Henrik Joreteg

Henrik follows up on his “Opinionated rundown of JS frameworks” blog post with a presentation at FFConf, in which he explored topics related to single-page apps, including:

  • Should we build apps that require JavaScript to run
  • What is a “native web app”?
  • What about progressive enhancement?
  • The performance implications of clientside apps
  • Twitter’s move away from clientside back to server-rendered
  • The two classes of web apps
  • User expectations of modern applications
  • Installable web apps
  • True offline support for web apps: ServiceWorker
  • Isomorphic (dual-rendered) applications
  • Picking tools for a rapidly changing environment

Continue reading »

Aaron "Amac" McCall

Eons ago when our story first began, I told you how I needed to make a client app more consistent and efficient by implementing optimistic concurrency and JSON Patch in our model layer.

As I said before, in our app, we combine both of these forces for an efficiency and consistency one-two punch. As I worked through the integration and some other requirements, I realized that a third module that combined the previous two and added some sane defaults for conflict resolution would be really helpful, so I built one. It’s called ampersand-model-optimistic-update-mixin. Say that five times fast, or just call it AMOU (pronounced “ammo”).

Continue reading »

Aaron "Amac" McCall

Today’s entry: Building the Mixins!

This post is second in a three part series that I started with a little bit of background last week.

Building the optimistic concurrency mixin

Following the Human way, I made the optimistic concurrency mixin a CommonJS module and published it with npm. It’s called ampersand-optimistic-sync, but we’ll call it AOS here. AOS replaces the sync method on your Backbone or Ampersand models. Since sync is the core Ajax method, extending there allows AOS to read and write the versioning headers it needs.

AOS supports both the ETag/If-Match and Last-Modified/If-Unmodified-Since approaches for the version information with ETag being the default.

Continue reading »

Adam Brault

For the past year and a half, it’s been our pleasure and privilege to serve CAA, an agency representing many of the most successful professionals in film, television, music, sports, and theater.

Glenn Scott leads the team there. Over the past few years, they’ve transitioned their IT to building custom applications in Node. We’re proud to say we’ve been able to partner with Glenn’s great team at CAA, playing a key role in their work during that time.

Recently, Glenn gave a nice presentation as part of Joyent’s Node on the Road series. In it, he described the way CAA builds applications.

Continue reading »

Adam Baldwin

In just a few weeks on April 30th, the ^lift security team will host their first secure development training on building secure Node.js web applications in Portland, Oregon.

The ^lift team has designed this training to help you understand the security challenges you will face when developing Node.js web applications and help you build habits that turn security from a worry or an annoyance, into a comfortable part of writing your code from the very beginning.

Seats at this first class are extremely limited, so grab your spot with the team that’s been trusted to secure tools you use everyday like npm, Github and Ginger, as well as leads the Node Security Project. Also discounted tickets are available if you want to bring your dev team (or hack the system and bring a couple friends, we won’t tell anyone).

Continue reading »

Nathan LaFreniere

Last week, Eran Hammer came to the &yet office to introduce Hapi 2.0.

Hapi is a very powerful and highly modular web framework created by Eran and his team at Walmart Labs. It currently powers the mobile walmart.com site, as well as some portions of the desktop site. With that kind of traffic, you could definitely say Hapi is battle-tested.

Hapi’s quickly becoming a popular framework among Node developers. Since mid-2013, &yet has been using Hapi for all new projects and we’ve begun porting several old projects to use it, too.

Before he started his presentation, Eran casually mentioned that he planned to at least touch on every feature in Hapi, and boy did he succeed.

Continue reading »

Jenn Turner

Next week, yetis Adam Baldwin and Luke Karrys will be traveling to San Francisco to speak at the second Node Summit, December 3-4. Node Summit brings together developers, leaders, and other technologists to discuss Node.js and its role in the future of the web and computing.

Adam will be there representing both ^Lift Security, and The Node Security Project, an ambitious open-source project he founded with the goal of auditing every single module in npm. Adam will be discussing Node.js security with Bert Belder of StrongLoop, Charlie Robbins of Nodejitsu, and Daniel Shaw of The Node Firm.

Continue reading »

Jenn Turner

Web technology and security change so rapidly it can be exhausting to keep up.

We like to have lunch-and-learn type meetings at &yet to help keep each other in the loop on what we’re learning. In the spirit of these timeless “brownbags,” we’ve decided to create a series of short, introductory online classes.

These bite-sized online classes will be focused on giving you a quick introduction to a topic and the chance to ask questions.

The first class, Securing a Node.js Express App, will be taking place next week on Wednesday, August 28, 2013 at 11am Pacific Time with your guide Adam Baldwin, &yet CSO, ^Lift Security team lead and founder of The Node Security Project.

Continue reading »

Nathan LaFreniere

Protocol buffer encoding is hard.

I really wanted to use them, though, seeing as there’s a pretty significant speed increase when you don’t have the overhead of HTTP.

Unfortunately, no one had written a node.js library for it. A couple of C bindings existed, but when I tried to use them, they either didn’t even compile or I couldn’t get them to work. That’s when I had one of my all-too-common breakdowns, and decided to write my own. After all, anything for the sake of increased performance, right?

Using Google’s specifications, I got started. In order to use protocol buffer encoding in any language, you have to start by writing a definition file to describe what messages exist, and what they contain. That definition is used for both encoding and decoding packets.

Continue reading »

Adam Baldwin

Recently it was disclosed that the NPM registry leaked the usernames, salts and sha1 hashes of registry users. Essentially this amounts to a breach of about 4k user accounts.

The issue has since been taken care of and users are being asked (not forced) to change their passwords. The leaked data has been available for a very long time, probably since the registry has been using couch. Everyone should be resetting their passwords. Now.

I first found out and notified Isaac about this on 3/1/2012. I only found out about this because I was looking for potential ways that &! could be compromised.

Continue reading »