CascadiaFest: Server JS Morning Part 2 Notes

The second half of the morning should prove just as brain charging for CascadiaJS Server Day.

Greg Bulmash: Kids, JS, and Minecraft: A ‘Dynamite’ Combo

To do Minecraft Modding normally done in Java, but have extensions to program in other language including JavaScript.

Why JavaScript?

Want something simple. One short line vs. complex in Java

Minecraft + JS = Scriptcraft

Links: CanaryMod (need to run server), Yiddish.Ninja workshop docs

Live demo!

Have JavaScript console right into the game. The creator created a large helper library to help create things in Minecraft.

Slides

Adam Baldwin: The Art of Identifying Vulnerabilities

What is a vulnerability? Is it a bug? Is it a weakness?

A promise that can be broken.

Something that can break the promise of confidentiality, integrity, and availability.

To find vulnerabilities, you need systems, security knowledge, and curiosity.

Systems

You must understand the nuances of the systems you create and consume. e.g. What the heck is the event loop anyway?

See slides for other JS Nuances

The area is growing as we get into ECS6.

Vulnerabilities are prevalent between one system & another.

Not just about the code, it’s about other systems. e.g. NPM;

Whose code are you running in production?

Just one person might be dependent on packages which are then dependent on further packages.

Vulnerabilities multiply in the presence of complexity.

e.g. new OpenSSL vulnerability; 300,000 lines of code

Security

Where to start? Intuitive trust that happens without conscious decision. Get something to do something not designed for. What promises does it make?

Analyze and test.

Learn from others

Curiosity

We’re not going to find anything without curiosity even if you have all the knowledge.

Do things to your application that you normally wouldn’t. Shed all prior knowledge, act like a child.

How can it be used in other ways? What assumptions are you making? Ask questions.

It’s about what you don’t know not what you know.

Process

  1. Understand code, threat model
  2. identify inputs (sources)
  3. identify sinks
  4. follow the data source -> sink
  5. test & validate
  6. repeat

Live Demo!

Once you understand sinks and manually checked it, you can automate it.

Be okay with boring, monotonous and unfruitful testing. Be persistent.

Don’t try to do it all at once. Work with your teammates, and the community.

Parashuram N: Automating Web Performance Measurement

Manager says the site feels slow.

As a dev, trying to lower the site load time, but want to make sure the user is happy after the site is loaded. Turns out the complaint was about the site after load, not slow loading.

Used Reading Progress Indicator: show how much user has scrolled, should move vertically based on scroll, save how much user has scrolled.

Found running almost 60 FPS, and a whole bunch of random events that the browser was doing.

Reduced animation events and amount.

Automating Profiler Process

performance is a feature. Should have test suites, continuous integration

Steps for Fixing performance

  1. Scroll the page in browser
  2. Collect the timeline data
  3. Fix it

Can write own code, or use something like Selenium, Google Chrome Timeline tools

Tool: Browser-perf, open source baed on Chromium perf suite, run any selenium action, supports major browsers. Integrate with Grunt, Protractor, etc.

Monitoring Performance trends in JavaScript Frameworks

Icons on the page – turns out fonts are faster (vs. SVG)

Become the performance champion!

Slides

Lunch Time

Grab a friend and grab some lunch
two mice together

Published by

Cynthia

A librarian learning the ways of technology, accessibility, metadata, and people

Leave a Comment

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s