In this episode, the panelists talk Node with Mikeal Rogers.

The panelists talk to The Node Security Project founder and organizer, Adam Baldwin.

Check out RailsClips on Kickstarter!!

02:39 - Hongli Lai Introduction

• Twitter
• GitHub
• Blog
• Phusion

03:08 - Tinco Andringa Introduction

• GitHub

03:23 - Phusion Passenger

• [GitHub] passenger

06:13 - Automation

• nginx

08:37 - Parsing HTTP Headers

• Hooking

12:44 - Meteor Support

15:37 - Future Added Features?

17:12 - Passenger Enterprise

• Ruby Rogues Episode #143: Passenger Enterprise with Tinco Andringa and Hongli Lai
• About Phusion Passenger
• Documentation & Support

20:03 - Concurrency and Multithreading  

• Multiprocessing
• The Cluster Module
• WebSockets
  • passenger_sticky_sessions

23:33 - Setting Up on a Server for a Node.js Application

• Debian Packages

25:06 - Union Station Monitoring Tool (Union Station Teaser)

• Introducing Union Station: our web app performance monitoring and behavior analysis service; now in open beta
• Using Google Polymer
  • JavaScript Jabber Episode #120: Google Polymer with Rob Dodson and Eric Bidelman
  • Polymer vs Facebook React

Picks

Emily Claire Reese: Playing Catch-Up (Jamison)
Jason Punyon: Providence: Failure Is Always an Option (Jamison)
Active Child: You Are All I See (Jamison)
FFmpeg (Chuck)
YouTube (Chuck)
Developers' Box Club (Chuck)
Ruby Remote Conf (Chuck)
DevChat.tv Kickstarter (Chuck)
Dash (Hongli)
In the Balance: An Alternate History of the Second World War by Harry Turtledove (Hongli)
phusion-mvc (Tinco)
Union Station Teaser (Tinco)
Radio 1's Live Lounge (Tinco)

Check out Angular Remote Conf!

02:22 - Jason Rhodes Introduction

• Twitter
• GitHub
• Blog
• SparkPost
• NodeSchool
  • @nodeschool
  • GitHub: NodeSchool
• charmCityJS
  • @charmcityjs

03:46 - NodeSchool

• Jason Rhodes: A Story About NodeSchool and Community Building at CascadiaJS 2014
• Jason Rhodes: NodeSchool Trying Node AND Contributing @ Empire Node 2014

06:05 - “Workshopper(s)”

07:13 - How Meetups Run (Format), Target Audience

11:09 - Pair Programming and Peer Learning

14:34 - Starting a NodeSchool Chapter

15:53 - Implementing Diversity

18:07 - Mentoring and Mentorship

20:49 - Time Commitment and Effort

24:02 - Appealing to All Experience Levels of Attendees

26:48 - The NodeSchool Community

30:45 - Being a Member of an Open Source Community

Picks

Better Off Ted (Joe)
Cat Exercise Wheel (Aimee)
That Conference (Joe)
primitive.io (Joe)
React Rally (Aimee)
Falcor YouTube Playlist (Aimee)
javascriptjabber.com/15minutes (Chuck)
Entreprogrammers Retreat 2015  (Chuck)
Love Letter (Jason)
charmCityJS (Jason)
Mad Max: Fury Road (Jason)

02:35 - Keith Horwood Introduction

• Twitter
• GitHub
• Blog
• Polybit

02:50 - Nodal | nodal

• The LAMP Stack
• Node.js
• Django
• Rails

05:41 - Frameworks

07:56 - Async Flow; Callback Execution

• Brian LeRoux

10:29 - Nodal Use Cases

13:11 - GraphQL

15:07 - PostgreSQL

17:56 - Developer Evolution

• github.com/poly/dotcom

24:05 - Scheduled Tasks and Migrations

• Sidekiq

28:57 - ORM Flexibility

33:14 - API Payloads

35:24 - The ORM

40:37 - Testing

43:10 - 1.0?

45:18 - Getting Started

Picks

• The 2016 UtahJS Conference (Dave)
• Writing good code: how to reduce the cognitive load of your code (Aimee)
• Natural Calm (Aimee)
• Unplugging from technology (Chuck)
• #CodeNewbie (Chuck)
• Angular Remote Conf (Chuck)
• React Remote Conf (Chuck)
• Rails Remote Conf (Chuck)
• All Remote Confs (Chuck)
• React, IoT, Bots, APIs — Why Web Development Needs a Change (Keith)
• fortran-machine (Keith)

00:51 Jameson is looking for clients who need front and back end code for apps; @Jergason (Contact him via Direct Message)

04:40 An explanation of Capital One and its operations

6:06 How many Capital One developers are using Node and how it is being implemented

10:30 Process of approval for app/website development

14:15 How the culture at Capital One affects technology within the company

18:25 Using Javascript libraries to manage different currencies

19:40 Venmo and its influence on banking

22:32 Whether banks are prepared to operate in a cashless society

29:44 Using HTML and Javascript for updating projects or creating new ones

35:21 Who picks up Javascript easily and why: “It’s more about grit than raw intelligence.”

44:00 Upgrading via open source codes

45:40 The process for hiring developers

51:35 Typescript vs. non-typescript

PICKS:

“Nerve” Movie

Brave Browser

“Stranger Things” on Netflix

Angular 2 Class in Ft. Lauderdale, Discount Code: JSJ

“Strategy for Healthier Dev” blog post

Health-Ade Beet Kombucha

“The Adventure Zone” podcast

On the Cruelty of Really Teaching Computer Science article by E.W. Dijkstra

“The Freelancer Show” podcast

“48 Days” podcast

Node.university

Azat Mardan’s Website

Azat Mardan on Twitter

CETUSA – Foreign exchange program

This episode features Moving from Node.js to .NET and Raygun.io with John-Daniel Trask. John-Daniel is the Co-founder and CEO of Raygun, a software intelligence platform for web and mobile. He's been programming for many years, and is originally from New Zealand. Tune in and learn what prompted them to move to the .NET framework!

JSJ 267 Node 8 with Mikeal Rogers, Arunesh Chandra, and Anna Henningsen

On today’s episode of JavaScript Jabber we have panelists Joe Eames, AJ O’Neil, Amiee Knight and Charles Max Wood and we are talking about Node 8. To help us we have special guests Mikeal Rodgers, Arunesh Chandra, and Anna Henningsen. It’s going to be a great show. Tune in.

[1:56] Is Node 8 just an update or is there more?

• More than just an update
• Two main points:
• Improved Prana support
• Native API
• Native APIs are helpful for Native Add-ons. For both the consumer and the developer side.
• Prior to update these Node Native modules ran in C++ and bound to specific to Node 8 APIs.
• Causes these modules to be updated or reconciled every time these modules are rereleased.
• Creates burden for module maintainers.
• Creates friction in upgrading Node versions in production departments.
• If you have a deployment depending on a certain Native module, some of the modules may not get updated in time when updating your Node versions. Keeping people from updating Node.
• Creates compatibility issues with Node users not using Node 8
• Experimental support for a Native layer in Node 8 to eliminate these issues as much as possible.
• Important milestone for the module ecosystem.
• You can write extensions for Node in C++ and it decouples V8 so you can use something else on the front.
• Modules takes dependency on V8 API specific to a particular version. So if V8 changes your module will be extracted from that.
• As a side benefit, you can have another VM to take advantage of that.
• Major version upgrades mean updating Native modules and usually some of those modules haven’t updated to the newest version of Node and be complicated.
• Deep dependency wise, about 30% depends on a Native module somewhere
• In the future, with the Native API, you’ll be able to update Node without breaking modules.

[5:51] What kind of work went into this?

• Most of the work was in C++
• First thing that was done was, they looked at the top dependent Native modules in the ecosystem.
• Looked for what kind of V8 exposure they had and cataloged it
• Looked at how these APIs and what their purposes were
• Looked for a way to extract them so that they are part of Node Core
• Created neutral APIs, now part of the Node core.
• All C APIs
• Also has a C++ wrapper to improves usability of the API.

[7:17] What’s an example of what you can do with these APIs?

• Native modules allows for tighter integration and better module performance
• Specific APIs that you can use in V8 that isn’t available through JavaScript
• If you have a C++ variable code and you want to expose a variable into JavaScript, that is V8 API note a Node 8 API
• Having it bound directly to the VM was something they wanted for a long time
• Google controls V8 and they bind to V8
• Created a better relationship with Google starting in IOJS
• Also worked with Microsoft with their Node Shocker work.
• Same with SpiderMonkey
• SpiderNode is in the works

[9:23] Have you guys done any testing for performance?

• Some. There is a performance working group.
• There is a need to stay on top of V8
• V8 team has focused on new language features
• Many features have been added over the years
• Many didn’t come in optimized
• The performance profile has changed with these features
• If you’re using new language features, you will see a performance boost
• In core, still tracking down code that was specific to the old optimizer and rewriting i to work the new optimizer
• Turbo C compiler hasn’t landed yet, but is to come.
• Will have a completely different performance profile
• In most real world applications it will be faster
• Waiting on the release to take a version of V8 to make it easier to upgrade features in the future

[11:28] Are the new features picked up from V8 or implemented in Node?

• It’s all in V8
• Better longterm support
• Promises are made better in Node as a platform
• Added new method called util.promisify()
• Implementation comes from V8
• Allows for more optimization for promises in Node core
• Promise support for the one-deprecated domains module.

[13:02] Is there anything more than NMP 5?

• First off, delete your NMP cache.
• It’s in your home directory usually with a .npm extension

[14:09] What are the new features in V8?

• Unlimited heap sizes, previously had a 4gb limit. No fixed limit.

[14:09] Will you see things like chakra come out tuned for servers?

• Profiles of a server for application process are getting smaller
• Getting cut into containers and VMs and micro services
• Vms that have cold boot time and run quickly in a strained environment is looking more like what we will see in the future
• Yes, especially if you’re using cloud functions
• V8 is optimized for phones, but Chakra is even more so
• Looking for opportunities for VMs can be solely optimized for a device target
• Node take advantage of that VM
• VM neutrality is an interesting concept
• VM Vendors trying to optimize it based on workloads of a server
• Opens opportunities for Node
• Node Chakra has been proved to iOS. You can cut off jitting off which was a requirement to be able to be in the Apple App Store
• Node is not just for servers anymore
• Node doesn’t take a long time configuring it
• When a developer runs code on an IoT or a mobile app they don’t control the VM that is bundled, they run it on top of Node and it just works.
• VM neutrality gives a new vector, so you can swam a whole different VM

[18:44] When running different engines like iOS vs Android, does the profile change?

• What it comes down to is if it’s eventive programming
• The browser is an eventive environment, is very efficient waiting for things to happen before it does something
• The way that we program servers and nodes are the same as well
• the basics are the same generally
• environmental differences exist but the programming model is usually the same
• What does impact it is memory and processor and hardware and things like that
• That is where tuning the VM comes into play

[20:29] What is the new Async Hooks API used for?

• Node has been lacking for automated inspection of Async Hook
• No way for Node to tell you when scheduling and beginning of an Async operation. Hook helps with that
• it’s a way for developers to write debugging features
• Node tells the application that it’s working with Asynchronous way.
• The embedded inspector has been embedded since Node 6
• Now has a JavaScript API to use it
• You can use things like Chrome debugger inside the running node process
• Old debugging protocol has been removed
• VM.run is still there but in the process of being deprecated

[22:34] How like is the experimental Node API will change?

• Marked as experimental because it’s the first time in the open
• Hopefully out of experimental soon
• Soon can port API to the existing LTS
• Looking for more people to participate with the new API and give feedback
• Fix any concerns before it goes to LTS
• Some other experimental things are in the works like ASync Hooks and how it interacts with promises
• Renaming some features
• Another new feature - serializer and deserializer that comes with V8
• experimental but will most likely stay

[25:31] what is your standard for going to LTS?

• Major releases every 6 months
• Next Oct Node 9 will come out and then Node 8 will be LTS
• Documentation, updates, additions etc will be ready then
• Plan to do it for 2.5 years
• Every even releases come out to LTS as the odd release comes out
• Helps keeps a current line while having something new in the release line
• Node 6 is the current LTS version

[27:26] What are you taking out or deprecating in Node 8?

• Use the word deprecate sparingly
• If many people use features, it’s hard to get rid of
• Security issue with Buffer, constructor argument was ambiguous
• Had added APIs that were more explicit over time and pushed those
• Now it will be deprecated

[28:43] 21% - 33% Performance increase with some Node updates

• Someone online updated their React app to Node 8 and found an 21% - 33% increase
• Benchmarking group tests to make sure things are getting faster
• V8 is always getting faster as well
• Code changes fast and so there is a chance performance slows down so they have people to check
• Benchmark test are all automated by a team

[30:47] Is it safe to just switch to Node 8?

• For front-end, yes
• clear your NPM cache
• Back use cases will usually wait until LTS

[31:28] Where any of the features hard to implement?

• The API work took about a year
• It was a collaboration which made it interesting
• IBM, Intel, Google were involved
• The collaboration took a while
• Also Async hooks took at least a year.
• Async hooks used to be called async wraps and has been in the work for almost 3 years
• many of the changes were the accumulation of small chances

[33:07] It’s the little things

• Letting people get small changes in accumulate into a big difference
• the product gets much better that way

[33:57] What versions of Node are you actively updating?

• Current releases of Node 8 for a half of year
• Node 6 is LTS
• Additional year of maintenance of previous LTSs.
• Schedule is at http://github.com/node8js/lts in a chart
• Support for Node 4 with only critical updates, Node 6 minor updates, and Node 8
• Node 7 doesn’t get much support unless it’s vital security supports.
• If you’re running 0.10 or 0.12 stop. Those do not get security fixes anymore

[35:42] Where do you see things going from here?

• Mostly still working out Async hooks
• Maybe add some web worker or worker support for Node JS
• ES module support
• Working to make promises better
• Working on the performance profile and internal systems

[20:29] What is the adoption like of Node 8?

• Node team gets better at getting people to adopt quickly
• but about 5% - 6% will not upgrade
• community doubles each year at 8 million users right now
• Here is a graph on Twitter posted by NPM
• Limiting breaks and softly deprecating things makes it’s easier to upgrade

[40:11] How can people contribute and get involved?

• NodeToDo.org shows how to make contribution
• Occasionally major conferences have information on how to contribute
• Test it out and help make it stronger

[42:08] If people install Node 8 and have issues what can they do?

• If it’s an NPM problem check with them
• clear cache!
• install newest version with: npm install -g npm@latest
• Report problems to either NPM or Node
• If you’re not sure where the problem is, check github.com/nodejs/help

Links

Node8 Node’s Twitter Node’s Medium Node Evangelism Group

Mikael on Twitter and GitHub Arunesh on Twitter Anna on Twitter

Picks

AJ

Overclocked Remix Super Mario RPG Window to The Stars

Amiee

Blogpost RisingStack on Node 8
2 Frugal Dudes

Charles

Homeland
House of Cards

Joe

Shimmer Lake

Mikael

Blake2b-wasm

Aremesh

Current Nightly News

JSJ 275: Zones in Node with Austin McDaniel

The panel for this week on JavaScript Jabber is Cory House, Aimee Knight, and Charles Max Wood. They speak with special guest Austin McDaniel about Zones in Node. Tune in to learn more about this topic!

[00:01:11] Introduction to Austin

Austin has worked in JavaScript for the past ten years. He currently works in Angular development and is a panelist on Angular Air. He has spent most of his career doing work in front-end development but has recently begun working with back-end development. With his move to back-end work he has incorporated front-end ideas with Angular into a back-end concept.

[00:02:00] The Way it Works

NodeJS is an event loop. There is no way to scope the context of a call stack. So for example, Austin makes a Node request to a server and wants to track the life cycle of that Node request. Once deep in the scope, or deep in the code, it is not easy to get the unique id. Maybe he wants to get the user from Passport JS. Other languages – Python, Java – have a concept called thread local storage. They can associate context with the thread and throughout the life cycle of that request, he can retrieve that context.

There is a TC39 proposal for zones. A zone allows you to do what was just described. They can create new zones and associate data with them. Zones can also associate unique ids for requests and can associate the user so they can see who requested later in the stack. Zones also allow to scope and create a context. And then it allows scoping requests and capturing contacts all the way down.

[00:05:40] Zone Uses

One way Zone is being used is to capture stack traces, and associating unique ids with the requests. If there is an error, then Zone can capture a stack request and associate that back to the request that happened. Otherwise, the error would be vague.

Zones are a TC39 proposal. Because it is still a proposal people are unsure how they can use it. Zones are not a new concept. Austin first saw Zones being used back when Angular 2 was first conceived. If an event happened and they wanted to isolate a component and create a scope for it, they used Zones to do so. Not a huge fan of how it worked out (quirky). He used the same library that Angular uses in his backend. It is a specific implementation for Node. Monkey patches all of the functions and creates a scope and passes it down to your functions, which does a good job capturing the information.

[00:08:40] Is installing the library all you need to get this started?

Yes, go to npminstallzone.js and install the library. There is a middler function for kla. To fork the zone, typing zone.current. This takes the Zone you are in and creates a new isolated Zone for that fork. A name can then be created for the Zone so it can be associated back with a call stack and assigned properties. Later, any properties can be retrieved no matter what level you are at.

[00:09:50] So did you create the Zone library or did Google?

The Google team created the Zone library. It was introduced in 2014 with Angular 2. It is currently used in front-end development.

[00:10:12] Is the TC39 proposal based on the Zone library?

While Austin has a feeling that the TC39 proposal came out of the Zone library, he cannot say for sure.

[00:10:39] What stage is the proposal in right now?

Zone is in Stage Zero right now. Zone JS is the most popular version because of its forced adoption to Angular. He recommends people use the Angular version because it is the most tested as it has a high number of people using it for front-end development.

[00:11:50] Is there an easy way to copy the information from one thread to another?

Yes. The best way would probably be to manually copy the information. Forking it may also work.

[00:14:18] Is Stage Zero where someone is still looking to put it in or is it imminent?

Austin believes that since it is actually in a stage, it means it is going to happen eventually but could be wrong. He assumes that it is going to be similar to the version that is out now. Aimee read that Stage Zero is the implementation stage where developers are gathering input about the product. Austin says that this basically means, “Implementation may vary. Enter at your own risk.”

[00:16:21] If I’m using New Relic, is it using Zone JS under the hood?

Austin is unsure but there something like that has to be done if profiling is being used. There has to be a way that you insert yourself in between calls. Zone is doing that while providing context, but probably not using Zone JS. There is a similar implementation to tracing and inserting logging in between all calls and timeouts.

[00:17:22] What are the nuances? Why isn’t everybody doing this?

Zone is still new in the JavaScript world, meaning everyone has a ton of ideas about what should be done. It can be frustrating to work with Zone in front-end development because it has to be manually learned. But in terms of implementation, only trying to create a context. Austin recommends Zone if people want to create direct contacts. The exception would be 100 lines of Zone traces because they can get difficult.

Another issue Austin has is Node’s native basic weight. Weight hooks are still up in the air. The team is currently waiting on the Node JS community to provide additional information so that they can finish. Context can get lost sometimes if the wrong language is used. He is using Typescript and doesn’t have that problem because it is straightforward.

[00:21:44:] Does this affect your ability to test your software at all?

No, there have not been any issues with testing. One thing to accommodate for is if you are expecting certain contexts to be present you have to mock for those in the tests. After that happens, the tests should have no problems.

Picks

Cory:

• Apple AirPods

Aimee:​

• Blackmill
• Understanding Zones

Charles:

• Classical Reading Playlist on Amazon
• Building stairs for his dad
• Angular Dev Summit 

Austin:

• NGRX Library Redux 

Links

• Twitter
• GitHub

Tweet this Episode

John-David Dalton is probably best known for the Lodash library. He's currently working at Microsoft on the Edge team. He makes sure that libraries and frameworks work well in Edge.

The JavaScript Jabber panel discusses the ECMAScript module system port to Node.js. John wanted to ship the ES module system to Node.js for Lodash to increase speed and decrease the disk space that it takes up. This approach allows you to gzip the library and get it down to 90 kb.

This episode dives in detail into:

• ES Modules, what they are and how they work
• The Node.js and NPM package delivery ecosystem
• Module loaders in Node.js
• Babel (and other compilers) versus ES Module Loader
• and much, much more...

Links:

• Lodash
• ES Module Loader for Node
• Node
• CommonJS
• Babel
• TypeScript
• FlowType
• Microsoft
• ESM Blog Post
• Meteor
• Reify
• ESM Spec
• PhantomJS
• zlib module in Node
• AWS Lambda
• NPM
• Webpack
• Rollup
• John-David Dalton on Twitter

Picks:

Cory:

• Trending Developer Skills
• The Devops Handbook

Aimee:

• Nodevember
• ES Modules in Node Today (blog post)
• Dating is Dead

Aaron:

• Ready Player One trailer breakdown
• Jim Jefferies  Show
• I Can't Make This Up by Kevin Hart
• Work with Aaron at SaltStack

Chuck:

• Angular Dev Summit
• ZohoCRM
• Working on Cars - Therapeutic working with your hands doing physical work

John:

• TC39 Proposal for Optional Chaining
• ToyBox 3D Printer

Panel: 

Charles Max Wood

AJ O’Neal

Joe Eames

Special Guests: Adam Baldwin

In this episode, JavaScript Jabber panelist speak with Adam Baldwin. Adam is a return guest and has many years of application security experience. Currently, Adam runs the Node Security Project/Node Security Platform, and Lift Security. Adam discusses the latest of security of Node Security with Charles and AJ. Discussion topics cover security in other platforms, dependencies, security habits, breaches, tokens, bit rot or digital atrophy, and adding security to your development.

In particular, we dive pretty deep on:

• What is  the Node Security Project/Node Security Platform
• Dependency trees
• NPM
• Tokens and internal data
• What does Node Security do for me?
• NPX and NSP
• Command Line CIL
• Bit Rot or Digital Atrophy
• How often should you check repos.
• Advisories
• If I NPM install?
• Circle CI or Travis
• NSP Check
• What else could I add to the securities?
• Incorporate security as you build things
• How do you find the vulnerabilities in the NPM packages
• Two Factor authentication for NPM
• Weak Passwords
• OL Dash?
• Install Scripts
• Favorite Security Story?
• And much more!

Links:

• Node Security 
• Lift Security
• https://github.com/evilpacket
• @nodesecurity
• @liftsecurity
• @adam_baldwin

Picks:

Adam

• Key Base
• Have I been Pwned?

Charles

• Nettie Pot 
• convo.com

AJ

• This Episode with Adam Baldwin
• Free the Future of Radical Price
• Made In America Sam Walton
• Sonic - VGM Album

Joe

• Pych - Movie
• NG Conf
• Why We Don’t Suck

Panel:

• Aimee Knight
• AJ O’Neal
• Charles Max Wood

Special Guest: PJ Evans

In this episode, the panel talks with PJ Evans who is a course developer and an instructor through Manning’s course titled, “Node.js in Motion.” This course is great to learn the fundamentals of Node, which you can check out here! The panel and PJ talk about this course, his background, and current projects that PJ is working on. Check out today’s episode to hear more!

Show Topics:

0:00 – Advertisement: KENDO UI

0:36 – Chuck: Welcome and our panel consists of Aimee, AJ, myself, and our special guest is PJ Evans. Tell us about yourself and your video course! NODE JS in Motion is the title of the course. Can you tell us more?

1:29 – PJ: It’s a fantastic course.

2:25 – Chuck: You built this course and there is a lot to talk about.

2:36 – Aimee: Let’s talk about Node and the current state. 

2:50 – Chuck: Here’s the latest features, but let’s talk about where do you start with this course? How do you get going with Node? What do people need to know with Node?

3:20 – Aimee.

3:24 – PJ talks about Node and his course!

4:02 – PJ: The biggest headache with Node is the...

4:13 – Chuck.

4:19 – PJ: I am sure a lot of the listeners are familiar with callback hell.

4:50 – Aimee: Let’s talk about the complexities of module support in Node!

5:10 – PJ: It’s a horrible mess.

5:17 – Aimee: Maybe not the tech details but let’s talk about WHAT the problem is?

5:31 – PJ: You are talking about Proper Native ES6 right?

They are arguing about how to implement it. 

6:11 – PJ: My advice is (if you are a professional) is to stick with the LT6 program. No matter how tensing those new features are!

6:46 – Aimee: It could be outdated but they had to come back and say that there were tons of complexities and we have to figure out how to get there.

7:06 – PJ: They haven’t found an elegant way to do it.

7:15 – Panel: If it’s a standard why talk about it?

Seriously – if this is a standard why not implement THE standard?

7:38 – PJ.

8:11 – Panel.

8:17 – Aimee: I would love to talk about this, though!

8:24 – Chuck: I want to talk about the course, please.

8:30 – PJ.

8:54 – Chuck: We will keep an eye on it.

9:05 – PJ.

9:16 – PJ: How is it on the browser-side?

9:33 – Aimee: I don’t want to misspeak.

9:41 – Chuck: I don’t know how complete the forms are.

9:49 – Aimee: I don’t want to misspeak.

9:56 – PJ: I just found the page that I wanted and they are calling it the .MJS or aka the Michael Jackson Script. You can do an import from...

Some people think it’s FINE and others think that it’s a TERRIBLE idea.

10:42 – Chuck: “It sounds like it’s a real THRILLER!”

10:52 – Panel.

11:25 – Panel: When you start calling things the Michael Jackson Solution you know things aren’t well.

11:44 – Aimee: Just to clarify for users...

11:57 – Chuck: I want to point us towards the course: NODE.JS.

Chuck asks two questions.

12:34 – PJ: The concepts aren’t changing, but the information is changing incredibly fast. The fundamentals are fairly settled.

13:22 – Chuck: What are those things?

13:28 – PJ talks about how he structured the course and he talks about the specifics.

15:33 – Chuck: Most of my backend stuff is done in Ruby. Aimee and AJ do more Java then I do.

15:55 – Panel: I think there is something to understanding how different Node is. I think that Node is a very fast moving train. Node has a safe place and that it’s good for people to know about this space.

16:34 – Aimee: Not everyone learns this way, but for me I like to understand WHY I would want to use Node and not another tool. For me, this talk in the show notes really helped me a lot. That’s the core and the nature of NODE.

17:21 – PJ: Yes, absolutely. Understanding the event loop and that’s aimed more towards people from other back ends. Right from the beginning we go over that detail: Here is how it works, we give them examples, and more.

18:08 – Aimee: You can do more than just create APIs.

Aimee mentions Vanilla Node.

18:50 – PJ: To get into frameworks we do a 3-line server. We cover express, and also Sequelize ORM.

19:45 – Advertisement – Sentry.io

20:43 – Chuck: I never used Pug.

20:45 – PJ: PUG used to be called JADE.

20:56 – Aimee.

21:14 – PJ: Express does that for you and I agree with you. I advocate a non-scripted approach, I like when frameworks have a light touch.

22:05 – Aimee: That’s what I liked about it. No offense, Chuck, but for me I didn’t like NOT knowing a lot of what was not happening under the hood. I didn’t want to reinvent the wheel, but I wanted to build at a lower level.

22:40 – PJ: I had the same experience. I wanted to figure out why something wasn’t working.

23:24 – Panel: I had a friend who used Rails...he was cautious to make a switch. This past year he was blown away with how much simpler it was and how fast things were.

24:05 – Aimee: I feel like if you want to learn JavaScript then Node might be easier on the frontend.

24:21 – Chuck: No pun intended.

No, but I agree. I like about Rails is that you had well-understood patterns. But the flipside is that you have abstractions...

To a certain degree: what did I do wrong? And you didn’t follow the pattern properly.

25:57 – Panel: With Node you get a little bit of both. To me it’s a more simple approach, but the downside is that you have 100’s of 1,000’s of modules that almost identical things. When you start reaching out to NPM that...

26:29 – PJ: Yes the module system of NPM is the best/worst thing about NODE. I don’t have an answer, honestly.

There is a great article written that made me turn white. Here is the article!

28:12 – Panel: The same thing happened with the ESLint. That was the very problem that he was describing in the article.

28:50 – PJ: Yep, I put that in the chat there – go ahead and read it! It’s not a problem that’s specific to Node, there are others. It’s the way we do things now.

29:23 – Chuck: We have the NODE Security project. A lot of stuff go into NPM everyday.

29:43 – PJ: We cover those things in the course.

29:53 – Chuck: It’s the reality. Is there a place that people get stuck?

30:00 – PJ answers the question.

30:23 – Aimee.

30:55 – PJ: I am coding very similar to my PHP days.

31:20 – Aimee.

32:02 – PJ: To finish off my point, I hope people don’t loose sight.

32:18 – Aimee.

32:20 – PJ: I am working on a project that has thousands of requests for...

32:53 – Chuck: Anything you WANTED to put into the course, but didn’t have time to?

33:05 – PJ: You can get pretty technical. It’s not an advanced course, and it won’t turn you into a rock star. This is all about confidence building. It’s to understand the fundamentals.

It’s a runtime of 6 hours and 40 minutes – you aren’t just watching a video. You have a transcript, too, running off on the side. You can sit there and type it out w/o leaving – so it’s a very interactive course.

34:26 – Chuck: You get people over the hump. What do you think people need to know to be successful with Node?

34:38 – PJ answers the question.

PJ: I think it’s a lot of practice and the student to go off and be curious on their own terms.

35:13 – Chuck: You talked about callbacks – I am thinking that one is there to manage the other?

35:31 – PJ answers the question.

PJ: You do what works for you – pick your style – do it as long as people can follow you. Take the analogy of building a bridge.

36:53 – Chuck: What are you working on now?

37:00 – PJ: Educational tool called SCHOOL PLANNER launched in Ireland, so teachers can do their lesson planning for the year and being built with Express.

Google Classroom and Google Calendar.

39:01 – PJ talks about Pi and 4wd. See links below.

40:09 – Node can be used all over the place!

40:16  - Chuck: Yes, the same can be said for other languages. Yes, Node is in the same space.

40:31 – PJ: Yep!

40:33 – Chuck: If people want to find you online where can they find you?

40:45 – PJ: Twitter! Blog!

41:04 – Picks!

41:05 – Advertisement – eBook: Get a coder job!

Links:

• JavaScript
• jQuery
• React
• Elixir
• Elm
• Vue
• ESLint
• Node.js
• Node Security Project
• Node Security Project - Medium
• Manning Publications: Course by PJ Evans
• PUG
• JSConf EU – talk with Philip Roberts
• Medium Article by David Gilbertson
• Hackster.io – Pi Car
• Pi Moroni
• Holding a Program in One’s Head
• PJ Evans’ Twitter

Sponsors:

• Kendo UI
• Sentry
• Cache Fly
• Get a Coder Job

Picks:

Aimee

• Paul Graham - Blog

AJ

• Rust

Charles

• Tweet Mash-up
• The Diabetes Code

PJ

• Music - Max Richter

Guest Paige Niedringhaus has been a developer full time for 3 years, and today she is here to talk about Node 12. One of the things she is most excited about is the ES6 support that is now available, so things that used to require React, Angular, or Vue can now be done in Node. The require function will not have to be used in Node 12. AJ is worried about some of these changes and expresses his concerns. Paige assures him that in the beginning you won’t have to switch things to imports. You may have to change file extensions/types so Node can pick up what it’s supposed to be using. They are also trying to make it compatible with CommonJS.

Node 12 also boasts an improved startup time. The panel discusses what specifically this means. They talk about the code cache and how Node caches the built in libraries that it comes prepackaged with. The V8 engine is also getting many performance enhancements. 

Paige talks about the shift from promises to async. In Node 12, async functions will actually be faster than promises. They discuss some of the difficulties they’ve had in the past with Async08, and especially callbacks. 

Another feature of Node 12 is better security. The transcripted security layer (TLS), which is how Node handles encrypted strains of communication, is upgrading to 1.3. The protocol is simpler to implement, quicker to negotiate sessions between the applications, provides increased end user privacy, and reduces request time. Overall, this means less latency for everybody. 1.3 also gets rid of the edge cases that caused TLS to be way far slower than it needed to be. 

The conversation turns to properly configuring default heap limits to prevent an ‘out of memory’ error. Configuring heap limits is something necessary when constructing an incredibly large object or array of objects. Node 12 also offers formatted diagnostic summaries, which can include information on total memory, used memory, memory limits, and environment lags. It can report on uncaught exceptions and fatal errors. Overall, Node 12 is trying to help with the debugging process. They talk about the different parsers available and how issues with key pairing in Node have been solved. 

Paige talks about using worker threads in Node 12. Worker threads are really beneficial for CPU intensive JavaScript operations. Worker threads are there for those things that eat up all of your memory, they can alleviate the load and keep your program running efficiently while doing their own operations on the sideline, and returning to the main thread once they’ve finished their job. None of the panelists have really used worker threads, so they discuss why that is and how they might use Worker Threads in Node 12. 

In addition, Node 12 is making Native module creation and support easier, as well as all the different binaries a node developer would want to support. Paige makes it a point to mention the new compiler and minimum platform standards. They are as follows:

• GCC minimum 6

• GLIVC minimum 2.17 on platforms other than Mac and Windows (Linux)

• Mac users need at least 8 and Mac OS 10.10

• If you’ve been running node 11 builds in Windows, you’re up to speed

• Linux binaries supported are Enterprise Linux 7, Debian 8, and Ubuntu 14.04

• If you have different requirements, go to the Node website

Panelists

• J.C. Hyatt

• Steve Edwards

• AJ O’Neal

With special guest: Paige Niedringhaus

Sponsors

• Tidelift

• Sentry use the code “devchat” for 2 months free on Sentry’s small plan

• Sustain Our Software

Links

• Async

• CommonJS

• njs

• Promise

• Node

• Event Stream

• llhttp

• llparse

• LLVM

• Papa Parse

• Json.stringify 

• Json.parse

• Optimizing Web Performance TLS 1.3

• Overlocking SSL

• Generate Keypair

Follow DevChatTV on Facebook and Twitter

Picks

J.C. Hyatt:

• AWS Amplify framework

• 12 Rules for Life: An Antidote to Chaos by Jordan Petersen

• React and Gatsby workshops

Steve Edwards:

• The Farside comic coming back?

AJ O’Neal:

• Field of Hopes and Strings

• Link’s Awakening

• Dune

Paige Niedringhaus:

• DeLonghi Magnifica XS Automatic Espresso Machine, Cappuccino Maker

• CONNECT.TECH Conference

Follow Paige on Twitter, Medium, and Github

Today the panel is talking about security features that are being added to Node 13. AJ talks about the background and what he’s working with Let’s Encrypt. He talks about changes that Node has made to the TLS module. TLS is a handshake that happens between a client and a server. They exchange certificates, generate some random numbers to use for encryption, and TLS handles the encryption. The move to HTTP/2 is all about fixing legacy bugs and legacy features from the SSL days and reducing the number of handshakes.

AJ talks about the difference between TLS and HTTPS. While TLS reduces the handshakes between client and server, HTTPS is just HTTP and has no knowledge that TLS is going on. HTTP/2 is more baked in as both encryption and compression are part of the specification and you get it automatically. HTTP/2 is also supposed to be faster because there’s fewer handshakes, and you can build heuristic based web servers. Since browsers have varying degrees of compatibility, a smart HTTP/2 server will classify the browser and anticipate what files to send to a client based on behavior and characteristics without the client requesting them

A lot of these new features will be built into Node, in addition to some other notable features. First, there will now be set context on the TLS object. Second, if you’re connected to a server, and the server manages multiple domains, the certificate will have multiple names on it. Previously, each different server name had a different network request, but now a .gitcertificate will let you get all the metadata about the certificate, including the primary domain and all the secondary domains and reuse the connections. 

These new features are a great improvement on the old Node. Previously, the TLS module in Node has been an absolute mess. These are APIs that have been long neglected, and are long overdue core editions to Node. Because of these additions, Node Crypto has finally become usable. HTTP/2 is now stable, usable, and has backwards compatable API, and a dictionary of headers to make it more efficient in compression.

The conversation turns back to certificates, and AJ explains what a certificate is and what it represents. A certificate has on it a subject, which is a field which contains things like common name, which in the case of HTTPS is the server name or host name. then it will have subject alternative names (SAN), which will have a list of other names that are valid on that certificate. Also included on the certificate is the name of the authority that issued the certificate. AJ talks about some of the different types of certificates, such as DV, OV, and EV certificates. They differentiate between encryption and hashing. Hashing is for verifying the integrity of data, while encryption can be used either as signing to verify identity or to keep data owned privately to the parties that are part of the connection. Encryption does not necessarily guarantee that the data is the original data. The show concludes with AJ talking about how he wants to make encryption available to the average person so that everyone can share securely. 

Panelists

• Steve Edwards

• AJ O’Neal

• Charles Max Wood

Sponsors

• Tidelift

• Sentry use the code “devchat” for 2 months free on Sentry’s small plan

• Ruby Rogues

Links

• Let’s Encrypt

• Greenlock

• HTTP/2

• Node.js

• Node Crypto

• JWK

• LZMA

• Gzip

• Broccoli.js

• HTTPS

• GCM

• ASN.1

• OWASP list

• jwt.io

• Diffie Hellman Key Exchange

• Khana Academy Diffie-Hellman Key Exchange pt.2

Follow DevChatTV on Facebook and Twitter

Picks

Steve Edwards:

• Panasonic SD-YD250 bread machine

AJ O’Neal:

• Greenlock v.3

• Samsung Evo 4 TOB paired with 2012 Macbook Pro

• Dave Ramsey on Christian Healthcare Ministries

Charles Max Wood: 

• Velcro straps

• Mac Pro Upgrade Guide

ESI Hospital at Sanathnagar have received permission to carry out plasma therapy trials for Covid- 19 patients along with the state-run Gandhi Hospital. ICMR officially accorded permission to both hospitals for six months.

State mulling changes in excise policy, labour laws amid lockdown

Sople, Vinod V., author

Satheesh, Mithun, author

Goan diagnostic system manufacturer, Tulip Diagnostics (P) Ltd, has received the nod from the Central Drugs Standard Control Organisation (CDSCO) to manufacture ‘Coviscreen’, a rapid, double antigen test for total antibodies to Sars-Cov2 virus.

Parco, Socorro Z., author

Sherlock Biosciences' test becomes the first FDA-authorized CRISPR technology on the market

Why Arminians and Reformers squared off 400 years ago.

STACK BOOKS PhonCD G741 fa c

Lowe, Rohan George Thomas

Jayasekera, Arunodini Uthpalawanna

Waters, Ormonde Dominick Creagh

Ip Cho, Vong Shian Simon

Hane, James Kyawzwar

Gummer, Joel Paul Aloysius

Krill, Christian

Kessie, Francis K

Officer bearers say they are ready to adhere to protocols if permission is granted.

Sukanya Verma could not resist Vinod Khanna's charms, and salutes him in her tribute.

Aseem Chhabra sensed an internal turmoil in Vinod Khanna, which sometimes showed the moody person on screen.

Hyderabad: ESI hospital gets nod for Covid-19 plasma trials

Interview with Sebastiano Filetti, MD, author of The Natural History of Benign Thyroid Nodules

Interview with Jeffrey Alan. Golden, MD, author of Deep Learning Algorithms for Detection of Lymph Node Metastases From Breast Cancer: Helping Artificial Intelligence Be Seen

JM Financial, Edelweiss Financial Services and IIFL Securities are managing the offer