985: Stop putting secrets in .env

In this potluck episode, Wes and Scott answer your questions about popover navigation patterns, the Vibrate API on iOS, whether code quality still matters in the AI era, Wes’s evolving Obsidian second-brain setup, where to start with modern full-stack JavaScript, and more! Show Notes 00:00 Welcome to Syntax! 01:02 Using display none with popover and hamburger navigation 03:37 Vercel on iOS and experimenting with the Vibrate API 05:47 Does code quality still matter in the AI age? 11:08 Wes’ second brain update and Obsidian workflow QMD 19:57 Brought to you by Sentry.io 20:21 Supporting older browsers and missing out on modern web features 23:32 iPad browsing quirks and dealing with outdated Safari 28:26 What to do when you encounter a badly built or inaccessible website 33:37 Is the Effect TypeScript library worth the learning curve? 37:04 Where to start with modern full-stack JavaScript 43:39 Are column grid frameworks still relevant with modern CSS? Graffiti 49:54 Sick Picks + Shameless Plugs Sick Picks Scott: AVerMedia Video Capture Card Wes: Power Bar Extension Cord Shameless Plugs Phases Podcast Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Scott and Wes are joined by Phil Miller and Theo Ephraim to talk about Varlock, a new approach to environment variables that adds schemas, validation, and security to the humble .env file. They dig into the risks of traditional env workflows, how schema-driven configs improve DX, and how tools like Varlock help manage secrets safely across frameworks, CI, and AI-powered workflows. Show Notes 00:00 Welcome to Syntax! 03:15 The Risks of .env Files 04:58 Introducing Varlock: A Unified Solution 06:56 Schema-Driven Environment Variables 11:47 Integrating with Various Frameworks 14:08 Brought to you by Sentry.io 14:32 Cross-Language Compatibility 17:50 Best Practices for Environment Variables 21:11 Security Features of Varlock 25:02 AI Integration and Environment Variables 29:12 Introduction to Varlock and GitHub Actions 32:45 Secrets Management and Best Practices 36:09 The Future of Varlock and Open Source 38:36 Sick Picks + Shameless Plugs Sick Picks Phil: Bela.io Theo: Wonder Man Shameless Plugs Phil: nauticalartifacts Theo: howtostore.food Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Wes and Scott talk with Paolo Ricciuti about Svelte custom renderers and how Svelte actually talks to the DOM. They dig into compiler internals, CSS handling, native bridges, and the realities of maintaining ambitious open source tooling. Show Notes 00:00 Welcome to Syntax! March MadCSS 01:44 Paolo’s role at Mainmatter and his work on Svelte custom renderers 02:52 Why Paolo chose Svelte Why I choose Svelte Shift Dev 2019: “Rethinking Reactivity” 05:16 From Svelte ambassador to working on the project 07:45 How custom renderers change what Svelte can target 10:10 How Svelte uses the DOM and why that makes custom renderers tricky 20:32 What Lynx provides and how it differs from a web view 24:18 Brought to you by Sentry.io 35:56 Using Svelte with CSS outside the browser 39:09 The timeline and current state of the Lynx app 44:51 Sick Picks + Shameless Plugs Sick Picks Paolo: Opencode Shameless Plugs Paolo: Svelte Custom Renderers | TCMP Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Wes and Scott talk about building v_framer, Scott’s custom multi-source video recording app, and why Electron beat Tauri and native APIs for the job. They dig into MKV vs WebM, crash-proof recording, licensing with Stripe and Keygen, auto-updates, and the real challenges of shipping a polished desktop app. Show Notes 00:00 Welcome to Syntax! March MadCSS 02:28 Why screen recording apps are so frustrating 07:14 The requirements behind Scott’s app, v_framer 09:47 Tauri, WKWebView, and blurry screen recording headaches 13:00 Why switching to Electron was a game changer 14:02 Electrobun and the hybrid desktop experiment 16:29 Browser-based capture vs native APIs 18:50 Brought to you by Sentry.io 22:32 Notarization, certificates, and shipping a Mac app 24:52 One-time purchases, trials, and selling desktop software 26:37 Self-hosting Keygen for license keys 30:27 A scrappy Google Sheets-powered waitlist 31:56 Keyboard shortcuts, FPS locks, and app customization 34:50 CI/CD and painless auto-updates with Electron Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Wes and Scott talk about the latest dev news: Node enabling Temporal by default, OpenAI acquiring OpenClaw, TypeScript 6, new TanStack and Deno releases, the explosion of AI agent platforms, and more. Courtney Tolinski's Podcast Phases: A Parenting Podcast https://phases.fm/ Show Notes 00:00 Welcome to Syntax! 01:11 Brought to you by Sentry.io 02:40 Node.js enables Temporal by default Enable Temporal by default 04:08 OpenClaw acquired by OpenAI OpenClaw, OpenAI and the future 09:36 Bots are taking over the internet Wes’ tweet 15:30 TypeScript 6 Beta Announcing TypeScript 6.0 Beta 17:00 TanStack Hotkeys for type-safe shortcuts TanStack Hotkeys 18:05 Components will kill webpages Components Will Kill Pages 19:39 Is Google Translate just an LLM? Viridian’s tweet 23:29 Shaders.com 26:49 Voxtral Mini Realtime Voxtral Realtime Demo 29:51 Deno launches Sandboxes Introducing Deno Sandbox 32:39 Oz by Warp.dev 38:10 Augment Code Intent 40:10 Sick Picks + Shameless Plugs Sick Picks Scott: Samsung Remote Wes: Ice Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Scott and Wes unpack Interop 2026 and the browser features finally aligning across engines, from container style queries and anchor positioning to scroll-driven animations and view transitions. They break down what it all means for day-to-day devs and how close we really are to a fully interoperable web. Show Notes 00:00 Welcome to Syntax! 00:21 What is Interop? Interop GitHub. 02:44 Container Style Queries. 09:32 Brought to you by Sentry.io. 09:57 Anchor Positioning. 12:01 CSS attr(). 15:40 CSS Contrast-color. 19:10 CSS Zoom. 21:36 CSS Custom Highlight API. 24:02 Dialogs and Popovers. 25:44 Fetch Uploads and Ranges. 27:48 IndexedDB. 28:25 JSPI for Wasm. 29:05 Media Pseudo-Classes. 30:00 Navigation API. 31:53 Scoped Custom Element Registries. 32:40 Scroll-Driven Animations. 33:30 Scroll Snap. 36:50 CSS Shape(). 38:25 View Transitions. 41:32 Web Compat. 42:29 WebRTC Improvements. 43:44 WebTransport. 45:44 Investigation Efforts. 46:25 JPEG XL 48:46 Mobile Testing. 49:20 WebVTT. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Wes and Scott talk about the state of AI coding in 2026—from editors and models to agents, skills, slash commands, MCPs, and more. They unpack what these things actually do, how they overlap, and how to use them effectively without overcomplicating your setup. Show Notes 00:00 Welcome to Syntax! 01:39 The tools: editors, terminals, GUIs 05:27 Wes’ and Scott’s current AI setups 13:17 Picking the right model 18:58 How exactly do agents work? 22:32 Subagents and parallel workflows 24:29 Brought to you by Sentry.io 24:54 What goes in agents.md (and what doesn’t) 26:47 Skills vs agents Skills Superpowers 34:03 Slash commands as reusable prompts 36:02 Hooks and keeping your code from going off the rails 38:00 Plugins and bundling your setup 39:24 What MCP is and why it’s powerful 40:54 Cloud agents and running jobs remotely 43:47 Choosing the right AI tool 47:41 Sick Picks + Shameless Plugs Sick Picks Scott: ULTRALOQ Bolt Fingerprint WiFi Smart Lock Wes: St. Denis Medical Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Scott and Wes unpack WebMCP, a new standard that lets AI interact with websites through structured tools instead of slow, bot-style clicking. They demo it, debate imperative vs declarative APIs, and share their hottest take: this might be the web’s real AI moment. Show Notes 00:00 Welcome to Syntax! 00:16 Introduction to WebMCP 01:07 Understanding WebMCP Functionality. 03:06 Interacting with AI through WebMCP. 06:49 WebMCP browser integration. 08:25 Brought to you by Sentry.io. 08:49 Benefits of WebMCP. 11:51 Token efficiency. 13:02 My biggest questions. 14:13 My take on this tech. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Wes and Scott answer your questions about AI agents, learning to code with AI, pagination patterns, skilling up from outdated tech stacks, balancing side projects with family life, real-world hacking attempts, and more! Show Notes 00:00 Welcome to Syntax! 01:39 Are devs really running multiple AI agents at once? Scott’s Tweet 09:41 Brought to you by Sentry.io 12:45 What is pagination and why do websites use it? 18:17 Should beginners use AI while learning to code? 30:24 The real-world skills CS degrees don’t teach you 35:59 Someone tried to hack Syntax 38:12 How Wes and Scott became co-hosts 42:00 Moving from junior to mid-level when your skills are outdated 45:42 How do you balance time for side projects, life, and family 52:45 Building a ChatGPT-style RAG search for your resume 56:15 Why Chad Whitacre videos were on the Syntax YouTube channel Chad’s YouTube Channel 58:44 Sick Picks + Shameless Plugs Sick Picks Scott: Trmnl Wes: RYOBI Soldering Iron Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Scott and Wes break down how they built SynHax, the real-time CSS Battle app powering the upcoming Mad CSS tournament. From SvelteKit and Zero to diffing algorithms, sync conflicts, and a last-minute hackweek glow-up, this one’s a deep dive into shipping ambitious web apps fast. Show Notes 00:00 Welcome to Syntax! 00:50 March Mad CSS Tournament. 03:19 Brought to you by Sentry.io. 03:59 What the heck is a CSS Battle? 05:34 The tech stack. 06:30 Svelte Kit. 06:44 Zero Sync. Zero Docs Zero Svelte. 07:32 Drizzle. 07:58 Supabase. 08:23 Graffiti. 10:45 Sync Server. 12:10 Cloudflare Workers. 12:23 Local File System. 13:26 How Zero Works. 13:48 Zero Sync Client. 15:39 API server. 19:34 Dealing with states and conflicts. 24:25 The Hackweek Project. 25:29 The Diffing Algorithm. 35:22 The bugs. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads