert Starts with Kubernetes | API Gateways vs Service Mesh Explained

Danny Thompson sits down with Marino Wijay, Staff Solutions Architect at Kong and CNCF Ambassador, for a wide-ranging conversation on modern cloud-native development. They start with Kubernetes as the entry point into the ecosystem and explore what it really means to be a CNCF ambassador. Marino explains the difference between an API gateway and a service mesh, when small teams should adopt each, and why managed services often make more sense than running infrastructure yourself.The discussion then shifts to reliability and observability, with a focus on automation, pipelines, and creating a seamless developer experience. Finally, Marino shares lessons from working with enterprises rolling out AI, covering vector caching, cost optimization, latency concerns, and the importance of data governance when dealing with LLM traffic. It’s an episode full of practical advice for builders navigating the realities of APIs, microservices, and AI in production today.Key points from this episode:- Kubernetes remains the entry point into the cloud-native ecosystem, giving teams the foundation to operationalize applications and join the CNCF community.- Marino breaks down the distinction between an API gateway and a service mesh, showing how a gateway like Kong secures APIs at the edge while a mesh like Kuma manages traffic, authentication, and encryption between services.- For smaller teams, the smartest path is to rely on managed services and an API gateway, introducing a service mesh only when scale and complexity demand it.- As organizations adopt AI, Marino highlights how vector caching, governance policies, and PII sanitization help control costs, cut latency, and protect sensitive data when working with LLMs.Marino Wijay on Linkedin: https://www.linkedin.com/in/mwijay/Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: https://ai.thisdot.co/
undefined
Sep 16, 2025 • 50min

I’m Sorry, But Your CSS Is Terrible

Rob Ocel and Danny Thompson sit down with Andy Bell to treat CSS as a craft, not a chore. Andy explains why he mentors the browser instead of micromanaging it, how progressive enhancement keeps products resilient, and which modern features deserve attention right now, including has, anchor positioning, and clamp. The conversation gets practical on grid versus flexbox, why grid is often simpler than people think, and how ecosystems and tooling skew usage. They unpack the real reasons Tailwind spread across teams, where it helps with speed and onboarding, and why core CSS skills plus a clear methodology prevent long-term debt. Expect candid consultancy stories, smarter debugging with today’s devtools, and a reminder that play, standards knowledge, and strong communication habits lead to cleaner, more maintainable front ends.Key Takeaways:- Andy Bell stresses mentoring the browser instead of micromanaging it, leaning on progressive enhancement and letting it adapt to context.- Features like :has(), anchor positioning, and clamp are changing how developers approach layouts, interactions, and responsive design.- Despite its power, Grid hasn’t caught on like flexbox, partly due to ecosystem and tooling choices. Andy suggests learning grid first for a clearer foundation.- Tailwind solves organizational and onboarding challenges, but without solid CSS fundamentals and consistent methodologies, teams risk piling up technical debt.Andy Bell on Linkedin: https://www.linkedin.com/in/andy-bell-347971255/Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: https://ai.thisdot.co/
undefined
Sep 11, 2025 • 42min

Software Developers Spill the Beans on Conversational AI

In this episode of the Modern Web Podcast, Rob Ocel and Danny Thompson are joined by Rishab Kumar, Staff Developer Evangelist at Twilio, to explore the evolving landscape of voice and AI interactions. They discuss the rise of conversational AI, how voice interfaces are becoming the natural medium for human-computer interaction, and the tools and best practices for integrating AI into real-world applications. Rishab shares insights from Twilio on building voice-enabled AI experiences, tackling challenges like latency and prompt design, and how AI is shaping the future of productivity and problem-solving. The conversation also highlights community-focused events, like the upcoming Commit Your Code Conference in Dallas, where networking, learning, and giving back to charity take center stage.Key Takeaways:- Voice interfaces are becoming more natural and conversational, moving beyond simple commands to context-aware, agentic interactions that can assist with tasks in real time.- AI is being integrated into real-world use cases, from coding assistants and productivity tools to hands-on guidance for tasks like furniture assembly, car troubleshooting, and lab work.- Platforms like Twilio provide APIs, Conversation Relay, and integrations with voice models to streamline AI voice interactions, handling challenges like latency, speech-to-text, and interruption management.- There’s a growing need for specialized, reliable AI tools tailored to specific industries and tasks, as well as careful consideration of ethical implications, user trust, and contextual accuracy.Rishab Kumar on Linkedin: https://www.linkedin.com/in/rishabkumar7/Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot: https://ai.thisdot.co/
undefined
Sep 2, 2025 • 42min

The Biggest Mistakes Devs Make in Accessibility & SEO

In this episode, Rob Ocel and Danny Thompson enjoy a conversation with Kilian Valkhof, founder of Polypane, a browser built for developers who care deeply about their craft. The discussion explores the shifting landscape of online developer communities as conversations migrate from Twitter to Blue Sky, Mastodon, Discord, and local meetups. Kilian shares how this decentralization has shaped advocacy around accessibility, performance, and front-end principles, while Rob and Danny reflect on what developers lose and gain when there’s no longer a single central hub. They also dig into guiding principles for building quality front-end experiences, from usability and accessibility to balancing trade-offs between performance, readability, and SEO.Key points from this episode- Developers are finding their communities scattered across Blue Sky, Mastodon, Discord, and meetups, changing how ideas about accessibility and performance spread.- Practical frameworks like “rule of three” and “make it run, make it right, make it fast” give developers clearer guidance than vague advice such as “don’t repeat yourself.”- Building with craft means going beyond visual accuracy to include accessibility, usability, and small details that improve the overall user experience.- Teams need to agree on priorities so they can navigate trade-offs between things like accessibility, performance, SEO, and readability.Kilian Valkhof on Linkedin: https://www.linkedin.com/in/kilianvalkhof/Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: https://ai.thisdot.co/
undefined
Aug 25, 2025 • 42min

Sentry Has New AI Tools for Monitoring and Developer Workflows

This episode of the Modern Web Podcast features Cody De Arkland, Head of Developer Experience at Sentry, in conversation with hosts Rob Ocel and Danny Thompson. They explore how Sentry has embraced a culture of experimentation with AI, from grassroots innovation in Slack channels to leadership setting the tone for rapid adoption. Cody shares insights into Sentry’s new AI monitoring tools, including MCP support and agent tracing, which give developers visibility into token usage, tool calls, and debugging flows. The discussion also touches on how AI is reshaping developer workflows, the balance between writing code and prompting, and why structured thinking is key to getting useful results.Keypoints from this episode:- Sentry fosters a playful, experimental environment where both grassroots initiatives and leadership drive AI adoption.- Sentry has rolled out AI monitoring with MCP support and agent tracing to give visibility into token usage, tool calls, and debugging.- AI is changing how developers approach coding, blending prompting with traditional programming.- Success with AI depends on framing problems clearly, not just relying on raw prompts.Cody De Arkland on Linkedin: https://www.linkedin.com/in/codydearkland/ Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot Labs Instagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: https://ai.thisdot.co
undefined
Aug 13, 2025 • 36min

How Elasticsearch Improves Search Relevance, Log Parsing, Production Systems, + More!

In this episode of the Modern Web Podcast, Rob Ocel and Danny Thompson talk with Philipp Krenn, Head of Developer Advocacy at Elastic, about how Elasticsearch has evolved from a search engine into a foundation for observability, security, and AI-powered systems. Philipp explains how Elastic approaches information retrieval beyond just vector search, using tools like LLMs for smarter querying, log parsing, and context-aware data access.They also discuss how Elastic balances innovation with stability through regular releases and a focus on long-term reliability. For teams building with AI, Elastic offers a way to handle search, monitoring, and logging in one platform, making it easier to ship faster without adding complexity.Key points from this episode: Elasticsearch has expanded beyond search to support observability and security by treating all of them as information retrieval problems.Elastic integrates with AI tools like LLMs to improve search relevance, automate log parsing, and enable features like query rewriting and retrieval-augmented generation.Vector search is just one feature in a larger toolkit for finding relevant data, and Elastic supports hybrid and traditional search approaches.Elastic maintains a steady release cadence with a focus on stability, making it a reliable choice for both fast-moving AI projects and long-term production systems.Philipp Krenn on Linkedin: https://www.linkedin.com/in/philippkrenn/Rob Ocel on Linkedin: https://www.linkedin.com/in/robocel/Danny Thompson on Linkedin: https://www.linkedin.com/in/dthompsondev/This Dot Labs Twitter: https://x.com/ThisDotLabsThis Dot Media Twitter: https://x.com/ThisDotMediaThis Dot LabsInstagram: https://www.instagram.com/thisdotlabs/This Dot Labs Facebook: https://www.facebook.com/thisdot/This Dot Labs Bluesky: https://bsky.app/profile/thisdotlabs.bsky.socialSponsored by This Dot Labs: ai.thisdot.co
undefined
5 snips
Aug 6, 2025 • 48min

What is AI Agentic Experience and Why Provide a Great AX for Users?

Sean Roberts, Head of AX Architecture at Netlify, dives into the innovative world of Agentic Experience (AX). He explains how AX transforms digital service design for AI agents, discussing why user flows often falter in agent-driven settings. Sean highlights the importance of effective discoverability through SEO and structured content. He also questions the relevance of traditional CMS platforms amid evolving AI needs, sharing a humorous incident where an AI agent took down Netlify’s homepage, underscoring the growing complexity of web content interaction.
undefined
Jul 3, 2025 • 36min

Why Prompt Engineering Skills Matter More than Your AI Model with Melkey Dev

In this episode of Modern Web, Danny Thompson chats with MelkeyDev, a Machine Learning Infrastructure Engineer at Twitch, about AI’s real-world applications, developer productivity, and the future of careers in Go. They cover everything from the rise of tiny AI-driven teams competing with large enterprises to how system prompts may matter more than model choice. Melkey shares his thoughts on cost-effective LLMs, production pitfalls, and the cognitive downsides of over-relying on AI. The conversation also explores backend development with Go, what makes it great for fast-moving teams, and how new developers can get started.Keypoints from this episode:- AI’s real value lies in business use cases. Melkey emphasizes that AI isn’t just a productivity tool; it enables small teams to build faster, cheaper, and more effectively than ever before.- System prompts are underrated. When it comes to LLM performance, prompt engineering often matters more than the model itself, especially for UI generation and agent design.- Cognitive cost of AI reliance. Referencing recent research, Melkey warns that overusing AI tools can reduce your ability to retain knowledge and perform certain tasks independently.- Go remains a strong backend choice. Despite being “boring,” Go continues to power developer velocity and scalable infrastructure, making it a smart language for backend-focused engineers.Follow MelkeyDev on Twitter: https://x.com/MelkeyDevSponsored by This Dot Labs: thisdot.co

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app