02:27 - Alex Eagle Introduction

• Twitter
• GitHub
• Google

02:54 - Jonathan Turner Introduction

• Twitter
• GitHub
• Microsoft
• [Talk] Jonathan Turner: TypeScript and Angular 2 @ ng-conf 2015
• [Talk] Jonathan Turner: TypeScript and Angular 2 @ Angular U 2015

03:30 - What is TypeScript?

04:40 - Google + Microsoft = <3 (Angular Adopting TypeScript)

• Rob Eisenberg
• AtScript
  • Jonathan Turner: Angular 2: Built on TypeScript

07:18 - TypeScript Accommodating Angular

• TC39
• Yehuda Katz
• Aurelia

09:28 - Surge of Interest in Adopting a Typechecker, Type System

14:21 - Angular: Creating a New Language

• Killing Off Wasabi - Part 1 (FogBugz Article)
• traceur

16:46 - The Angular 2 Component System and How it Uses New Annotations for Classes

18:01 - Annotations and Decorators

22:06 - TypeScript and Babel?; Adding New Features

25:25 - Non-Angular Users Adopting TypeScript

• Visual Studio Code

34:55 - Tooling and Setting Modes for Linting and Static Analysis

36:58 - Using Libraries Outside the TypeScript Ecosystem

38:11 - Type Definition Files

40:15 - Content of the Type System

43:19 - Duck Typing

45:12 - Getting People to Care about TypeScript

49:16 - The Angular and TypeScript Relationship

Picks

f.lux (Aimee)
Jafar Husain: Functional Programming in Javascript (learnrx) (Aimee)
Startup Timelines (Jamison)
Friday Night Lights (Jamison)
React Rally (Jamison)
Evan Farrer: Unit testing isn't enough. You need static typing too. (Dave)
AngularConnect (Joe)
ng-click.com (Joe)
mdn.io (Joe)
Sonic Pi (Chuck)
Error Prone (Alex)
AudioScope-ng2 (Jonathan)
The Nintendo World Championships (Jonathan)

02:20 - Zach Kessin Introduction

• Twitter
• GitHub
• Zach's Books
• Parrot
• JavaScript Jabber: Episode #057: Functional Programming with Zach Kessin
• Testing Erlang With Quickcheck Book

04:00 - Mostly Erlang Podcast

05:27 - Property-based Testing (QuickCheck)

07:22 - Property-based Testing and Functional Programming

• jsverify

09:48 - Pure Functions

• Shrinking

18:09 - Boundary Cases

20:00 - Generating the Data

23:23 - Trending Concepts in JavaScript

32:33 - How Property-based Testing Fits in with Other Kind of Testing

35:57 - Test Failures

Panel

Nolan Lawson: Taming the asynchronous beast with ES7 (Aimee)
Nodevember (Aimee)
Hipster Sound (Jamison)
Om Next by David Nolen  (Jamison)
Gallant - Weight In Gold (Jamison)
React Rally (Jamison)
Better Off Ted (Joe)
Armada: A Novel by Ernest Cline (Joe)
Testing Erlang With Quickcheck Book (Zach)
Parrot Universal Notification Interface (Zach)
The Famine of Men by Richard H. Kessin (Zach)

02:32 - Troy Hunt Introduction

• Twitter
• GitHub
• Blog
• Troy Hunt's Pluralsight Courses

04:12 - Why should people care about security?

06:19 - When People/Businesses Get Hacked

09:47 - “Hacking”

• Social Engineering
  • BeEF

11:42 - Inventive “Hacks”

• SQL Injection
  • sqlmap
• Stuxnet

13:24 - Motivation for Hacking/Can hacking be valuable?

17:08 - Consequences and Retribution

19:10 - How to Build Secure Applications

20:47 - Weighing in UX

22:50 - Common Misconceptions

• Password Storage
  • hashcat
• Encoding
• Cookies

31:27 - Passwords (Cont’d)

33:16 - Justifying the Importance of Security

35:24 - Client-side Security

• Cross-side Scripting
• DOM Based Cross-side Scripting
  • Content Security Policy (CSP)

44:10 - Resources

• AngularJS Security Fundamentals
• Hack Yourself First

45:27 - Routing

47:21 - Timeouts

51:36 - Cached Data

Picks

awesome-react (Aimee)
Edsger W. Dijkstra Quotes (Jamison)
Sam Newman: Telstra, Human Error and Blame Culture (Jamison)
Infinite Jest by David Foster Wallace (Jamison)
T.I.M.E Stories (Joe)
We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency Paperback by Parmy Olson (Troy)
The Have I been pwned Project (Troy)

This episode was recorded live from The Microsoft Build Conference 2016. In this episode we chatted with Anders Hejlsberg of Microsoft about Typescript. You can follow him on Twitter, or check out what he’s done over on GitHub

Resources

• TypeScript

Picks

Writing Code (Anders)

03:08 - Benjamin Dunphy Introduction

• Twitter
• GitHub

04:07 - Berkeley Martinez Introduction

• Twitter
• GitHub
• Free Code Camp

04:19 - Ian Sinnott Introduction

• Twitter
• GitHub
• Blog
• TruSTAR Technology

05:19 - The React Codebase

12:38 - Other Important Parts of the React Ecosystem

14:22 - The Angular vs the React Ecosystem and Community

• The Learning Curve
• create-react-app

22:07 - Community

Developer Experience

• Functional Programming

26:56 - Getting Connected to the React Community

• Meetup: Real World React
  • @rwreact
• ReactJS San Francisco Bay Area Meetup
• Meetup
• Eventbrite
• Calagator
• Twitter
• Dan Abramov: My React List

29:34 - Conferences

• React.js Conf
• React Rally
• ReactNext
• ReactiveConf
• ReactEurope

33:28 - Technology From the Community

• redux
• ThunderCats.js
  38:23 - Choices Are Expanding; Not Shrinking
• Linting

40:19 - The Future of React

42:39 - Starting More Communities

Picks

• This Developing Story (Aimee)
• Nashville (Aimee)
• Nodevember (Aimee)
• egghead.io: React in 7 Minutes (Ben)
• Lee Byron: Immutable User Interfaces @ Render 2016 (Ben)
• Nick Schrock: React.js Conf 2016 Keynote (Ben)
• create-react-app (Ian)
• Functional Programming Jargon (Ian)
• The Serverless Framework (Ian)
• Ben's Blog (Berkeley)
• Isaac Asimov’s Robot Series (Berkeley)
• Vsauce: The Zipf Mystery (Berkeley)
• Kinesis Advantage for PC & Mac (Dave)

TOPICS:

03:08 The level of difficulty in determining code creators on the Internet

04:28 How to determine if code has been copied

10:00 What defines a trade secret

12:11 The pending Oracle v Google lawsuit

25:29 Nintendo v Atari

27:38 The pros and cons of a patent

29:59 Terrible patents

33:48 Fighting patent infringement and dealing with “patent trolls”

39:00 How a company tried to steal Bob Zeidman’s software

44:13 How to know if you can use open source codes

49:15 Using detective work to determine who copied whom

52:55 Extreme examples of unethical behavior

56:03 The state of patent laws

PICKS:

Cognitive Bias Cheat Sheet Blog Post

Bagels by P28 Foods

Let’s Encrypt Indigogo Generosity Campaign

Super Cartography Bros Album

MicroConf 2017

MindMup Mind Mapping Tool

Words with Friends Game

Upcoming Conferences via Devchat.tv

Good Intentions Book by Bob Zeidman

Horror Flick Book by Bob Zeidman

Silicon Valley Napkins

On today's episode, Aimee and Chuck welcome Maximillian "Max" Stoiber to the show. Max hails from Austria and is an expert in open source development at Think Mill. Tune in to JSJ 245 Styled Components and React-Boilerplate with Max Stoiber.

Tweet this Episode

Tyler Renelle is a contractor and developer who has worked in various web technologies like Node, Angular, Rails, and much more. He's also build machine learning backends in Python (Flask), Tensorflow, and Neural Networks.

The JavaScript Jabber panel dives into Machine Learning with Tyler Renelle. Specifically, they go into what is emerging in machine learning and artificial intelligence and what that means for programmers and programming jobs.

This episode dives into:

• Whether machine learning will replace programming jobs
• Economic automation
• Which platforms and languages to use to get into machine learning
• and much, much more...

Links:

• Raspberry Pi
• Arduino
• Hacker News
• Neural Networks (wikipedia)
• Deep Mind
• Shallow Algorithms
• Genetic Algorithms
• Crisper gene editing
• Wix
• thegrid.io
• Codeschool
• Codecademy
• Tensorflow
• Keras
• Machine Learning Guide
• Andrew Ng Coursera Course
• Python
• R
• Java
• Torch
• PyTorch
• Caffe
• Scikit learn
• Tensorfire
• DeepLearn.js
• The Singularity is Near by Ray Kurzweil
• Tensorforce
• Super Intelligence by Nick Bostrom

Picks:

Aimee

• Include media
• Nodevember
• Phone cases

AJ

• Data Skeptic
• Ready Player One

Joe

• Everybody Lies

Tyler

• Ex Machina
• Philosophy of Mind: Brains, Consciousness, and Thinking Machines

Charles Max Wood

Special Guests: 

Amanda Silver

In this episode, Charles is at Microsoft Connect 2017 in NYC. Charles speaks with Amanda Silver. Amanda is deemed the  TypeScript and future of JavaScript guru, and this year's speakers at Microsoft Connect with Visual Studio Live Share. Amanda shares what is new with TypeScript and how that is a kind of subscript to JavaScript. Amanda explains the big picture of TypeScript’s inception and where she believes the language will be most efficient and effective for JavaScript and TypeScript developers.

In particular, we dive pretty deep on:

• What is new in TypeScript?
• Keep JavaScript and TypeScript aligned
• TypeScript is implemented to create larger scaled applications
• Integration with VS Code, etc.
• Building better tools for JavaScript Developers
• When would this be taken on by users
• Defaults in Visual Studio
• TypeScript replacing JavaScript type service
• TypeScript is written in TypeScript
• Chakra runtime
• Diaspora
• The different faces of JavaScript
• Optimized JavaScript runtime
• Languages should be created with tooling
• A satisfying tooling experience
• Foot Guns
• New Tokens
• Eco-systems and metadata
• Multi-phase
• Minimum common denominator constantly changing
• Collaborating on the same code
• Open Source and the impact
• How to move to open source
• Contributing
• The next thing for TypeScript
• The future of JavaScript
• And much more!

Links:

• @amandaksilver
•  

Picks:

Amanda

• Visual Studio Live Share
• Instinct of learning technology

Charles

• Visual Studio Live Share
• AI

Panel: 

Charles Max Wood

Guest: Tyler Renelle

This week on My JavaScript Story, Charles speaks with Tyler Renelle. Tyler is a contractor and developer who has worked in many web technologies like Angular, Rails, React and much more! Tyler is a return guest, previously on Adventure in Angular and JavaScript Jabber talking Ionic and Machine learning.

Tyler has recently expanded his work beyond JavaScript and is on the show to talk his interest in AI or Artificial intelligence and Machine Learning. Furthermore, Tyler talks about his early journey as a game developer, web developer, and work with some content management systems, and more recently, his development in various technologies.

In particular, we dive pretty deep on:

• Writing games out of college
• Studies computer science in college
• Did web development to pay for college working with PHP and ASP
• Content management
• Working with various technologies
• Working with React, is this it?
• Problems React has solved with web apps
• What is the next big innovation?
• View
• Creating Podcasts
• Machine Learning
• Specialized application of AI
• NLP
• Never use his computer science degree as a web developer
• You don’t study code to be a developer
• AI and machine learn is based on Computer Science
• Tensor Flow
• Data Skeptic - podcast
• Performance
• Graphics cards
• Philosophy of Consciousness
• The subjective experience
• Job displacement phenomenon
• and much, much more!

Links: 

• http://ocdevel.com
• http://ocdevel.com/podcasts/machine-learning
• Tensor Flow
• Data Skeptic - podcast
• https://devchat.tv/js-jabber/jsj-278-machine-learning-tyler-renelle
• https://www.linkedin.com/in/lefnire

Picks

Tyler

• The Great Courses 

Charles

• CES
• Email beforehand and set up an appointment
• VRBO.com
• Autonomous.ai

Panel: 

Charles Max Wood

AJ O’Neal

Joe Eames

Special Guests: Adam Baldwin

In this episode, JavaScript Jabber panelist speak with Adam Baldwin. Adam is a return guest and has many years of application security experience. Currently, Adam runs the Node Security Project/Node Security Platform, and Lift Security. Adam discusses the latest of security of Node Security with Charles and AJ. Discussion topics cover security in other platforms, dependencies, security habits, breaches, tokens, bit rot or digital atrophy, and adding security to your development.

In particular, we dive pretty deep on:

• What is  the Node Security Project/Node Security Platform
• Dependency trees
• NPM
• Tokens and internal data
• What does Node Security do for me?
• NPX and NSP
• Command Line CIL
• Bit Rot or Digital Atrophy
• How often should you check repos.
• Advisories
• If I NPM install?
• Circle CI or Travis
• NSP Check
• What else could I add to the securities?
• Incorporate security as you build things
• How do you find the vulnerabilities in the NPM packages
• Two Factor authentication for NPM
• Weak Passwords
• OL Dash?
• Install Scripts
• Favorite Security Story?
• And much more!

Links:

• Node Security 
• Lift Security
• https://github.com/evilpacket
• @nodesecurity
• @liftsecurity
• @adam_baldwin

Picks:

Adam

• Key Base
• Have I been Pwned?

Charles

• Nettie Pot 
• convo.com

AJ

• This Episode with Adam Baldwin
• Free the Future of Radical Price
• Made In America Sam Walton
• Sonic - VGM Album

Joe

• Pych - Movie
• NG Conf
• Why We Don’t Suck

Panel: 

Charles Max Wood

Cory House

Joe Eames

Aimee Knight

Special Guests: John Papa

In this episode, JavaScript Jabber panelist speak with John Papa. John has been doing web programming for over twenty years on multiple platforms and has been contributing to the developer communities through conferences, authoring books, videos and courses on Pluralsight.

John is on the show to discuss an articles he wrote on A Look at Angular Along Side Vue, and another article on Vue.js  with TypeScript. John talks about the new features with the different versions of Angular technologies, anxiety in the different features, comparisons between the technologies and use case with Angular.

In particular, we dive pretty deep on:

• A look at Angular Along Side Vue - Article
• Angular 5, Amber,Vue,  React, Angular
• Angular 2 - different features
• CLI
• Spell Webpack
• Comparisons - Why the anxiety?
• Opinions of Angular and sprinkling in other technologies
• Vue is the easy to use with Angular
• Are there breakpoints with the uses case?
• Choosing technologies
• Talk about working with Vue and Angular
• DSL - Domain Specific Language
• Vue and 3rd party libraries
• Talk about Vue working with TypeScript
• Vue.js  with TypeScript
• Vue with TypeScript looks similar to Angular
• Vetur
• What does 2018 have in store for Angular?
• Native apps and web functionality
• And much more!

Links:

• https://johnpapa.net
• Vue.js  with TypeScript
• A Look at Angular Along Side Vue
• @john_papa
• https://github.com/johnpapa

Picks:

Corey

• cypress.io

Charles

• E Myth Revisited
• Profit First 
• Dunkirk

Aimee

• Crucial Conversations 
• Ripple or XRP

Joe

• The Greatest Showman
• Better Late Then Never
• Vue
• 7 Languages In 7 Weeks  - Book

John

• Jumanji 2017
• Emotional Intelligence

Sponsors

• Sentry- use the code “devchat” for $100 credit
• Netlify
• Clubhouse
• CacheFly

Episode Summary  

In this episode of JavaScript Jabber, the panelists talk with Tommy Hodgins who specializes in responsive web design. He starts with explaining to listeners what it means by a responsive web layout and goes on to discuss the techniques in using JavaScript in CSS in depth.

He elaborates on dynamic styling of components, event-driven stylesheet templating, performance and timing characteristics of these techniques and describes different kinds of observers – interception, resize and mutation, and their support for various browsers. He also talks about how to go about enabling certain features by extending CSS, comparison to tools such as the CSS preprocessor and Media Queries, pros and cons of having this approach while citing relevant examples, exciting new features coming up in CSS, ways of testing the methods, caffeinated stylesheets, along with Qaffeine and Deqaf tools.

Links

• JS in CSS – Event driven virtual stylesheet manager
• Qaffiene
• Deqaf
• Tommy’s Twitter
• Fizzbuzz

Picks

Joe

• The Captain Is Dead

Aimee

• Developer on Call
• Tip – Try to follow a low-sugar diet

Chris

• Tommy’s snippets on Twitter – JS in CSS
• All things frontend blog
• Gulp project

Charles

• Coaching by Charles in exchange of writing Show Notes or Tags

Tommy

• JS in CSS

Get Mani's 2x Productivity Course

Sponsors

• Sentry use the code “devchat” for $100 credit
• Triplebyte
• CacheFly

Panel

• Aaron Frost
• AJ O’Neal
• Joe Eames
• Aimee Knight
• Charles Max Wood

Joined by special guest: Mani Vaya

Episode Summary

Mani is the founder of a book summary business called www.2000books.com

At 2000 Books, Mani studies the world’s greatest business and personal development books.

Then he takes the most important ideas from each book and presents them in tight, 9- to 15-minute video summaries.

You get the 4-7 most important ideas in a condensed format that's easy to absorb, easy to review, and easy to put into action immediately.

To help people with productivity, Mani created an awesome course called “10x Productivity"

His “10x Productivity" video course contains summaries of the 50 greatest books ever written on time management, productivity, goal setting, systems, execution, strategy and leverage.

"10x Productivity" pack includes summaries of all the NY Times Best Sellers on Productivity & Time Management, such as:

• The 7 Habits of Highly Effective People by Stephen Covey

• Getting Things Done by David Allen

• Deep Work by Cal Newport

• The Power of Habit by Charles Duhigg

• The One Thing by Gary Keller

• Essentialism by Greg McKeown

All together, this collection includes more than 250 strategies, tips, tools & techniques for:

- Becoming more productive

- Getting results rather than being busy, stressed out & frustrated

- Time Management

- Defeating procrastination

- Achieving big goals

- Hacking your brain for high performance

- Identifying the highest leverage points that lead to much faster results

- Creating powerful habits

- Installing execution systems that make goal achievement inevitable

10x Productivity Package contains:

• Summaries of the 50 greatest books ever written on Productivity & Time Management

• 250+ greatest ideas, tips and strategies on Time Management & Productivity

• 10+ Hours of no-fluff solid Video Content

• PDF Summaries of all 50 books

Since Mani is my friend and fellow mastermind member, I worked with him to get you guys an amazing discount (using discount code “DEVCHAT”) on the 10x Productivity Book Summary Pack which you can find here

Make sure to use the Coupon code “DEVCHAT” to get the discount.

Links

• Mani’s 2x Productivity Course use the code “devchat” for a discount

Picks

AJ O’Neal:

• M. Night Shyamalan’s The Village
• colophony/pine sap/rosin/flux for electronics work

Aimee Knight:

• Interested In Becoming A Site Reliability Engineer? blog post

Charles Max Wood:

• Entreprogrammers episode 248
• Kanbonflow
• Physical Pomodoro timer

Mani Vaya:

• NPR’s How I Built This podcast
• 2000 Books podcast

Sponsors

• Sentry use code “devchat” for 2 months free

• Triplebyte $1000 signing bonus

Panel

• Charles Max Wood

• Aimee Knight

• Chris Ferdinandi

• AJ O’Neal

• Joe Eames

Joined by Special Guest: Chris DeMars

Episode Summary

Special guest Chris DeMars is from Detroit, MI. Currently, he works for Tuft and Needle and is an international speaker, Google developer expert, Microsoft mvp, and web accessibility specialist. He comes from a varied work background, including truck driving and other non-tech jobs.

Today the panel discusses web accessibility for people with disabilities. According to a study done by WebAIM, 97.8% of homepages tested had detectable WCAG 2 failures. The panel discusses why web accessibility is doing so poorly. Chris talks about some of the biggest mistakes he sees and some very simple fixes to make sites more accessible. Chris talks about the importance of manual testing on screen readers and emphasizes that it is important to cover the screen to make sure that it really works with a screen reader. Chris talks about some of the resources available for those who wish to increase accessibility on their sites.

The team discusses tactics for prioritizing accessibility and if there is a moral obligation to make sites accessible to those with disabilities. Chris talks about his experience making accessibility a priority for one of the companies he worked for in the past. They discuss the futue of legal ramifications for sites that do not incorporate accessibility, and what responsibility falls on the shoulders of people who regularly use assistive devices to notify companies of issues. They finish the show with resources available to people who want to learn more.

Links

• The DOM

• Semantic markup writings

• Alt attribute

• Axe by DeQue

• Bootstrap

• Aria lable

• WebAim study

Follow DevChat on Facebook and Twitter

Picks

Charles Max Wood:

• LootCrate

Aimee Knight:

• Implementing Git in Python tutorial

Chris Ferdinandi:

• "Fighting Uphill" by Eric Bailey

• “The Web We Broke” by Ethan Marcotte

• AllBirds sneakers

• Newsletter

AJ O’Neal:

• Golang Channel vs Mutex vs WaitGroup

• Nobuo Uematsu

• The Best Way to Tin Enameled Wire

Joe Eames:

• Gizmos board game

• Thinkster.io accessibility course (not released yet)

Chris DeMars:

• Dixxon Flannel Company

• Aquis.com accessibility simulator

• Refactr accessibility workshop in June

• Follow Chris

Sponsors

• Triplebyte offers a $1000 signing bonus
• Sentry use the code “devchat” for $100 credit
• Linode offers $20 credit
• CacheFly

Panel

• Joe Eames

• AJ O’Neal

Episode Summary

In this episode of JavaScript Jabber, Joe Eames and AJ O’Neal talk about what TypeScript is, and their background and experiences with it. They discuss the different kinds of typed languages such as dynamic vs static, strong vs weak, implicit vs explicit casting and the reasons for selecting one type over the other. AJ shares his opinion on not preferring TypeScript in general, while Joe offers a counter perspective on liking it, and both give a number of reasons to support each argument. They talk about some final good and bad points about TypeScript and move on to picks.

Links

• TypeScript
• CoffeeScript

Follow JavaScript Jabber on Devchat.tv, Facebook and Twitter.

Picks

Joe Eames:

• Cypress
• What if your dev environment was a PWA? ???? | Eric Simons
• Angular 8 Intergalactic
• Star Wars Tantive IV Lego set

AJ O’Neal:

• Measure What Matters
• @root on npm
• @bluecrypt on npm

Episode Summary

Douglas is a language architect and helped with the development of JavaScript. He started working with JavaScript in 2000. He talks about his journey with the language, including his initial confusion and struggles, which led him to write his book JavaScript: The Good Parts.

Douglas’ take on JavaScript is unique because he not only talks about what he likes, but what he doesn’t like. Charles and Douglas discuss some of the bad parts of JavaScript, many of which were mistakes because the language was designed and released in too little time. Other mistakes were copied intentionally from other languages because people are emotionally attached to the way things “have always been done”, even if there is a better way.

Doug takes a minimalist approach to programming. They talk about his opinions on pairing back the standard library and bringing in what’s needed. Douglas believes that using every feature of the language in everything you make is going to get you into trouble. Charles and Douglas talk about how to identify what parts are useful and what parts are not.

Douglas delves into some of the issues with the ‘this’ variable. He has experimented with getting rid of ‘this’ and found that it made things easier and programs smaller. More pointers on how to do functional programming can be found in his book How JavaScript Works 

Charles and Douglas talk about how he decided which parts were good and bad. Douglas talks about how automatic semicolon insertion and ++ programming are terrible, and his experiments with getting rid of them. He explains the origin of JS Lint. After all, most of our time is not spent coding, it’s spent debugging and maintaining, so there’s no point in optimizing keystrokes.

Douglas talks about his experience on the ECMAScript development committee and developing JavaScript. He believes that the most important features in ES6 were modules and proper tail calls. They discuss whether or not progression or digression is occurring within JavaScript. Douglas disagrees with all the ‘clutter’ that is being added and the prevalent logical fallacy that if more complexity is added in the language then the program will be simpler. 

Charles asks Douglas about his plans for the future. His current priority is the next language. He talks about the things that JavaScript got right, but does not believe that it should not be the last language. He shares how he thinks that languages should progress. There should be a focus on security, and security should be factored into the language. 

Douglas is working on an implementation for a new language he calls Misty. He talks about where he sees Misty being implemented. He talks about his Frontend Masters course on functional programming and other projects he’s working on. The show concludes with Douglas talking about the importance of teaching history in programming. 

Panelists

• Charles Max Wood

With special guest: Douglas Crockford

Sponsors

• Sustain Our Software

• Sentry use the code “devchat” for 2 months free on Sentry’s small plan

• Views on Vue

Links

• JavaScript: The Good Parts

• How JavaSript Works

• “This” variable

• ECMAScript

• C++

• JS Lint

• ECMA TC39

• Dojo

• Promise

• RxJS

• Drses

• Misty

• Tail call

• Frontend Masters course JavaScript the Good Parts

Follow DevChatTV on Facebook and Twitter

Picks

Charles Max Wood:

• Superfans by Pat Flynn

• SEO course Agency Unlocked by Neil Patel

Douglas Crockford:

• The Art of Computer Programming by Donald Knuth

• Game of Thrones

• Follow Douglas at crockford.com

Today the panel is talking about security features that are being added to Node 13. AJ talks about the background and what he’s working with Let’s Encrypt. He talks about changes that Node has made to the TLS module. TLS is a handshake that happens between a client and a server. They exchange certificates, generate some random numbers to use for encryption, and TLS handles the encryption. The move to HTTP/2 is all about fixing legacy bugs and legacy features from the SSL days and reducing the number of handshakes.

AJ talks about the difference between TLS and HTTPS. While TLS reduces the handshakes between client and server, HTTPS is just HTTP and has no knowledge that TLS is going on. HTTP/2 is more baked in as both encryption and compression are part of the specification and you get it automatically. HTTP/2 is also supposed to be faster because there’s fewer handshakes, and you can build heuristic based web servers. Since browsers have varying degrees of compatibility, a smart HTTP/2 server will classify the browser and anticipate what files to send to a client based on behavior and characteristics without the client requesting them

A lot of these new features will be built into Node, in addition to some other notable features. First, there will now be set context on the TLS object. Second, if you’re connected to a server, and the server manages multiple domains, the certificate will have multiple names on it. Previously, each different server name had a different network request, but now a .gitcertificate will let you get all the metadata about the certificate, including the primary domain and all the secondary domains and reuse the connections. 

These new features are a great improvement on the old Node. Previously, the TLS module in Node has been an absolute mess. These are APIs that have been long neglected, and are long overdue core editions to Node. Because of these additions, Node Crypto has finally become usable. HTTP/2 is now stable, usable, and has backwards compatable API, and a dictionary of headers to make it more efficient in compression.

The conversation turns back to certificates, and AJ explains what a certificate is and what it represents. A certificate has on it a subject, which is a field which contains things like common name, which in the case of HTTPS is the server name or host name. then it will have subject alternative names (SAN), which will have a list of other names that are valid on that certificate. Also included on the certificate is the name of the authority that issued the certificate. AJ talks about some of the different types of certificates, such as DV, OV, and EV certificates. They differentiate between encryption and hashing. Hashing is for verifying the integrity of data, while encryption can be used either as signing to verify identity or to keep data owned privately to the parties that are part of the connection. Encryption does not necessarily guarantee that the data is the original data. The show concludes with AJ talking about how he wants to make encryption available to the average person so that everyone can share securely. 

Panelists

• Steve Edwards

• AJ O’Neal

• Charles Max Wood

Sponsors

• Tidelift

• Sentry use the code “devchat” for 2 months free on Sentry’s small plan

• Ruby Rogues

Links

• Let’s Encrypt

• Greenlock

• HTTP/2

• Node.js

• Node Crypto

• JWK

• LZMA

• Gzip

• Broccoli.js

• HTTPS

• GCM

• ASN.1

• OWASP list

• jwt.io

• Diffie Hellman Key Exchange

• Khana Academy Diffie-Hellman Key Exchange pt.2

Follow DevChatTV on Facebook and Twitter

Picks

Steve Edwards:

• Panasonic SD-YD250 bread machine

AJ O’Neal:

• Greenlock v.3

• Samsung Evo 4 TOB paired with 2012 Macbook Pro

• Dave Ramsey on Christian Healthcare Ministries

Charles Max Wood: 

• Velcro straps

• Mac Pro Upgrade Guide

In this episode of JavaScript Jabber the panel interviews security expert, Kevin A. McGrail. He starts by explaining what security frameworks and what they do. The panel wonders how to know if your developers are capable of self-auditing your security or if you need help. Kevin shares recommendations for companies to look at to answer that question. 

Aimee Knight explains the hell she has been in making changes to be compliant with CCPA. The panel considers how policies like this complicate security, are nearly impossible to be compliant with and how they can be weaponized. They discuss the need for technical people to be involved in writing these laws. 

Kevin explains how you can know how secure your systems actually are. He shares the culture of security first he tries to instill in the companies he trains. He also trains them on how to think like a bad guy and explains how this helps developers become security first developers. The panel discusses how scams have evolved and how the same scams are still being run. They consider the importance of automated training and teaching developers to do it right the first time.

Finally, they consider the different ways of authentication, passwords, passphrases, sim card, biometrics. Kevin warns against oversharing or announcing vacations. The panel discusses real-world tactics bad guys use. Kevin explains what he trains people to do and look out for to increase security with both social engineering and technical expertise. 

Panelists

• Aimee Knight

• AJ O’Neal

• Charles Max Wood

• Dan Shappir

• Steve Edwards

Guest

• Kevin A McGrail

Sponsors

• ABOUT YOU | aboutyou.com/apply

• Split

• CacheFly

____________________________________________________________

"The MaxCoders Guide to Finding Your Dream Developer Job" by Charles Max Wood is now available on Amazon. Get Your Copy Today!

____________________________________________________________

Links

• Ghost in the Wires

• https://www.infrashield.com/

Follow DevChatTV on Facebook and Twitter

Picks

Aimee Knight:

• The More Gender Equality, the Fewer Women in STEM 

AJ O’Neal:

• I'll Let Myself In: Tactics of Physical Pen Testers 

• Copying Keys from Photos, Molds & More 

• The LED Traffic Light and the Danger of "But Sometimes!" 

• Regina Spektor 

• The Weepies 

Dan Shappir:

• This is what happens when you reply to spam email 

• What is Your Password? 

Kevin A McGrail:

• XKCD Security 

• IT Crowd

• https://spamassassin.apache.org/

Steve Edwards:

• XKCD Password Generator 

• Nerd Sniping

Sasson, Diane, 1946-

Martin, Benjamin F., 1947-

Dobbs, Ricky F

Park, Jane Chi Hyun

Moon, Krystyn R., 1974-

Stadler, Nurit

Krutikov, Mikhail

Horn, Michiel, 1939-

Kennedy, Theodore R., 1936-

Lause, Mark A

Kabir, Nahid Afrose

Young, Vershawn Ashanti

Chapman, Elwood N

Spergel, Irving A

Payne, Pedro R., 1964-

Winkler, Ira

Sawyer, R. Keith (Robert Keith)

Thompson, Katrina Daly, 1975-

Sachikonye, L. M