#nina16 node interactive north america 2016

nina-minutes.md

Keynote, Mikael Rogers

• VM neutral node.js delivieries
• still V8 as default VM shipped
• high interest IBM/MS/google to get other VMs in to support devices/platforms
• node security (Lift, Adam Baldwin)
• move node-security to vendor-neutral project within node foundation

Express, Doug Wilson

• node foundation project
• features for v5
• better query string/cookie handling
• new route syntax (possibly breaking on some edge cases, migration guide to come)
• native promise support in routing (basic support for ES2017 with async/await)
• plans for more traceability/contribution (#SOCO)
• stated goals
• clear guidelines on how to become commiter/TC member etc
• organization structure

Security, Realiability, Efficiency, Joe McCann nodesource

• harden node projects for production with nsolid
• docker, kubernetes, cloudfoundry support
• google cp, aws (available in marketplace), azure
• security policies to lock down specific versions
• certified modules
• check security vulnerabilities
• permissive OS licenses

revolution powered by node, Andrew Hoyt IBM/StrongLoop

• API all the things
• restaurant menu with preorder
• link tv recording/security cameras with vehicle GPS
• node for serverless
• lightweight, startup, IO oriented
• slack bot to analyze language
• slack API POSTs to serverless on message
• https://developer.ibm.com/openwhisk/
• picks up the slack API call and sends over to watson for analysis

node in enterprise & cloud, Jonathan Carter Microsoft

• lot of node projects deployed on azure (serverless and appwise)
• classical node arguments from customers
• enables fast agile transformation
• containers are standard artifact for deployment
• VS code to provide seamless dev tool
• integrated git, terminal, autocomplete..
• typescript support, autoload typescript defs to support autocomplete
• combined debugging of backend (node) frontend (ng, react) inside the editor

accelerate node adoption, David C. Stewart Intel

• nodejs adoption by enterprise seems to be huge (keynotes by ibm, ms, intel..)
• long experience on accelerating java applications
• focus on monitoring/improving performance of node over time
• canary approach
• http://languagesperformance.intel.com/?s=node.js
• community centered approach

tue.md

electron workshop

• two seperate processes: renderer, main
• most UI tasks in renderer process
• main process used for FS and other priviledged ops
• all modules exposed by require('electron')
• electron.Application exposes lifecycle events

multimodal interaction

• human computer interaction paired with feedback loops
• allows orchestration of IO devices (modals)

service discovery, nearform

• enterprise expectations (get perfect quality code) might break node and the ecosystem
• components always need composability (chaining, generic APIs.., e.g. event streams)
• µs communicate via messages (>websockets?)
• HTTP calls inflict tight coupling of services
• pattern matching instead of service discovery
• link on message basis (messages as first class citizen)
• SWIM pattern
• http://senecajs.org

serverless, steve

• functions as a service
• putting a complete app into serverless mode requires
• routing as a service (express) > aws api gateway
• function as a service (business logic)
• aws lambda leading the pack (google cloud, ibm, azure)
• assumption scaling in serverless brings less issues with it
• pros
• iteration on smaller code bases (functions instead of apps/microservices)
• instant deployment
• cost decrease from 2500 to 400 for bustle main event collector
• risks
• vendor lock in (who cares?)
• max 5 min per task
• testing
• frameworks
• claudia.js
• apex (tjc)
• shep
• node-lambda

buzzword bingo

• cloud native
• developers own the whole lifecycle of their app (dev, qa, ops)
• more than technology (team setup, processes, culture)

machine learning using node

• incremental learning instead of batch learning
• potential problems: regression, clustering, classification

cyborg

• non human traffic
• 2013 = 51%
• 2014 = 61% :OO

wed.md

best practices for typescript @ node

• interfaces define types of an object
• object has to look exactly the same, no additional/missing props
• classes can implement interfaces and extend it (also private props/methods)
• benefits
• reduce typos (meh)
• reduce refactoring mistakes (missing one function call somewhere..)
• best scenario to use ts
• big teams
• big projects (refactoring impact is reduced/limited by TS)
• OOP background devs
• typescript 2.0 released with easier node integration
• going to lower versions TS > ES6 > (babel) > ES5
• type definitions for third party module available via scoped @typed package

secure node code, http://sny.io

• most app code comes from ext dependencies
• 14% of npm packages have vulnerabilities
• regex can block the process if patterns have multiple possible matches, long strings take ages to validate
• demo: https://libraries.io/github/guypod/goof
• whitelist instead of blacklist
• most exploits happen via third party packages

cryptography

• crypto obscures data in a way that makes it expensive to duplicate/decode
• increase entropy with salts or init vectors (IV)
• CBC (cipher block chaining) instead of electronic cookbook encryption
• key derivation for password hashes (md5, sha outdated with todays processing power)
• minimum of 2048 key size (for now..)
• https://nodejs.org/api/crypto.html
• stick with official C libraries or node core

morality of code

• moral consequences of someone reading/using my code
• state intent in project descriptions
• limit usage via licenses (collides with open source idea - open to everyone even military)

node at gcp

• machine learning toolset on gcp
• make ML accessable to everyone
• user centered apps with multi