EPD Congress (2005 : San Francisco, Calif.)

Tshilombo, Alain Fuamba

International Symposium on Impurity Control and Disposal in Hydrometallurgical Processes (1994 : Toronto, Ont.)

Hydrometallurgical Meeting (15th : 1985 : Vancouver, B.C.)

EPD Congress (2012 : Orlando, Fla.)

Toulouevski, Yuri N., author

Proposal forwarded to govt. to construct water reservoirs: Minister

The panelists talk to The Node Security Project founder and organizer, Adam Baldwin.

The panelists discuss npm, Inc. with Isaac Schlueter, Laurie Voss, and Rod Boothby.

03:32 - Jeff Morrison Introduction

• Twitter
• GitHub
• Facebook

03:46 - Avik Chaudhuri Introduction

• Twitter
• GitHub
• LinkedIn
• Facebook

04:27 - Flow

• @flowtype
• [GitHub] flow

05:36 - Static Type Checking

• Dynamic vs Static Type Languages

09:52 - Flow and Unit Testing

• Jest

12:39 - Gradual Typing

15:07 - Type Inference

17:50 - Keeping Up with New Features in JavaScript

• Babel

20:49 - Generators

24:46 - Working on Flow

28:27 - Flow vs TypeScript

• Inference Support
• Tony Hoare: Null References: The Billion Dollar Mistake

35:41 - Putting the “Java” Back in JavaScript

• Server/Client Overview
• Prototyping

45:26 - Flow and the JavaScript Community

46:43 - React Support

48:39 - Documentation

• gh-pages (link to the docs)
• IRC Channel for Flow: #flowtype on webchat.freenode.net

Picks

Nolan Lawson: We have a problem with promises (Aimee)
Jim 'N Nick's BBQ Restaurant (Aimee)
Frank McSherry: Scalability! But at what COST? (Jamison)
Frank McSherry: Bigger data; same laptop (Jamison)
Greg Wilson: What We Actually Know About Software Development, and Why We Believe It's True (Jamison)
Marron: Time-Travel Debugging for JavaScript/HTML Applications (Jeff)
Real World OCaml (Jeff)
Muse (Jeff)
Shtetl-Optimized (Avik)
Chef's Table (Avik)

02:32 - Troy Hunt Introduction

• Twitter
• GitHub
• Blog
• Troy Hunt's Pluralsight Courses

04:12 - Why should people care about security?

06:19 - When People/Businesses Get Hacked

09:47 - “Hacking”

• Social Engineering
  • BeEF

11:42 - Inventive “Hacks”

• SQL Injection
  • sqlmap
• Stuxnet

13:24 - Motivation for Hacking/Can hacking be valuable?

17:08 - Consequences and Retribution

19:10 - How to Build Secure Applications

20:47 - Weighing in UX

22:50 - Common Misconceptions

• Password Storage
  • hashcat
• Encoding
• Cookies

31:27 - Passwords (Cont’d)

33:16 - Justifying the Importance of Security

35:24 - Client-side Security

• Cross-side Scripting
• DOM Based Cross-side Scripting
  • Content Security Policy (CSP)

44:10 - Resources

• AngularJS Security Fundamentals
• Hack Yourself First

45:27 - Routing

47:21 - Timeouts

51:36 - Cached Data

Picks

awesome-react (Aimee)
Edsger W. Dijkstra Quotes (Jamison)
Sam Newman: Telstra, Human Error and Blame Culture (Jamison)
Infinite Jest by David Foster Wallace (Jamison)
T.I.M.E Stories (Joe)
We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency Paperback by Parmy Olson (Troy)
The Have I been pwned Project (Troy)

On today's episode, Charles Max Wood and Aimee Knight discuss GraphQL and Apollo with Uri Goldshtein. Uri is a core developer at Meteor Development Group, and is an expert with GraphQL and Apollo.

My JS Story 023 Laurie Voss

This week we have another My JavaScript story. This week’s guest is Laurie Voss. Laurie has worked with NPM from the start and has been a vital piece to getting it off the ground. Hear how Laurie got interested in computers, how Laurie got started with NPM, as well as a few things about the newly released NPM 5.

How did you get into programming?

Laurie started by going into a computer camp, at the time Laurie hadn’t spent time around computers, and it wouldn’t be until the second time that he went to the computer camp that he would see a computer again. Laurie grew up in Trinidad where not many people could afford computers. He started making his first website in Angelfire using HTML before CSS became a thing.

How did you go from web development to hardcore Javascript?

Laurie had been writing JavaScript since it was invented. Laurie started a web development company in high school using JavaScript. Laurie met Issac while working at Yahoo and he introduced Laurie to Node which was a starting point to taking JavaScript more seriously for Laurie. When Node was ready in 2013, NPM Inc was on it’s way.

What do you do at NPM Inc?

IN the beginning of 2014, Laurie was doing a lot of the JavaScript and was the CTO. Laurie says that part of his strategy has always been to hire JavaScript developers that are better at writing JavaScript that he is. Making him the worst JavaScript programmer at NPM. Laurie’s main job was doing what was needed to get NPM happen, including talking to layers and the business side of things. There are many companies that don’t understand how open source works, and in many cases it leads to run ins with lawyers. Many times NPM acts as an umbrella for open source tools that aren’t able to fight overzealous corporations.

What do you think is your biggest contributions to NPM?

Laurie expresses that it has changed over the years. A year ago he would say that he would have to say it leans towards the piece of software that is the registry. It’s very scalable and has worked great for small scale up to very large scale. Laurie works hard to gather funds and help make NPM grow as well as be scalable. He says that he is very proud that he build something that let’s others build things.

How did you get involved?

Laurie has been with NPM since the beginning. He tells us how Issac had been running NPM on donated hardware in spare time while working with Node. NPM would break a lot and be down due to the borrowed equipment. They decided that they needed to create a business model around NPM to help it grow. Laurie had just finished working on a startup and knew how to get funding and got their first round in 2014.

How did you get to being profitable?

Laurie talks about making sure that their plan is in line with their customers. NPM could easily charge for many parts of NPM but they would rather charge for things that make sense to charge, so in this case the private packages. Enough people are using the private package to getting NPM to profitability. Laurie says that even if money stopped coming in they would have to git rid of a few employees but would be able to keep a small team and sustain the NPM registry, but would never build anything new. It’s always between being profitable or using money to build new things.

What are you working on now?

NPM 5 was just released and it’s much faster, five times faster. Laurie talks about being excited about the team and what they are putting into it. Things like making deployments easier. Many developers use NPM to put code together as well as to deploy it. If you didn’t have a lock file, it’s possible that it would change. But the lock file can take a long time, and you already know what needs to go there so they are adding npm store and npm fetch making deploys much faster. Additionally they will be adding a feature called insights. They are able to see information about different users packages, security information, performance information, etc. They can use that information to help developers with suggestions based off of data gathered by what other people are doing. Charles adds that it would be great for coming up with topics for the podcast.

Anything else?

Laurie reminds everyone about NPM Organizations as well as NPM Enterprise. NPM Organizations is a way to organize packaging as well as teams of developers and helps you to collaborate. NPM Enterprise allows for single sign on support, license auditing, and features that corporations care about.

Picks

Laurie

Zite and NextJS
Slides.com

Charles

VMWorld
Tweet or email if you’re looking at resources for learning VR AI or Iot

Links

Twitter
NPM Organizations
NPM Enterprise

Panel: 

Charles Max Wood

AJ O’Neal

Joe Eames

Special Guests: Adam Baldwin

In this episode, JavaScript Jabber panelist speak with Adam Baldwin. Adam is a return guest and has many years of application security experience. Currently, Adam runs the Node Security Project/Node Security Platform, and Lift Security. Adam discusses the latest of security of Node Security with Charles and AJ. Discussion topics cover security in other platforms, dependencies, security habits, breaches, tokens, bit rot or digital atrophy, and adding security to your development.

In particular, we dive pretty deep on:

• What is  the Node Security Project/Node Security Platform
• Dependency trees
• NPM
• Tokens and internal data
• What does Node Security do for me?
• NPX and NSP
• Command Line CIL
• Bit Rot or Digital Atrophy
• How often should you check repos.
• Advisories
• If I NPM install?
• Circle CI or Travis
• NSP Check
• What else could I add to the securities?
• Incorporate security as you build things
• How do you find the vulnerabilities in the NPM packages
• Two Factor authentication for NPM
• Weak Passwords
• OL Dash?
• Install Scripts
• Favorite Security Story?
• And much more!

Links:

• Node Security 
• Lift Security
• https://github.com/evilpacket
• @nodesecurity
• @liftsecurity
• @adam_baldwin

Picks:

Adam

• Key Base
• Have I been Pwned?

Charles

• Nettie Pot 
• convo.com

AJ

• This Episode with Adam Baldwin
• Free the Future of Radical Price
• Made In America Sam Walton
• Sonic - VGM Album

Joe

• Pych - Movie
• NG Conf
• Why We Don’t Suck

Panel:

• Charles Max Wood

Special Guests: Evan Hahn

In this episode, the JavaScript Jabber panelists discuss securing Express apps with Helmet.js with Evan Hahn. Evan is a developer at Airtable, which is a company that builds spreadsheet applications that are powerful enough that you can make applications with. He has also worked at Braintree, which does payment processing for companies. They talk about what Helmet.js is, when you would want to use it, and why it can help secure your Express apps. They also touch on when you wouldn’t want to use Helmet and the biggest thing that it saves you from in your code.

In particular, we dive pretty deep on:

• Evan intro
• JavaScript
• What is Helmet.js?
• Node and Express
• Why would you use the approach of Middleware?
• Helmet is not the only solution
• Http headers
• Current maintainer of Helmet.js
• npm
• Has added a lot to the project, but is not the original creator
• Outbound HTTP response headers
• Helmet doesn’t fully secure your app but it does help secure it
• How does using Helmet work?
• Are there instances when you wouldn’t want to use Helmet?
• No cash middleware
• Where do you set the configuration options?
• Top level Helmet module
• 12 modules
• What is the biggest thing that Helmet saves you from?
• Content security policy code
• And much, much more!

Links:

• Airtable
• Braintree
• JavaScript
• Helmet.js
• Node
• Express
• npm
• Evan’s Website
• @EvanHahn
• Evan’s GitHub

Picks:

Charles

• Camera
• Zoom H6
• Shure SM58
• DevChat.tv Youtube
• React Round Up

Evan

• Clojure
• Fortune
• Kantaro: The Sweet Tooth Salaryman

Today the panel is talking about security features that are being added to Node 13. AJ talks about the background and what he’s working with Let’s Encrypt. He talks about changes that Node has made to the TLS module. TLS is a handshake that happens between a client and a server. They exchange certificates, generate some random numbers to use for encryption, and TLS handles the encryption. The move to HTTP/2 is all about fixing legacy bugs and legacy features from the SSL days and reducing the number of handshakes.

AJ talks about the difference between TLS and HTTPS. While TLS reduces the handshakes between client and server, HTTPS is just HTTP and has no knowledge that TLS is going on. HTTP/2 is more baked in as both encryption and compression are part of the specification and you get it automatically. HTTP/2 is also supposed to be faster because there’s fewer handshakes, and you can build heuristic based web servers. Since browsers have varying degrees of compatibility, a smart HTTP/2 server will classify the browser and anticipate what files to send to a client based on behavior and characteristics without the client requesting them

A lot of these new features will be built into Node, in addition to some other notable features. First, there will now be set context on the TLS object. Second, if you’re connected to a server, and the server manages multiple domains, the certificate will have multiple names on it. Previously, each different server name had a different network request, but now a .gitcertificate will let you get all the metadata about the certificate, including the primary domain and all the secondary domains and reuse the connections. 

These new features are a great improvement on the old Node. Previously, the TLS module in Node has been an absolute mess. These are APIs that have been long neglected, and are long overdue core editions to Node. Because of these additions, Node Crypto has finally become usable. HTTP/2 is now stable, usable, and has backwards compatable API, and a dictionary of headers to make it more efficient in compression.

The conversation turns back to certificates, and AJ explains what a certificate is and what it represents. A certificate has on it a subject, which is a field which contains things like common name, which in the case of HTTPS is the server name or host name. then it will have subject alternative names (SAN), which will have a list of other names that are valid on that certificate. Also included on the certificate is the name of the authority that issued the certificate. AJ talks about some of the different types of certificates, such as DV, OV, and EV certificates. They differentiate between encryption and hashing. Hashing is for verifying the integrity of data, while encryption can be used either as signing to verify identity or to keep data owned privately to the parties that are part of the connection. Encryption does not necessarily guarantee that the data is the original data. The show concludes with AJ talking about how he wants to make encryption available to the average person so that everyone can share securely. 

Panelists

• Steve Edwards

• AJ O’Neal

• Charles Max Wood

Sponsors

• Tidelift

• Sentry use the code “devchat” for 2 months free on Sentry’s small plan

• Ruby Rogues

Links

• Let’s Encrypt

• Greenlock

• HTTP/2

• Node.js

• Node Crypto

• JWK

• LZMA

• Gzip

• Broccoli.js

• HTTPS

• GCM

• ASN.1

• OWASP list

• jwt.io

• Diffie Hellman Key Exchange

• Khana Academy Diffie-Hellman Key Exchange pt.2

Follow DevChatTV on Facebook and Twitter

Picks

Steve Edwards:

• Panasonic SD-YD250 bread machine

AJ O’Neal:

• Greenlock v.3

• Samsung Evo 4 TOB paired with 2012 Macbook Pro

• Dave Ramsey on Christian Healthcare Ministries

Charles Max Wood: 

• Velcro straps

• Mac Pro Upgrade Guide

In this episode of JavaScript Jabber the panel interviews security expert, Kevin A. McGrail. He starts by explaining what security frameworks and what they do. The panel wonders how to know if your developers are capable of self-auditing your security or if you need help. Kevin shares recommendations for companies to look at to answer that question. 

Aimee Knight explains the hell she has been in making changes to be compliant with CCPA. The panel considers how policies like this complicate security, are nearly impossible to be compliant with and how they can be weaponized. They discuss the need for technical people to be involved in writing these laws. 

Kevin explains how you can know how secure your systems actually are. He shares the culture of security first he tries to instill in the companies he trains. He also trains them on how to think like a bad guy and explains how this helps developers become security first developers. The panel discusses how scams have evolved and how the same scams are still being run. They consider the importance of automated training and teaching developers to do it right the first time.

Finally, they consider the different ways of authentication, passwords, passphrases, sim card, biometrics. Kevin warns against oversharing or announcing vacations. The panel discusses real-world tactics bad guys use. Kevin explains what he trains people to do and look out for to increase security with both social engineering and technical expertise. 

Panelists

• Aimee Knight

• AJ O’Neal

• Charles Max Wood

• Dan Shappir

• Steve Edwards

Guest

• Kevin A McGrail

Sponsors

• ABOUT YOU | aboutyou.com/apply

• Split

• CacheFly

____________________________________________________________

"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!

____________________________________________________________

Links

• Ghost in the Wires

• https://www.infrashield.com/

Follow DevChatTV on Facebook and Twitter

Picks

Aimee Knight:

• The More Gender Equality, the Fewer Women in STEM 

AJ O’Neal:

• I'll Let Myself In: Tactics of Physical Pen Testers 

• Copying Keys from Photos, Molds & More 

• The LED Traffic Light and the Danger of "But Sometimes!" 

• Regina Spektor 

• The Weepies 

Dan Shappir:

• This is what happens when you reply to spam email 

• What is Your Password? 

Kevin A McGrail:

• XKCD Security 

• IT Crowd

• https://spamassassin.apache.org/

Steve Edwards:

• XKCD Password Generator 

• Nerd Sniping

Stadler, Nurit

Winkler, Ira

Badger, Michael

Badger, Michael

With the arrest of Tehsin Akhtar, thought to be Indian Mujahideen (IM) commander of India operations, security agencies have netted another big fish in the fight against terror.

Yeo, Sue-Yee Sharon, author

Hardt, Judith Nora, author

Product offerings include Cisco, CEH, CISSP, CompTIA Security+, and SSCP.

Online Resource

Online Resource

Online Resource

Online Resource

Online Resource

Online Resource

Online Resource

Online Resource

Online Resource