&yet

Three weeks ago we announced the return of RealtimeConf and we couldn’t be more excited. While the conference still remains a curated experience (and you can see what we’re talking about in the 2013 recap on Vimeo) we’re doing something different this year—opening a Call for Speakers.

We’re looking for presentations on all the things related to realtime technologies and surrounding topics (not necessarily technical). Remember that this is an event meant to inspire and challenge the people pushing the web forward. Multiple submissions are more than welcome, and encouraged.

Need Help?

We’re committed to facilitating both audience and speaker diversity. If you’re a first time speaker, worry not—we’re happy to walk you through the proposal process and talk preparations as well. Check the submission guidelines or simply reach out through email or Twitter to request assistance.

The other day I was trying to add some functionality to a project I was writing some code for. It was a project with many people on it, and it was well under way when I got there. I was told that some of what I was going to be writing had been figured out already by another teammate, so I went to see what I could learn from their work.

Turns out, a lot.

You see, it ended up taking me about a day to ship the feature. But that day of work was built off of the weeks of work that my coworker had spent shaking out all the quirks, holes in documentation, and edge cases already solved when they worked on their part of the project.

They made my job look easy. It was tempting in hindsight to say, “Of course this is the way to do it,” after seeing their code. It wasn’t though. If they hadn’t laid the groundwork before me I’d have spent the same amount of time (or more) than they did just to get to where things were at when I started.

Next week on May 28th I'm going to host the second Navigator Office Hours focused around Node Security.

For the last 3+ years I’ve been focused on helping developers build more secure Node.js applications. We found a lot of patterns and tools that work and have done significant amount of research into the Node ecosystem, which I’ll briefly talk about.

I will also give a quick demo of requireSafe and maybe give a sneak peak of some features to be included in the upcoming release.

Most importantly, this will be a collaborative forum to get your questions get answered. I’m here to provide guidance and offer whatever help I can.

We’ve come long way from the simple static sites of the early web, yet somehow, I really miss it.

It was so awesomely simple to be able to write some HTML, CSS, and JavaScript, then FTP those files to a server somewhere and “Bam!” a site is launched!

Of course we can still do that for simple static content, but what about native web apps (a.k.a. single page apps).

Can we build apps as static sites?

&yet CTO Peter Saint-Andre will make a guest appearance tomorrow at 9 AM Pacific on episode 541 of the VoIP Users Conference, a weekly, live discussion about VoIP, SIP, Asterisk, WebRTC, and all things telephony.

Likely topics will include:

• Our plans for Talky, including the upcoming Kickstarter campaign
• Our experience with XMPP & WebRTC, the Jitsi Videobridge, and other parts of the Otalk platform
• How to improve the developer experience for WebRTC
• Where we are seeing the most activity in WebRTC applications
• Is the age of the general-purpose communications app over?
• Will we ever see federation with WebRTC - or just more silos?

Visit the VUC homepage on the Interwebs for all the details on how to join the conversation in realtime (video recording to follow).

This month, &yet’s lead WebRTC engineer Philipp “Fippo” Hancke has been invited to speak at Tokbox’s TechTok on May 21.

As a veteran software developer, messaging and distributed systems have been a passion of Fippo for many years. He is also one of the leading non-Google contributors to the webrtc.org WebRTC library, which is used by Chrome, Opera, Google’s iOS and Android WebRTC SDKs, and others.

This TechTok will focus on Failing gracefully with WebRTC, or everything you need to know about how to handle failures with WebRTC.

Register to attend TechTok here however, if you can’t make it to this event, Tokbox will have a limited number of virtual seats available so tweet at them at @tokbox if you’re interested.

Microservice is a buzz-word we’ve been hearing a lot of lately, however, it’s neither a new concept, nor is it a bad idea. Writing your processes as APIs in such a way that they can be run many times enables horizontal scaling and availability and has been a common best practice for quite awhile, but the subtleties of dealing with user information in a microservice should be addressed.

Authentication and Authorization

Each microservice should not have to do its own authentication, but it does need to do its own authorization. At Seaworthy, we like to run an openid-connect (an oAuth extension) service that handles logins and token generation separate from the rest of the APIs, which lines up pretty well with the whole microservice way of doing things. In the end, the other APIs receive the webtoken either directly or are pre-validated through a gateway. The API can safely assume each request is authenticated, but this doesn’t give us much in the way of object-level permissions (AKA authorization).

Each API should keep track of its own object-level permissions, and it can do so without anything more than a pre-validated userid or groupid. Simply record an object or row that has the id of the object, the id of the user or group, and a set of flags for which permissions they have on that object. That way, when a user tries to do an action on an object, we can join to the appropriate permissions object if it exists, and determine what the user can and can't do to that object. The point is, object-level-permissions exists in the microservice database store without extra user context.

When we set out creating services under the Seaworthy banner (our Node, Frontend and Ops Consulting services), we quickly realized that the best way to help you out was to be able to answer your questions (or at least be able to find you an answer).

Quickly we realized that we needed to better understand a number of things:

• What are the problems you’re currently facing?
• What does your workflow look like?
• Do you maintain a set of best practices?
• What are some of the paths you’ve already tried?
• Did you try turning if off and turning it on again? (Just kidding about that last one.)

So, in order to start those conversations, we created Navigator Office Hours, a weekly hour-long session hosted by one of the many experienced Node developers on our team.

Lead &yet WebRTC engineer Philipp “fippo” Hancke has been very busy recently examining the inner workings of some of your favorite voice and video services. Just a few weeks ago, he wrote up his findings on the popular chat app WhatsApp for webrtcH4cKS. And this week, we have an analysis of Facebooks Messenger service, which recently added videochat.

You can also follow the series of reports at andyet.com/webrtc-reports.

Later this month, he’ll be speaking candidly about more of his discoveries at Twilio’s SIGNAL Conference in San Francisco. In “WebRTC exposed: What we can learn from blackbox exploration of popular voice & video services” fippo explains the findings as well as the lessons that can be learned for WebRTC.

If you’ll be at SIGNAL be sure to ping fippo) or Peter to say hello!

This Thursday Ampersand.js and Human JavaScript author Henrik Joreteg is speaking at SeattleJS in—you guessed it—Seattle!

Fresh from his appearance at this year’s Fluent Conf, Henrik will be speaking to the crew at SeattleJS on his opinions about Native Web Apps.

Check out this quick interview from Fluent on Native Web Apps (or is it Single Page Apps??).