[Music] my [Music] hello and welcome to live coding happy hour it's our first one of 2021 here on january 8th before we get into it uh let's go ahead and do some introductions andrew brad's throwing me on already who am i what if what are we doing what day is it hi uh thanks brad i'm andrew barnes developer advocate here at servicenow in the platform business unit and i love building on this platform i've been doing it for over six years i've been a developer advocate for over two years now at servicenow and have previously been a partner and a customer of servicenow building on our platform and doing interesting things i'm excited to be here with you today all right chuck hey my name is chuck tomasi i've been doing this crazy computer thing for coming up on 40 years if you can believe that oh i was i've been worried with servicenow since 2008 i was a customer for a couple of years and then 2010 i came over to the company and have been building applications integrations and doing all kinds of fun platform stuff having a blast awesome my name is brad tilton i am also a developer advocate here at servicenow with the developer program i've been developing on servicenow for about 12 years doing all sorts of things i've been with a customer a partner and i've been an employee for about the last four years i've kind of always focused on building custom apps on the platform and doing front end and process development and uh i you know love developing on the platform and i'm excited about today's topic but before we get into that uh one of the things we do on the show is we always drink something uh and then we rate it at the end so andrew tell us what you're drinking today uh today i have got a vienna lager from devil's backbone uh which is one of my favorite beers so pretty excited and there were only two choices it was yingling and this there were three beers in my fridge and there were two yinglings in this so it was easy decision chuck how about you i am gonna have to reach behind the bar pardon me mr dalek there we go i've got uh good old moose head grapefruit rattler oh so i've got today i have a 11 below brewing negative space and this was my brother actually gave me a couple of beers and so i have this one and then i have a variation on this for next week so what style is that about that it is a stout but it's got some spices in it uh so i'm i'm excited all right well um i am excited about today's show uh but before we get into that uh we've got a couple of things to talk about and announce uh so the first one is our quebec release is coming up we've got our rtp which is our real early release testing preview is already out there so we actually have some customers that have sub prods on quebec already and are playing around with it uh there's some really cool stuff in there i'm i'm excited to be able to publicly talk about some of those things at some point in the near future not right now and then one of our big things is we've got a tech now uh coming up on january 26th at 8 a.m pacific and we'll share the link to that in the chat uh but we're really excited about the quebec release a lot of what we're doing right now is is prepping for it and getting familiar with it there's some really great stuff for developers in there uh i think we also have some other things to announce uh chuck you've got a couple of things yeah just had a wonderful interview with maria gabriella one of our uh esteemed community members in the developer community we had a great discussion you can go listen to that on the break point podcast over at bitly slash sn break dash point that will take you to the index where you can subscribe you can listen right from there whatever you like that's the place to go bitly slash sn-break dash point also want to uh as you know we've got the integration series out bitly slash sn learn integrations we've got 15 episodes out i'm hoping in the next few weeks to get another three out on email email is actually a form of integration if you forgot it's kind of the lowest common denominator and uh use it in brute force cases only but it could be used for integration you think about when you reply to a message and it goes into your incident that's an integration you're actually updating a record from an email so we'll have those out and then of course we get into the big chapter of web services that will be coming out later this year i also want to give a quick shout out to anchor bowerskar for becoming the top position in the community this past week congratulations on him he should have the big applause wow someone after over more than four years someone has kicked me out of the first place position so good on him we're very very grateful to have people in the community that are contributing and he continues to knock down those questions as fast as they come that is impressive unseating the undisputed champion records are meant to be not undisputed anymore yeah awesome thanks chuck uh well i'm excited about today's topic uh authentication is not generally something i get excited about or is one of my strong points i'm glad you're excited about it because i'm not excited and i'm the one driving i'm excited to do some learning today uh because i know that uh you've got some some nice nice stuff for us so i'll go ahead and turn it over to andrew to uh to talk about what we're gonna do and then uh let's go ahead and before we do that um if you didn't notice if you've been here before uh brad gave the intro today and that is because we're shaking things up a little bit here and with that with the new year chuck who has been on a gazillion of these shows is now also a primary host uh so welcome formally uh this is now a chuck show as well uh and we'll we'll be rotating um between us hosts on who is uh you know the primary host uh for a given episode um so you'll you'll still see all of our faces uh you know coming through but but it won't meet you know be just me uh doing the intros and and uh you know keeping the the show on the tracks uh we're we're sharing the the load as it were like i got a promotion it was like episode one with dave and john yeah yeah we've been doing it longer than we have but yeah i think if we counted them we've probably been on about the same amount of the shows chuck um you might even have more of them than i have uh but thank you for being uh such a great uh great participant on these shows and uh you know we are we're glad to have you as a developer advocate um you know and working together so um thank you uh chuck and thanks uh brad for doing the intro and let me go ahead and start sharing my screen uh let's see i'm going to do a whole desktop share so you need to let me know how that's working out for you brad because i'm running multiple screens today we can see uh granting granting your bot access is the top of the screen here does that look right we need to move that around where is it oh yeah that's uh that's fine that's actually found where that is then um so what we're going to do today is um so i had a problem which is we need to do some automation between github and servicenow and i have done a lot of automation of github and servicenow before but one thing that i hadn't done is run a bot so a github bot from servicenow and being doing that and that um so i'm on a uh you know this this person wrote a pretty great little uh blog here of the the different methods to authenticate to github and i've previously done methods one two and three before uh but for the github bot you need method four oh boy and so it's a little strange um which is uh so if you can see here and i'm not going to read all this but this is a little bit different because what it needs to work is you need to uh you know have a private key that you use to generate a jwt token um that is a time bounded so it's very much uh acting like an access token if you're familiar with oauth so you get an access token that is a short-lived authentication and you know and that's what methods one two and three use in github is they use uh you know oauth 2 and refresh and access tokens but here with the bot you need to use a jwt token and that is not something that is easy to do so i have gone through this uh and and done most of the work for this and i'm gonna i'm gonna go through it again uh with everyone here today this these are not like polish things so we're still going to run into errors and we're still going to learn some new things um but we won't be fumbling completely in the dark today because i have successfully at least done this once previously uh there was a an internal development team that couldn't make this work and andrew had to come in and come to their rescue uh earlier and make this work so yeah he's sharing with us so um we're gonna we're gonna follow this uh so we've already done the register a new github app um and now we need to generate a private key so i'm gonna come over here to github and i'm gonna click generate a private key and this is where i'm going to need the private shrubbery sir i know how to do that we're we are shrubbed we are shrubbed all right let me drag this over to the side and kill that and all right generating a private key so i click the button and oh that downloaded the file that's great um that's actually even better you can remove the privacy shruggery all right so the shot 256 on there is not a problem with your privacy no it is not okay so that just val that's just allowing me to be able to validate um that it is that nothing's gone wrong so i've got this uh uh pm downloaded and i'm going to move this over to the side and so i have it accessible and let me go ahead and open this up and then i'm going to show you like part of it come on i want you to open in a file do you not want to open one second megahertz prayer was saying he loved that comment on their documentation that says not officially documented i saw that i said it's it's perfect for live code yeah so here i'll show you part of the key which doesn't really uh cause somebody start typing [Laughter] won't do you much good so here's what this looks like in the in the pem file and uh so i've got this file now but um if you know a little bit about servicenow and jwt um it you can't directly use that file so we do have some uh documentation on how to you know set up an oauth provider with jwt bear or grant type which has some of the steps that we're going to need to accomplish what we we want to do and some of them nice uh so the first thing is we need to upload a java key store certificate so there are different storage types for keys and jks's is one pems is one um there's uh some open source ones that's like uh pks 12 um and so we need to get our pm to be a java key store in order to get it into our service now instance okay so you were going to pem yeah i was issued a pm but i need a jks is there a conversion utility he asks and there is uh some conversion utilities he asks uh and gets answered so um i am uh using terminal in os x um and but uh let me step before i go to that actually um the one thing i wanted to show was there is here in github's documentation they have this handy um note on on how you can actually like turn your private key into a token um and it shows you how to do that with this ruby gem um so uh you you can uh you know if you get uh the the jw t gem installed uh you can then uh run this script and turn your pm into a jwt token that you can use so let me go ahead and do that for you really quick so if we take this file and move it into uh a folder in which we can actually get at it how did you install ruby on your mac uh i already had it installed so uh probably like brew install ruby is is what my guess is uh how i installed it uh which means brew all right so i've moved my pm into a folder and we're going to say live and let's see where we're at uh cool we are here um so if i want to take a look at this folder i have already put this uh jwt uh gem um script here um so this is straight from i just copied and pasted this straight from the github docs and you know stored it locally and i can say um oh i need to actually like put the uh file name in here so live and now i say uh ruby jwg and there we go so this is uh and i can come over here to postman so if you haven't used it postman is awesome when you're doing integration work it's just the best so in postman i can take my token and place it in there and github has a very simple api for calling uh to validate um that that i can hit to validate that i have a valid token and the winner is that's cool you have a valid token um so this is now um i can access and act uh and engage with my bot now with this token for 10 minutes so this is what i want to do but in service now okay make makes sense what our uh problem statement is yeah so you need to you need to use the pem service now to generate this token that'll be valid for 10 minutes so you need service now to be able to get a new token all the time yep all right so now that we've done that let us return back to our terminal and we are going to do some little conversions uh to get from our pm to jks uh so we're gonna use open ssl open ssl and uh i've actually got this over here um so we're gonna do a new key um and a new open ssl record um and we're gonna use our live pm key we're going to make this certificate for a while we're going to make this x 509 certificate and live key all right now live at out key and out out sir and why don't you like me please i think you had day in there a new option day very good good call just a fast reader of the docs that was a good good catch days oh what now oh oh unknown option key out it's not key out it's just key [Music] you already have a dash key it's at no it's out what is the command uh it is dash key out arg you just forgot the dash oh hey look at that country code us nc uh cary servicenow so what this is doing um so a a jks um is uh both a a combination of um a key and a certificate and so we needed to generate a certificate which is what we're doing right now um [Music] that's an instance name for anyone who's not [Laughter] okay so now i have a cert and i'm going to copy this command so i make a little less mistakes and replace some of these with their correct friends so output name uh was uh live out private key was live and output name again was so what did the first one generate you and and what are you doing now to convert so the first one generated me a certificate okay and this is um so the open ssl um is i'm telling it to generate a uh key store of type pkcs12 gotcha based on the file we just got correct um well comboing the cert and the file okay so the the new the new file is the cert and the uh existing thing was the live pm um and we're going to do a live out p2 and we're going to give this a password and now we should have a live out p2 which we do and this isn't going to be human readable but that's fine it's there it's valid yay and so now i just need one more step which is to convert that into a jks so uh there's a different command that's built in out of box in os x i am just referencing this video when we get to the authentication part that's like this is like 90 of the reason that i'm doing this show this way today is so that i have a record of how to do this the next time i need it oh so live out p2 um and outserts if anybody's wondering do we ever uh it's not uncommon for me to have a tab open with a live code on skipping between different time stamps especially when we're doing authentication yeah um so this quick key tool in this command is saying uh take an existing key store uh which is gonna be that p12 file that i created and it was a pkcs 12 type and turn it into type jks pretty straightforward but has to be done good luck remembering all these passwords yeah warning which which goes in the show notes it's hilarious that uh you know it's giving me a warning to migrate to pkc es12 when i just converted from that yeah but uh you know people tell me a warning you can live with warnings you can't live with errors i can live with warnings so now i'm going to return back to the docs and start following along with the docs now that i have a java key store certificate so i have a jks certificate locally and now i need to get that into servicenow so it says go to multi-provider 509s and import it so to pause you this is just something you just you would just have to do that once and now moving forward we can be in service now and do the rest of it and service now that is correct so once i get that in and if you're using a provider that'll give you the uh the jks then you can start at this step and so i'm gonna say this is a java key store this is not needed and i do need to provide the keystore password and it's going to throw an error because i didn't attach the thing so we need the jks and does this ever expire because you had a 365 in there somewhere so it will expire when the cert expires okay and there's a note a field in there says notify on expiration so theoretically you get an email to that person and and this will uh there's a scheduled job that uh does this uh i just click this ui action to validate whether or not this key store is valid or not and there's a scheduled job that runs um i think weekly or something maybe daily but it runs and checks all of your 509 cert certificates and will issue a notification uh with this uh date before to the system administrator when there's expiring certs in your service sound instance you can go back and watch this video and do it again yeah so the scheduled job will know when it's going to expire or just that it is valid oh it will know when it's going to expire okay it'll interest yeah it checks the cert to see when the expiration is and then sees if it's within 20 days of now and if it's 20 or less it sends the note cool all right um so we've done that and uh so it uh you know explains all those fields for you and now we get to go to the jwt keys area and set that up so we're going to create a sign and key record so let's do that so we're going to change this to jwt we're going to click jwt keys we're going to create a new one we're going to say this is the sn bot for lchhh this signing key is the second password that we nope this is the first password you put in uh the jks was the second password so this is the first password um and uh the signing algorithm will depend on you know which system you're trying to connect to so we are um the github instructions i do specify that you need a 256 so here over in the github docs it specifies that so that is what we need for this one and we need it to save and it's going to say hey you need a signing key store so we need to create a signing key store um and we just need to pick come on close we need to pick the one we just created there we go so this sign and key store points to that 509 certificate jks that we why don't they just make that feel great hey i just work here [Laughter] it should be but hey it's fine um so now we've connected um this jw t key record to the um uh key store um but the next step over here in the instructions we don't need to worry about the id i take it i didn't hear you chat we don't need to worry about that field key id that's correct we do not for our use case we are not because uh this is when you need uh you know multiple uh keys and we are only going to use one sure so now we need to set up the provider so so all of that is infrastructure so that we can actually like use it so now this is the and we are going to pick that configuration that we just created holly we had the jwt stuff in the platform do you know um so that was orlando orlando that's right i remember i remember ajwt release and that was uh this time last year um because i remember doing uh our uh some of the last episodes uh with dave slusher um and i on the show here and we did uh we rolled our own uh jwt signing uh and that was a nightmare we have we have josh nerius and his team to thank for all this implementation yeah so josh josh is awesome so we've now connected all of our pieces so the provider is really the the thing that you interact with um and it needs to link to a key which links to a key store um one of the things to note is if you need a special configuration um here in the script uh here and it should am i clicking the wrong thing should be this record where is the uh did i lose myself i did yeah i was already on the screen i was looking for that'll that'll get you uh if you need to build a custom script um on top uh so if if it requires you to set some special parameters or do something weird this is where you do it is in this jwt api script which is just a reference to the script include table and there are two that are provided out of the box um as both things you can use and as examples um to you know and what these do is the token internal um restricts that to only logged in authenticated users can do it and then jwt token restricted can apply more uh constraints than that so like a particular role for example um is when you would use this so now we've got a jwt provider and we can go get ourselves a token uh so i have prepped a little script for this so what we're going to need is our provider record and we're going to need the society of this and we're going to put it somewhere where it says replace with says id oh yeah right there i was looking for a sis id and i'm like i sis id shouldn't be that hard to find in here be sure to run this in global kids because gs.now is not scoped [Music] all right it looks like oh and i'm gonna just delete that so um these things um this in my payload so i've built a payload here um and the reason that i've passed these particular parameters are specific to github's requirements so this is in github's documentation on what it needs so over in their api documentation they specify that you need to send it um iss which is the app's id um you need to send it you know in expiration um time um that's the exp um and then the iat is like now i think uh what is yeah iit is like now i don't know why i have to send it now but that's what it wants uh and so that's what i give it so if we run this script this should be um and we'll copy that and it like the time and date format that we give it we don't have to convert it to it did which was made me quite pleased when i was setting this up so um if you do this wrong you get this but if you do it right you should get no was it only good for 10 minutes i just ran it just now uh did i have any errant characters in here there we go we we got a valid so we just validated that this is uh a valid token uh to github so um that is the extent of things that i was reasonably comfortable doing today even though it's still a little shaky so now that you have this what are you going to do in github what do you need the github bot for oh so the thing i need the github bot is we are transitioning the share repository from being stored directly in servicenow on our developer site to a github based one and so our servicenow share repository is going to be run in github and it's going to be managed with a servicenow instance because well we're service now and that's how we need to interact with the bot is from servicenow um and so uh but the the next step that i'm not even sure that we can do and i asked and the people who built this said that you can't do it but i'm not sure that it's true so the next step i want to do is come here and turn this into uh so right now i'd have to invoke that a similar script to what i just did um anytime that i need an access token but i think if i if i set this up as an oauth provider and just set it to a jwt broker type um that that this will invoke the that that call on the back end and get me a token that i can use uh so we're gonna try it out this is the uncharted waters this is completely uncharted waters cool somebody told me it couldn't be done but someone told me it couldn't be done but it feels very similar to things i have done so um let's let's let's uh let's go do it um so uh let's go to the registry nope not that one where's the app registry there it is app registry and create a new entry and so we're going to do um a want to do this one but i don't think i can uh so we're going to connect to a third-party oauth api so github and we need to make this a jwt bear and yeah see i'm not sure about these because i don't have i don't have a client id in client secret um that might that might stop me in my tracks let's see what else is going on here is there anything so i do i i think i can get a client id in secret but i don't know why they would be used for this because it's different than huh all right so instead of that so that that was this this was uh this was step one and it doesn't doesn't look promising right now so step two is flow designer and setting up an uh an action that does this for me okay so i can leverage this uh so how we're gonna you know the team that's building the the bot integration is going to leverage flow designer and to interact and so i want to be able to provide them a action that will they can put inside their subflows or whatever that whenever they want to call their any of their github interactions it'll check to see if they've got a valid token and if they don't generate them one right then let's give it a try so let's do it let's build a new action um get github jwt and we'll leave it in global for now and we're going to pass it in uh probably nothing i don't think i need to pass it anything because there's only going to be one so let's add a lookup record uh where's the lookup lookup record and let's see if uh will it even let me look up maybe the token table oauth credential table roth credentials was it that one could be looks like it hover over the eye icon and see what it says in your little tray down at the bottom um the tray in the bottom go to any column but any any room i see it right here in the header oauth credential it's the table name so i've got the table name and so what i want to do is look for so i'm going to store a token in here um so uh and we'll use a name and we'll look for that name uh nope what's the this name field is not called name in here okay oh what's the name field where would it come from oh that doesn't make it where is the name field all right that list we'll open a record and and right click it says it says the field name is name you show name is it coming from somewhere else column name oh is that not a thing how's that not a thing i agree chuck how is that not a thing did somebody set an acl so you can't report on it or something um well that's interesting uh well what shall i look for then instead go back to that token in the oauth credential table the record right click and do show name on on the field on the field on the field oh uh i can just double that'll work too that's the value right show name yeah click it with credential field peer very good okay why is it labeled name try peer there's a reference here [Laughter] all right wtf man [Laughter] that's that is something special right there let's create a label of lcahhbot uh let's save this let's return to the table let's add the token field let's grab the token let's drop the token in there come on let me put the token in there no you you won't even let me save it what okay all right well uh anyway we're going to pretend like servicenow agent is the one we're looking for for the purposes of this so we're going to do servicenow agent uh and then yeah we've got just a few minutes so we're going to look up this and then uh if we find one don't fail on error return only the first record and then we're going to hmm i kind of almost want to make this a sub flow but i don't have time for that [Music] so you put a condition in there yeah i want a condition that's like a scripted but i don't want to brute force all right so we're going to pretend like uh we created a script because the thing i want to do is given some logic i want to create or update a record but before that i'm going to script the creation of our token so given uh i'm given the record so given this record the token record we are going to say [Music] good and then um let's in fact just make this a glide record new glad record of type uh oauth credential [Music] and we probably need some quotes around those suckers oh you know when that happened and then we're going to you know token record and then we need to do our script which we have uh mostly here and we can get our token what was the purpose of doing the glide record oh cause i'm about to write back to it oh okay let's just say because you guys instead of using that right back record i'm just gonna do it in script good question though that i i was gonna use the uh step and then i was like i'll just do it right here it's easier um so we'll put this guy in oh yeah put this guy in there actually the token should have a reference to its provider the i'll figure that out later for the purposes of this um i should be able to get that from the token record um instead of hard coding it um and we will down here now say you know our token record dot uh let's do our field which will assume is token but we'll go look talking you never know you never know how many times have you gone after name and it's called table or element or something no table is often called name so all i really need to do is update um the token field with the jwt that i just generated and update the record and we're going to assume up here i said the thing is expired and not through this stuff if it's not so assume i have put in logic to only do this part when needed so that looks relatively like what i need to do is anything jumping out at you that's not uh well there's a bunch of hard-coded stuff but for now it'll work i was just gonna be like well i should probably do this as a parameter but other than that one um this should be coming from here and then that's pretty much all the hard-coded stuff in here so i could take an input of what uh which app i want to do this for um [Laughter] which well why don't we just do that i'm okay doing that you want the app id this is the app id okay and uh for our purposes we're going to go ahead and set it to the one we want default because default and now here we're going to app id and we're going to feed it in our app id and then down here we're going to replace this with inputs hey thank you for trying to yeah it'll help me buddy but you've already got one i'll use that but that's not what i wanted that's clippy helpful that is clippy helpful uh that actually looks like relatively what i want don't eat and then and then i don't think i think that's i think that's what i need feels plausible to me let's run it yes is it gonna work yeah who knows never works first time let's see let's go look at he wants to see the record first nothing it inserted a record record that feels like a win didn't put a token in the token field but i think that's a problem with this table not with the uh i think the table is stopping me from doing that i think this table is preventing that yeah so it generated this but it didn't put the token in there and i think that's because the table's stopping me i that feels like a win but let's see uh what was generated so that's that table that was generated i ever know it was trying to update the token record one yeah and can i see no i didn't uh i didn't put a like a log or anything let's log it let's log our token and save that and then we'll then we'll be done whether or not that's successful or not let's take a look at the logs and um you throw that at yup goes man throw that in a postman and see if it's happy postman's happy i'm happy okay we just had to figure out how to get it into that record yeah so i am going to stop the share all right well that was uh a ton of a ton of content um and for those of you that don't deal with authentication on a regular basis uh uh you're welcome that you don't have to [Laughter] oh but when you do run into these uh interesting cases uh there is uh still quite a bit of work uh that needs to be done for some of these authentication types you know the further you get from the super mainstream authentication uh the you know the less uh we have made it awesome in the platform but it's still functional like i was able to do it so now i can issue commands uh from that instance with that token and run a github bot so that that was cool did we have any interesting questions brad or did everybody go i'm glad i'm not doing that uh we didn't have any big questions upside down andrew did ask at one point could we use off algorithms instead of manual checks and yeah i i thought about that um and that is there is a potential there if i set up a provider that is using an auth algorithm that could that could then call that script um so potentially i haven't worked a ton in the auth algorithm area and that was one of the first things that i tried to do with this but then i was having other issues so i didn't return to that um so potentially i'm i'm not sure i'll have to check it out any other ones brad that was about it on the on the questions chat was fairly light how about from y'all was that consumable i i know that was kind of i it was super technical show today and and so with some weird authentication things but i hope i made it consumable i feel like this is one of those episodes that not everybody's going to it's not going to be applicable right away but it's going to be super applicable to someone down the line who has to yeah when you need it it'll be there yeah how long did it take you andrew to go through that first pass to get all the key things installed and conversions done and get it to go all right i got it working once uh hilariously the hardest part was actually getting the java key store the right way so i was able to do the jwt stuff inside the platform pretty quickly with a different provider that gave me my private key in in java key store format like that was relatively uh you know not as as painful that actually just taking the pm and turning it into a java key store was the most frustrating part for me um so it was a lot of a lot of trial and error with uh open ssl and key tool to get it right um so that that took me probably oh it was over the course of a few few days but it's something like six to eight hours to get uh all the pieces together um but probably another four to eight of just reading and trying different things in the platform for different areas of for to see because i tried the authentication that the authentication algorithms area i tried the oauth uh bearer first like a lot of different places this could have gone but that this was the one that actually worked uh so it was it was work a lot of trial and error well that was great um over to you brad all right well thanks uh thanks for leading us in that and uh and doing some some jwt uh anything anybody wants to plug before we uh before we leave i'm gonna go ahead and paste in the comments here uh the info for tech now uh the quebec release tech now but uh chuck i think we did all our plugging at the top of the show all right all right well uh thank thank you everybody for you know joining us on this first episode of live code happy hour uh for 2021. hey you can fix 2020 real fast because you just get to add a one at the end like it's 2020 one this is the sequel yeah and uh well i i'll go around the the horn for uh the beers i i guess i'm first so my vienna lager it this is one of my one of my staple beers so it's a solid four or five all the time nice nice uh my moosehead grapefruit rattler i know it's not much of a winter beer for you guys but it's been nice here the last few days in phoenix arizona and this is just what i needed with the success of getting our keys and everything in there i'm giving it a four or five also oh all right this is my negative space from 11 below brewing which is fairly close to me at about an hour away it's one of my favorite beers i'm going to give it a 4.75 because i hope very much we never have 475 maybe the highest grade i've given a beer on the show but i like it a ton it's actually snowing here in north carolina what wow that's rare yeah like i'm in the foothills in north carolina and it snows like once a year in just a little bit and even when it's a huge storm like you just wait a day it all melts stay off the road we don't even try and drive in the snow here we just wait a day because we had a my old company we had an office in raleigh and uh every time it was snow people just didn't know what to do they didn't own shovels i saw people trying to shovel with their frying pan i saw people using like cafeteria trays it was great yeah uh it is it raleigh is a fun uh there is a a internet meme from about five or six years ago from raleigh where it snowed like two inches one day in raleigh and the the picture is is like there's like two or three cars on fire on this one road and like it it's like an apocalyptic disaster and and people have you know added like aliens attacking to the picture and stuff but really without any editing the picture is ridiculous so i lived in raleigh for a long time and they really just everybody should just stay home when it because it's going to melt in a day or two yeah we have about in every 10 years snowing policy here in in college station outside of houston so all right well thanks uh thanks andrew and thanks everybody for joining us and we'll see you here about the same time same place next week take care [Music] you