Ep. #18, Consent Management with Christopher Burns

Brian Douglas: Welcome to another installment of Open Source Ready, with my co-host, John McBride. How you doing, John?

John McBride: Hey, I'm doing just fine. I'm on call this week at my new job, so.

Woke up a little early the other day, but surviving, thriving. What about you, Brian?

Brian: Excellent. Do you wear the pager on your hip? Like, is that how it works now these days?

John: It's all just cell phones. It's not as exciting as it used to be, but yeah, I do carry my phone around.

Brian: Excellent. Perfect. Well, I'm not on call. I'm actually the opposite of on call. I'm doing some "funemployment" for the next couple weeks.

John: Nice.

Brian: And so far so good. I got into "The Last of Us" part 1.

John: Ooh.

Brian: Like, a third of the way through. Obviously watching the show, and I just figured, let me just go ahead and play this game while I have some free time, so.

John: I was going to ask if you played the game or not.

Brian: No, yeah, catching up. I watched the first season, so I'm spoiled completely, but from what I know, the second season's only going to cover, like, a third of the second game, and then they're going to switch perspective in, like, future seasons with different characters, but.

Don't want to talk about "The Last of Us"today, I actually want to talk about consent management and cookie banners with Christopher Burns.

Chris, you're not a stranger to podcasts. You've been on podcasts with me before, but you want to say hello and tell us what you're working on?

Christopher: Yeah. Hey, I'm Christopher Burns. I'm from the UK, well-traveled, you could say, currently in Greece.

Consent management is a really, really interesting area that I just think so many people just don't have the full context.

They think, "It's not for me, I don't need to worry about that. Is it the marketing team's?"

And why I'm here today is just to really talk to the developers, explain actually how it matters, why it matters, and really where everything is going and why developers, I think, are a pivotal piece to that future of consent.

Brian: Yeah, so you open sourced something, actually was it early this year, or was it last year?

Christopher: c15t? Yeah. Let's talk about that.

So I think it's really good to explain the premonition of this, is that I'm a second-time founder, so.

My first company was called Everfund, and we were helping nonprofits get the best checkout experience as possible, to getting donations as fast as possible.

And one of the things that always bugged me was the speed. And we made the best donation checkout for nonprofits, but technology wasn't their biggest point. It was more so the business models.

And then when we closed down that startup, I really started thinking about what really, really annoyed me, what was something that I worked on that I just couldn't drop that wasn't necessarily the product of Everfund, and I actually have a really good quote about this.

It's from Andy Warhol, and it says, "You need to let little things that would ordinarily bore you suddenly thrill you."

And for me, that was the consent systems, that was the cookie banners, the privacy policies, because one of the biggest things about Everfund was the trust.

Charities were and are always an area of questionable ethics, and people's trust really matters if they will convert.

So the consideration that I was always putting into the policies, the legal documents, it just never felt like there was a solution out there good enough, so when, obviously, we wound down Everfund, I started working on this prototype of what I started to call c15t.

So I started building out this prototype of this consent management system bottoms up, using all the best technologies like TypeScript, React Server Components, experimented with Shadcn.

And then just soon as I got a working prototype, I went out there, and I said, "Hey" to some of my friends that had already had been founders in, are founders now, "I'm working on this, tell me your opinions."

And I got so many interesting opinions, and even now from, "Isn't this just like an EU thing? Do I need to even worry about this? We're an American business over here," you know, to, "This seems like the best thing ever, but I honestly do not care. But think about this like when I say, 'I do not care,' it's I just want to pay you and just tell me what I need to do, and I don't care about everything else."

And so I've seen all these different sides of the scale, and we then started really building out the c15t consent engine, really focusing on open source primitives, looking at all the competitors out there, what have they built well, what have they not, how many of them open source, how to do it differently, what really was that pain point for me that made me want to go do this myself?

And we started building it out. We launched about early May, so it's been out for about four weeks now, and the success has already been incredible.

When I've gone to meetups and spoken to, like, agency owners in, like, European Union, you have to deal with things like cookie banners or marketing websites, everything, I just see their eyes light up, like, "This is just what I needed. How can I get this injected into my blood faster?"

Because it's a massive thing a lot of people have to think about, and I think, honestly, consent management is the missing tool piece of every modern marketing website, technology business because we spend so much time working on the core principles, the business fundimentalities, the product, the styles, we launch, and then we go, "I think we forgot something." And that's the privacy policy, the terms and conditions, the what you are going to do, what you're not going to do.

And I just really want to really pull that back and say, "You might have forgot about it, and you're launching in 10 minutes. We want to get this done for you in five minutes so you are fully legally compliant."

And that really took us down this path.

Brian: Yeah, and could you explain some of the details of, like, what are you making easy?

'Cause, like, in my mind, I ran a company and wound it down as well. And when I was thinking about terms and conditions and privacy policy, it was, like, standard thing I downloaded from Termly, and then yes or no, did you, like, can you accept these terms and, like, let's just move on.

So, like, I have a true/false in the database, and that's it for each profile. Like, what's the risk that I'm putting myself at by not caring that far?

Christopher: Yeah. I think this is a really important piece, and it very much depends if you are running, you know, a B2B product or a B2C product and the types of legality documentation that you need.

I really would love to speak about this area of legality documents and stuff, but I'm trying not to, and I'll say why, is we know our roadmap, but something I'm very focused on is killing one workflow at a time, and that current workflow is making the best cookie banner that has ever been on the internet.

And then once we nail that, that's when we move into terms and conditions, privacy policies, legal documents because we've really nailed the fundamental things.

So back to your question, why does it matter? Because obviously privacy policies come into things like cookie banners and everything, is that--

The world is forever changing, and, as people, we're really naive about data and how companies make money, and I think it's really naive to say, you know, consent is going to stop that. We're going to make the whole area so much cleaner. But I think one of the biggest goals, why it matters to a consumer but also why it matters to the business, is we know no company is completely compliant 100% unless they've got a legal team with 20 lawyers who, before a feature can even go into progress, you know, it's been lawyered.

And every single founder I've spoken to, it's like, "Okay, let's take them steps. The first step is, are you working with a lot of European countries? Yes, no? Are you working in American companies, states? What states are you working in? Where's your privacy policies, your terms and conditions, your cookie banners to different standards?"

And really taking that step forward slowly and saying, "We're not going to deliver you to 100% compliance overnight. It needs to be a process that new workflows are put into place."

I would love to talk about them workflows all day that are super, super exciting, but it comes back to the same thing of we're trying to nail that really critical first workflow of cookie banners and the whole things around that before we start looking at the much wider picture of where we want to go with the consent engine.

John: Yeah. I think what's very interesting about this in the open source is, you know, sometimes you hear people talk about this, and, you know, the easy assumption is like, oh, we need to re-litigate how fast Silicon Valley moves and understand like, why do we get ourselves into these places where we're having legal troubles, we're moving too fast, shipping too fast, and then we're not, like, in a compliant state.

But this seems like a drop in and replace kind of solution. I mean, is that mindset that, you know, ship it and forget it mindset something we do need to, like, go back and think about from a more meta perspective?

Like, does the technology industry recklessly move too fast?

Christopher: Well, I think this is actually a really good point, and it comes down to the fundamental reason that consent is built for developers first.

And there's so many tasks that get put onto developers that, you know, marketing has now said, "Hey, we need analytics."

So you go, "Cool, here's the PR for analytics." Your job is done, tick, it gets merged in, analytics are now added.

But what you've forgot to realize is obviously now your privacy policy needs updating, your terms and conditions, the logic gates for EU customers to say, "I don't comply to that, it's not comply."

The logic gates around not wanting to consent to that all need to be put into place.

And we see this fractured ecosystem of developer tooling that's here's a cookie banner but not the consent system, the database, or here's a full stack SaaS app, but it's completely proprietary to some really old scripting tooling and usage that I'm sure we'll get into.

But it goes back to that workflow of the developer gets assigned a task, they do the task, and then it disappears.

And we think a lot of the tooling that consent builds around c15t is capturing that flow, is saying, "Hey, you've implemented this new functionality, we think that changes your privacy policy in this way, and you should re-implement that."

And, "Oh, you've just implemented this tool, and in that Gitflow, we've scanned the PR, and we're saying, 'Hey, we are realizing you are adding PostHog. That means you need to update your privacy policy.'"

When that merges, we want to set an automated chain off saying, "Okay, now the new privacy policy needs rolled out, now you need to notify the customers in different territories what's the standards, do I need to worry about this?"

And I don't necessarily think it's Silicon Valley are moving too fast. I think it's that we're trying to innovate and adapt, and legal frameworks can be very stiff. And that human centric divide between what legally gets said and what humanly is done is a really, really interesting area.

And I think it's a question for all developers and practices where the legal text says one thing of what you're allowed, but do you even understand that, you know?

Do you even understand what you're allowed to do and what you're not allowed to do? And can someone just make it readable for us?

And there's so many interesting areas that we're going to build into, but it's, like, I keep coming back to, we want to nail that first workflow as best as possible and really introduce developers to consent as a whole.

John: Yeah, it's so fascinating. It almost reminds me of, you know, this is a different area, but, like, some of the annotations that GitHub has on licenses in the open source, you know?

I don't always want to read the license, which, you know, I should now having worked more and more in the open source, but they'll have these little annotations that are like, yeah, you can copy these, or, you know, it's copy left or these little things that can be a little more easy to grok.

So it sounds like you're envisioning a world where there's open source technologies that people can utilize to make this a little more turnkey, make it a little easier to understand what needs to happen and that pipeline of consent and compliance.

Christopher: Exactly. And what we have to see is that it's a forever-changing world as well.

And in the US, privacy laws are state by state level, in the European Union, they're declared by the European Union but then enforced with minute different details in country by country basis.

And then there's all the legal documents that are you really going to read to get compliant?

And I think this is a massive area of AI that we're exploring, and we've already had some really early chats and, you know, I have a prototype that I'm happy to share with any founders, saying, "This is not a lawyer, please don't think this is, like, legal advice, but if you have a question around consent or legalities or privacy policies, you bet it can give you a really high confidence on what you should be doing."

Brian: Yeah, so before the podcast, we met in London.

You were talking about this really good, like, frame of reference for what you're doing with c15, which-- Stripe.

Stripe, for example, like, when you think about payments, and you spend a lot of time working on a payments company, you don't have to think about the conversion rate, the tax laws in each different countries.

And with consent management, we have, like, a similar growing ecosystem. EU gave us the first step, but things are changing quickly.

So, like, can you explain how your plan is for using this tool to manage consent in the future?

Christopher: Yeah. So we like to think about our roadmap of who are we actually really trying to tackle, as in what problems and solutions are we trying to solve?

Are we building a platform for lawyers to, you know, make sure it's 100% compliant, or are we building a platform for developers, founders, startups, people who don't know what consent is, people who don't know the legalities or already have all of them drafted documents?

So how we see this area is almost like a bit like a Stripe Radar or system, where as you implement it onto your website and you start getting different requests from different countries, your users start signing up from, say, the UK or the US or all these different countries, every single country has different laws, different got-yous that you might need to worry about.

And we want to implement, like, this traffic light system that says, "Hey, we've realized you've hit this amount of customers in the UK, here's the things that you need to worry about," or, "Hey, everything is good right now, you don't need to do anything."

And I think it's, when I think about this kind of tooling, I think, "Who am I making it for?" I'm making it for myself more than anything else.

And I feel like there's a lot of these CMPs, consent management platforms, out there that are built by lawyers for lawyers.

They expect you to already know everything about consent, and I really want to take them steps back and say, "Actually, we want to turn this mythical beast that people just, you know, walk away from because it's too scary or they don't know, or I don't have people in the EU, I don't care about the EU, or this thing that we see on X, where it's like, 'You know what, I'm just going to ban all EU users,'" and-

Brian: Wait, that's a thing?

Christopher: Oh, yeah, yeah. That's definitely a thing.

But there's also really interesting companies out there as well.

For example, there's a founder that I know that runs a reputable startup that in every country that's not the European Union, they have marketing technology.

And then when it came to the European Union, they said, "No tech, no ads, no ads, no marketing technology," because they didn't want to implement a cookie banner because they felt like there was none out there that was good enough.

So you're seeing all of these different extremes, where do we even understand when we need one versus when we don't?

Necessary cookies versus marketing, what's the difference? Where do things fall?

I think the real power to the company that I'm building is the education part. It's the, we don't want a fear factor.

A lot of consent platforms out there are like, "You could be sued by the EU, and that's why you should buy this."

But I stand from a position where I want to be transparent with my users, I want to say how we process our data, how we do things, what we're doing to build that trust factor. And I think the consent platforms out there, there's a massive room for this in terms of education.

And, Brian, you know, yourself running a company, you just don't know these things.

And soon as you start talking about, like, we're a US company and we're having EU users, do we now need to start worrying about these things?

It's just a minefield that so many people just switch off from, and we want to change that perspective.

Brian: Yeah. And I was going to ask a question, why open source this?

Like, there's a lot of tools that exist already and, like, that are closed source, and they've been around for at least a couple years.

Christopher: Yeah. Because I think there's some fundamental beliefs around c15t.

I think the first one is the data doesn't matter, right? In so many companies, the data is so important.

We're not holding PII data, we're holding consent records, audit logs, but it's all about the control, the control flows, the how is this happening, who is this happening to, am I allowed to do that?

And that's where we see the value. So I fundamentally said straight away, "Wouldn't it be cool if we could just let them host it on their own database?"

And then it started spiraling from there, was like, "Oh, but what happens if they want to host it themself," you know?

Now we need to make our backend system in a way that is self-hostable. What happens if they want to attach it to their database?

So a massive inspiration in this area when we was building consent was actually Better Auth.

And the way of how they focused on pluggability with things like Kysely, Prisma, Drizzle, PostgRES, MySQLi, and having that composability I thought was really, really important early on, and to say, "We believe that this technology should be open because that makes the technology safer, it makes it more understandable, it makes it contributable. And if we're really doing something wrong legally compliant, people can see," you know?

It's not this closed source system. And the biggest thing is most CMPs are two sides.

There's the components, the scripts that you load onto your website, and then there's the backend infrastructure.

c15t is the real first, like, TypeScript-native CMP that is completely open source front to back.

You can host the backend completely yourself or you can have a hosted version in the cloud that we host for them on consent.

We really focused on composability on the front end. So we care about the modern web.

And to put it blankly, we also want to make our competitors better because there's so many bad cookie banner implementations out there, I'm going to add my own, or, "Hey, I've seen this library," and then they're going to start putting these things together.

We made c15t have three modes, you could say. There's the c15t mode, where you can connect it to your self-hosted instance or our consent instances in the cloud.

There's a complete offline mode, where you say, "Actually, I don't want to send the consent anywhere, I just want to host it locally to allow certain scripts."

But then the really interesting one was a custom mode that we built in.

And I think this comes down to the core DNA of why open source is important is because we want to provide that tooling to really take the whole market forward in consent management and say, "Hey, if you're a competitor that has a proprietary backend, but you want to allow your customers to implement c15t into their Next.js applications, React applications, and then you have a proxy to your services," we wanted to allow that.

Because really how we think about it is, is, like we said, there's so many fractured tooling when it comes to cookie banners, privacy policies, components that we just wanted to level the playing field and say, "Hey, no matter where this is going to go, this is a tool that you can use. And it has all the best in-class tooling built into it."

Because to put it simply, and this is a massive thing of why c15t is important, is so many of the technologies that CMPs and other competitors out there are using are just not built for the modern web.

And tell me if you know what an IIFE is?

John: No idea.

Brian: Yeah, stumped.

Christopher: So it's a way of bundling your code.

Brian: Oh, yeah, like in JavaScript?

Christopher: Yeah, yeah, yeah. So these acronyms like ESM, UMD, CJS, bundling has been a massive age-old problem for such a long time.

And so many of these consent solutions use IIFE to run that. That's a pattern, where, basically, you put a script tag, so you say, "Put this script into your header," and then that script loads immediate invokable function expression that then runs JavaScript, and that will normally be a stub to pull another library.

So it'll be, like, the config plus the stub to pull the actual consent library.

So when we're talking about the platforms that the market, the solutions that we're building onto websites, there's not many out there that's actually modern, up to date.

When you look at competitors, and you say, "I use the Next.js website," they go, "Oh, load our script through a use effect," and everything starts breaking down really, really fast.

I have this funny analogy that I like to think about this when it comes to bundling around why this is such an important area for consent and why bundling matters more than anything.

Brian: Yeah. The one thing I was going to, I was going to bring up is the, so I spent time at GitHub, and it was during the Nat Friedman time, so post Microsoft acquisition, and there was a moment where I think Nat was, like, probably just using the site or testing something out, and, like, dropped into the all-hands channel of, like, we got to remove cookie banners, and we're moving, we're moving them from everywhere.

'Cause he was just annoyed that you had to, like, you had friction to be able to leverage GitHub, especially if you're a first time user signing up at Enterprise.

So we had a mandate where we deleted everything. No more Google Analytics, no more cookie banners.

I don't know what the solution is today 'cause I didn't stick around long enough to figure it out, but I think that's actually, it's something that comes up a lot in annoyance for a lot of these developer companies.

Christopher: Yeah. We actually have that solution, and I'm happy to speak about it more. And bundling is a massive part in that.

And the reason why is we're moving into this very dynamic, edge-driven era, server-side rendering, React Server Components, where the server is rendering the content.

And when it comes to something like a cookie banner, a cookie banner is, essentially, a conditional statement.

If you are in the EU, show cookie banner, if you are not in the EU, do not show cookie banner.

And, like you just said, he went onto the website and thought, "These banners suck, remove them."

Probably in the US, probably didn't have that technology in place, where we see a lot of this friction to say, "Why am I being troubled with the European Union's problems in the United States of America?"

And this is one of the key areas of this, like, next-generation consent, is geolocation.

So taking that website request, soon as it loads, saying, "Hey, what is their location? Are they in the UK? Are they in the US?"

Then saying, "Okay, they're in the UK. Here is the English strings server-side rendered, here is the styles, the content."

And then soon as that payload's in the UK or Europe, you get a cookie banner, but when that payload's in the US, you don't.

And that wouldn't be possible without bundling it directly into the application, bundling it into the middleware, the edge functionality.

Just using this primitive methods of put the script in the header, it's never going to work out for these kinds of solutions.

And that's just one part of it. Things like the speed, the compatibility, this is, I could speak about bundling for days. I've been so deep in this area.

Brian: Yeah. Are there folks using c15t today, and like, do you have any sort of grounded stories? I have, like, a, I mentioned GitHub, but GitHub's not using c15t.

Christopher: No.

Brian: But, yeah, I was curious, yeah, if there's, like, any folks who are leveraging it, any developers that are excited about this so far?

Christopher: Yeah. So within the first month, we already had a Hilton hotel onboard in the EU, we saw users installing it onto their random, like, Finnish e-commerce company.

You know, it is really, really grassroots at this stage, but already, it's that really interesting area of hey, this is actually useful to people. It actually is clicking. People do want to actually use this.

And every single signup we get through, it's, tell me your frustrations, why are you picking this solution, why is this the focus?

And, time after time, it's just nobody cares about the developer.

The developer is the left-out user, and it's the one that makes the biggest difference when it comes to consent and really changing the opinion of consent from being this pesky, like, cookie banner thing to being something that is driven all the way through the application logic to say, "Hey, what about emails and unsubscribing," you know?

That's a consent flow. What about your terms and conditions? That's a different consent flow.

What about agentic AI usage, and saying, "Hey, I gave this AI consent to do these things on my behalf?"

You could say it's a really interesting opportunity to say, "Why are we different to a lot of them cookie balance solutions out there," is because most of them solutions are viewing the problem very small, as in we're building a solution for cookie banners when we've obviously built in very early this concept of we want to help control the consent flow throughout the whole application.

And really focusing on telling and helping them users get up to date on them, things like that.

In compliances, geolocation, best-in class support because, you know, as an ending comment, so many developers, we finish the website, the first thing we do is we go onto Google Lighthouse score, and we see 100, 100, 100, and go, "Yes, we have done it."

And then we deploy it, and then the marketing team comes in and say, "Hey, hey, hey, hey, we're missing all of our technology here. We need to bring it in."

And then that score starts dwindling. And we just want to fix that.

That is our biggest goal, is to say, "We want to keep your websites as fast as possible, and we believe it's the developer that's going to make the difference."

Brian: Cool, yeah. Well, Chris, thanks so much for coming on the show and chat about cookie banners and bundling. We'll have the part two about bundling in a future episode.

Christopher: Oh, yeah.

Brian: But I want to transition to picks. So I got to ask you a question, are you ready to read?

Christopher: Yeah, 100%.

Brian: John, you actually have some reads. Do you want to share?

John: Yeah, sure. My read is mostly on some news this week from Microsoft open sourcing their GitHub Copilot chat agent extension, which, you know, I think is big news for the open source, where they're really bringing in more of, like, the prompts and these sort of agentic flow into the open source.

But I ended up having a hot take on LinkedIn just on what, you know, this is a theme, I guess, these words around open source actually mean for this whole technology stack.

I feel like I end up just shouting into the void like a crazy person.

Like, these things, like, I can never reproduce, I can never rebuild, I can never actually, like, go and study, you know, the full stack of the technology end to end.

Mostly just because the very beating heart of these things is an LLM, in most cases, proprietary LLMs.

Even for open weight LLMs that are out there, very, very, very difficult to actually understand what's going on with those or make any meaningful changes or reproduce them without having to go through, you know, a bunch of H100s and fine tuning and all this stuff.

So, I don't know, it's a common theme that I keep bringing up, but it worries me, just the way that those words are getting thrown around and what that means for our software freedoms going forward.

So yeah. It's a hot take, but, Christopher, curious if you have any thoughts around open source and how that works with LLMs and a bunch of these technologies.

Christopher: Yeah.

I think that I'm a big advocate of LLMs, but I'm also a massive cynical developer on them.

As someone who uses them all the time and thinks, "I can see them getting better every day, but they're really not the golden, you know, shovel that we think they are yet."

And I think my hottest take with all these things is, like, V0, Bolt, Lovable are incredible tools, but do you really need to know how to prompt, how to program to get the most out of them?

And when will we see that in lock with, you know, the next model, where it's, like, actually without that developer knowledge, you're really excelling in that area?

And I think the open source part of it is such an important innovation when the more we can analyze and scan these things and compare and say, "Hey, shamelessly rip off our competitors in a, you know, classical open source way of making the industry better, I'm all for it."

John: Yeah. I think what worries me though is that, like, yeah, I don't think you would really have to go and, like, study the code or the prompts or anything to understand how V0 works, or any of these ways, but just from the, like, Free as in Freedom perspective that, you know, we seem to be eroding more and more of those freedoms, giving these, like, mega corps more and more power over, basically, our SaaSified world.

I think if companies like Vercel and OpenAI and Microsoft and Google, if they had it their way, you know, I would never ever be able to run any developer tooling on my machine ever again.

It would all just be in some cloud ID that just does a thing for me, and I'm paying, you know, hundreds and hundreds of dollars a month to go and make work.

Yeah, the very beginning of this thought is what Richard Stallman experienced early on in his freedom journey, where, you know, he had to, like, go schedule time on these proprietary operating systems, you know, and this was, like, the early days of computing, and it was so infuriating for him because he couldn't get the fixes he wanted or needed and started to think about these ideals of freedom and, hence, the free and open source operating systems that we have today have become a thing.

I'm just curious when that tipping point for, you know, LLM and developer tools will come. 'Cause, I don't know. It's a bit wax poetic, but-

Brian: Yeah, we thought it was going to be the DeepSeek stuff, and, like, that was going to open up the flood gates.

And I think we still have more DeepSeek moments 'cause, like, even, I see the value--

So you mentioned Bolt and, like, Lovable, I started using this thing called Same.New, which is another one of these things, and each one of them does a thing better.

So, like, V0 I feel is better for, like, design system, like, put the boxes in the right place. Same.New is perfect for cloning a site.

So I'm like, "Hey, build me YouTube," it does that, but then Bolt's better for, because StackBlitz has the in-browser editor.

I don't think any of the tools have done StackBlitz's in-browser editor as good.

So, like, what it comes down to is, like, the system prompt, the technology underneath, like, the stuff that no one's really sharing as publicly until someone's like, "Oh, cool, everything's out there," which I think Bolt actually open sourced or DIY thing, but it requires StackBlitz or a web container which has, like, limited licenses as well, which is a whole nother podcast on how that works.

But, like, people are building billion-dollar businesses, so, like, they're going to continue to corner a market or license software in a way that's restrictive.

Christopher: Yeah. This is actually a really interesting thing, and we see this on Reddit, where you see a comment once in a while that's like, "I've managed to get all of V0's prompts. Here's what they're saying to an LLM."

And it's like, and then Vercel base this in chat saying, you know, sometimes you're like, "Are they playing poker?"

They're like, "These really are our prompts," or are they're like, "You only have 10% of the actual system to actually make this success."

And I think there's so many areas that we're just going to see this 10X over the next few months and years.

So yeah. I think it's crazy. I wanted to pass into Chai. Have you heard of Chai by Langbase?

Brian: Yeah, I haven't played around with it, but yeah, I've seen the URL float around.

John: Yeah, same.

Christopher: Yeah.

So early on, in our chat, I mentioned that, like, LLM tool that I've been building, and one of the most interesting things about this was I just started saying, "Get all the laws. Just fetch me all the laws."

Downloading them, ripping them, and then saying, "Okay, so how do I now convert that into, you know, an agent on my, you know, an advisor?"

And I went through their original product that they built, and it was a very, really, really manual coerce.

You know, not quite Langbase and Pinecone, and I'm not an expert in this area, but it was, like, how to get going fast?

And Chai is, like, that next level abstraction on top of that, where it's like, you actually don't know how to tune the models or all these things, so what do you need to do to get your agent out there and really, like, prompt an AI, prompt the agent?

It's crazy from the early demos I've been playing with, but I think it's a massive innovation that I wanted to bring up.

Brian: Cool. I've actually got some picks, sorry not picks, reads that I'll share briefly, which Claude 4 was announced today.

There's a lot of cool benchmarks that was, like, sandwiched in the announcement, a lot of, like, random features and marketing goopel gop in there, but the thing that I found that was resonating is that Cursor also launched this, like, I forget what the feature's called, but, like, you, basically, have a async agent.

So if you're like, "Hey I want to go generate some code," it's going to do it offline without me thinking, in their server, and I didn't realize Claude actually shipped, like, up to seven hours of asynchronous programming, like, within Claude code and within the model.

So not only the context window is bigger, but the time at which that you can be leveraging this thing is also increased.

And my understanding a lot of these tools, like, like, Bolt, I know, is using Claude underneath, GitHub Copilot has Claude.

I imagine they're getting early access to these models and building features around that, and that's, I found it very interesting 'cause Cursor announced that I think yesterday about this async programming agent.

And, yeah. The world is continuing to advance, it's also super expensive. So I think someone's had, like, within, like, couple minutes they paid $10 for the async agent, so.

I don't think I would go say, "Hey, go build me entire program. Good luck. I'll see you in seven hours." Probably going to cost a little bit.

Christopher: Yeah.

John: You got to get those H100s in your house, Brian, come on.

Brian: Yeah. I'm going to see if I can expense them with the new job.

John: There you go.

Christopher: Well, it's worth nice when you say, "Hey, here's a JSON file that has, you know, 10,000 lines," and it goes, "A JSON file? I need to convert this to TypeScript," and now it's generating 10,000 lines of a JSON structure in TypeScript, and then you go, "I just wonder what the bill is going to be."

And that actually happened to me, like, I think, like, earlier today. I'm like, "Why is it doing this?"

You're basically making money for yourself by abstracting the wrong things that I didn't ask for.

John: Yeah. Speaking of, I have a real quick pick that that makes me think of. It was this thing on Reddit that's gone viral in the experienced devs subreddit, and the title is, "My New Hobby: Watching AI Slowly Drive Microsoft Employees Insane."

And it's a couple links to pull requests in the .net runtime that, basically, Copilot just opens.

I don't know if people, like, prompt it to get it to open, but it's just these, like, gnarly back and forths, where it'll be like, "I did it, it's so good," and then somebody being like, "No, all your tests failed. Try again." "Okay, I fixed it."

"No, now this is broken. Try again." It's back and forth, back and forth, and I just, yeah, it just hurts me slightly.

Maybe this week I'm, like, a little more pessimistic about these tools 'cause listeners have definitely heard me be very excited about AI in the past.

Very funny though, seeing the back and forth in the public.

Brian: Yeah, there was, the maintainer of cURL also, I think, posted on LinkedIn of all places about a mandate of no more AI-generated pull request.

John: Oh, I saw that.

Brian: Yeah, the contributions get unwieldy 'cause anybody can approach making a contribution, but cURL's a piece of software everyone's using.

Like, not, like, everyone, literally everyone's using. And the amount of reviews it takes to ask the question of like, "Hey was this AI-generated? Do you understand this code? Will you be around to maintain this later?"

And it's, yeah. It's taken a lot more overhead.

John: I mean, I think, Brian, you've heard me say this, but, you know, the probably best company to start today or tomorrow is a security company.

Like, people in cybersec are going to be doing just fine, I think, 5 to 10 years from now.

Christopher: Yeah. Especially consent as well. That's the same areas, like, legalities and laws.

John: It's so true. Yeah. Like, what LLM are they going to bring in a bunch of this stuff that you need the consent platform to, you know, actually check and actually see is, like, making a change, right?

Christopher: Yeah. I think my next thing that I just want to say is, like, Google I/O was yesterday, and did you see that video generation now has noise?

John: I did not.

Christopher: They've added voices.

John: Oh, my goodness.

Christopher: You know, it's true innovation right there.

Brian: Yeah. I've watched some of the videos that folks are tweeting or posting on X, and it's pretty amazing, but you can tell the content's, like, subpar.

Like, I think someone was asking the question, like, one of those street videos, like, the Hawk Tuah type style content, and someone's like, "Oh, tell me the top 10 things that surprised you about AI."

And it's like, "I'm so excited about whatever," blah blah blah. And I was like, "Okay, this is, it looks good, but obviously it's still robotic."

John: Yeah. I did hear a hot take around that where people are saying that, you know, content creators, going to the future, are going to have a rough time just 'cause there's so much of this content out there to train on, especially if you're in, like, a given niche.

Like, if you're just doing, I don't know, Casey Neistat type content, you know, 'cause he did that for years and years and years, and then there were all these copycats doing that kind of cinematography around their daily blogs, and it was all the same.

So, like, going into the future, being a Casey Neistat type blogger is going to be rough, but it opens the doors to, like, more true innovation that doesn't exist in the training data 'cause that'll be hard to replicate in content, right?

Christopher: It's a really good thing about, like, creativity.

And I often think this when I look at design and think, "There's so many people that look at, like, a generated website and just think, 'That's good enough.'"

Will we ever get to a point where it's, like, I can artistically really care about design, you know what I mean, and really get to that point about design and what makes something look good?

And I've still yet to find that even, like, 10% or 20% when it comes to these kind of generations, and yeah.

John: Brian, what was that really crazy website that you sent me from a company that, I mean, could basically give people seizures, but was so out there and just doing shapes and lights and-

Brian: That was Pierre, was that the Pierre.Co?

John: Yeah. I mean, like, that is so out there and so against the grain of, like, what modern design would look like that I can't imagine any AI generating this or thinking it was saying generating this, right?

Brian: Yeah, and honestly, that feels like that's what you got to do to stand out. Like, it's no longer about the first principles and building your product.

You've got to also, like, think outside the box on how you're approaching engagement.

But yeah, with that said, we didn't cover the workbench. Was there a URL for the c15t workbench that you guys were working on?

Christopher: Yeah. So we're building out all this technology, and we spoke about bundling, but really, we want to benchmark every single cookie banner out there and give people realistic options of saying, "Hey, that Lighthouse score has dropped. Why?"

We're building that into a website called cookiebench.com, and we're trying to make it as unbiased as possible and trying to lay out all the facts when people are picking out consent solutions.

And it actually opens this thought in my head, where it's like, could you actually take that benchmarking tool and put it for anything, not just cookie banners, you know?

And really understand how much React is actually costing your code base.

It's a great question when you think, this one React component, how much of that is adding to my actual code base?

Like, how much does that increase the bundle size, the loading times? That's what we're trying to tackle when it comes to cookie banners.

There's going to be many writeups about it. There's a lot of thoughts around this already.

Brian: Excellent. Yeah, well, hope folks will check that out. And, listeners, stay ready.