Highlights of NodeConf Colombia
Last Friday and Saturday, was the first version of NodeConf Colombia, and it was a massive success. With roughly 360 people attended, 13 speakers, 11 sponsors, 2 MCs, 10 organizers, and one common platform: Node.js.
On the first day, there were four simultaneous workshops. NodeSource team members hosted a popular workshop, “Profile & Analyze Node.js Applications like a Pro,” in which attendees learned how to analyze common Node.js diagnostic data, giving them the power to understand CPU profiles, memory usage, and other indicators. The room was full with around 150 people!
In the afternoon there was a Code+Learn session where the attendees were assigned an issue in GitHub and they had the opportunity to create their first contribution to the core of Node.js! Everyone was very excited and a lot of contributions were made and merged!
One key aspect that made NodeConf Colombia so successful was the quality of the talks, with national and international speakers that presented the most relevant topics of Node.js including:
Anna Henningsen - Node.js feature live coding
Anna is one of the most active Node.js contributors and in her talk, she re-builds a simple and very used Node.js core feature from scratch:
First, she explains where this feature comes from (hint: it’s not the language!), is managed by event loop, and more specifically, by
libuv (a multi-platform C library that provides support for asynchronous I/O based on event loops) and how
libuv provides timers as
The timeout function includes: libuv data (
uv_timer_t), event loop, timeout duration, native callback, C++ object, JS object, and async tracking. Then, Anna proceeded to do a live coding session on how
setTimeout() is implemented in the core of Node.js...and she nailed it!
Diego Paez - Building up on Dat
Dat is a community-driven project, a powerful decentralized data sharing-tool, built for scientific and research data. Diego first explains the fundamental concepts for working with dat like:
- Feeds: a simple data structure, immutable with a logical order and easy to index that allows efficient data sharing
- replication process: for synchronization of the feeds
- swarm: a network of peers with a common interest
- discovery mechanism: how you can access to swarm
- dat link: a URL with superpowers that encrypts data
Then he explained some modules that we can use to program decentralized applications such as hyperdrive, dat-js and dat-node, and he offered some really cool demos on how some of them work. Finally, he talked about what’s next for Dat:
hyperdrive v10 and
Matt couldn’t go to the event, BUT he did his amazing talk through video conference. His talk starts in 2009 when Node.js was first released and the functionality of async “was awful”.
Asynchronous behavior was first handled by a combination of callbacks and events. Callbacks can be confusing and “callback hell” is something we don’t want to run into. Events are non-compositional, that’s why there had to be a better way. The answer: promises. It was first introduced in Node.js v. 8.0 and it made things better with
async/await. Then, Node.js 10.0 added native API promises, making possible to do
const fs = require(‘fs’).promises;
He then explains the concept of
AsyncIterables and where will we go next on async programming:
ECMAScript Observable and
Emitter. If you are curious about this topic, don’t miss his talk once the videos are released!
James Snell - A QUIC Update for Node.js
James is the main contributor to the QUIC protocol in Node.js. While still very experimental and new, a lot of progress is being made. This protocol will enable exciting new possibilities and applications! So it’s important to keep an eye on.
First, James introduces the fundamentals of QUIC; the new transport protocol for HTTP/3, then he explains the difference between UDP vs. TCP (both are protocols used for sending bits of data, and UDP works similarly to TCP, but without taking into account all the error-checking information).
People in general--including the folks over at Google-- think UDP is a safe bet for HTTP/3. However, UDP can be unreliable, packets might get lost, it has no congestion control, a network can be overwhelmed, it has no confidentiality, is connectionless, and packets are independent of one another. QUIC is designed to fix all of these issues.
James shows a server and client examples on how it works and once QUIC is implemented, the existing HTTP/2 API in Node.js will use it transparently when supported by both endpoints, and the goal is to land experimental QUIC in Node.js 12.x (Before October 2019) and exit experimental by Node.js 14.x (April 2020)
Andrea Griffiths - Tan Egoista! OSS to level up your career, reputation or to get your first job
Andrea is an extraordinary Colombian woman working for GitHub. She first explains the concept of “Ethical Selfishness” => it’s important to take care of your own interests at the same time improving your career:
- Why? Use your contributions to achieve your goals!
- Where? The open source software ecosystem
- How? Combining your cunning and the principles taught on her talk
One of the unique aspects of open source software is that we can ALL contribute. She shows the top 10 OSS project in the world and encourage the audience to get involved.
If you are new and want to contribute, these are some useful advice:
- Select your type of contribution: documentation, community, triage issues, code
- Select your first project
- You can choose a friendly community to contribute
- Start contributing!
In conclusion, you can level up your career by getting involved in communities, start contributing to OSS, never stop learning, and be selfish but be humble!
Miguel Bolivar - ☢️ Common JS anti-patterns ⚠️ Impostor syndrome included ☣️
- Avoid arrow functions when it is not necessary (you can use
forEach()in many cases)
- Avoid callback hell, you can wait before launching promises, or use functions to avoid this problem
New Promisewhen not necessary
- Complexity, length, and arguments. He explains the cyclomatic and cognitive complexity, the length of the arguments should be relatively small and functions should not exceed 30 lines of code
- Circular dependencies (avoid when A depends on B and B depends on A)
Then he talks about the impostor syndrome and how to deal with it.
His talk was particularly entertaining and funny! Congrats Miguel!
Tierney Cyren - Automating Your Vulnerabilities Away
Tierney first talked about attacks and specifically, different kinds avenues of attack for Node.js applications including:
- Supply chain vulnerabilities
- Social engineering vulnerabilities
- Dependency vulnerabilities
- Runtime vulnerabilities
Then he talked about protection and how to address security (people often end up choosing a single security tool, that tool invariably solves one problem it also ignores all the others), but what is needed is a set of tools that covers each of the vulnerabilities and includes:
- Caching your modules
- Have an incident response plan
- Automated dependency updates
- Use playbooks
- Use an incident commander strategy
- Use npm audit as a CI/CD step
- Know your runtime
- Know if existing deployments are using an insecure runtime
- Know if new deployments are shipping insecure runtimes
- Automatically PR runtime updates (where applicable)
- Use nanoprobe in your CI/CD build steps and build your own tooling using dist/index.json
These are some of the most relevant strategies to automate your vulnerabilities away.
- 9 - Write effective Loops
- 8 - Cache as much as possible
- 7 - Use PM2 instead Node
- 6 - Implement SSL/TLS and HTTP/2
- 5 - Optimise your response
- 4 - Inspect performance issues
- 3 - Use Realtime App Monitoring to analyse your app
- 2 - Use Node.js Streams
- 1 - Learn about Node.js native modules
And as conclusion, Erick encouraged us to remember that most performance problems are human errors, and to always be aware about what your app is responsible for!
Ruben Bridgewater - Error handling: doing it right!
Ruben first explains why is error-handling hard including some very useful examples, then he explores some error classes:
- Create application specific base class
- Validate input
- Move in individual module
- Only source of truth
- Contain all information for users and developers.
Remember: An abstract error module is easy to use and contains ALL NECESSARY
INFORMATION in one place.
Some debugging utils include:
- Proper logging - Stack traces - Unhandled rejection flag
- Use error classes specifically set up for the application
- Implement abstract error handlers
- Always use async / await
- Make errors expressive
- Use promisify if necessary
- Return proper error statuses and codes
What Made NodeConf Colombia Special:
Not only the talks presented were remarkable, but NodeConf CO had several things that made it special and welcoming from everyone.
1. Libuv and V8: the conference started with two things fundamental for the existence of Node.js, Libuv and V8, with the two people that made NodeConf Colombia possible: Julián Duque and Adrian Estrada. (Both are my colleagues at NodeSource ❤️)
2. The organization: thank you to all the organizers for their amazing job! The attention to detail was fantastic, the conference ran smoothly and efficiently and the overall experience for all the attendees was very positive. This conference was a success because of them!
3. The Scholarship Program: there were around 50 recipients of scholarships, which provides individuals from underrepresented groups with support to attend the conference with everything included (from flights/transportation to hotel and food).
4. Diversity: it was a big and diverse conference with people from all over the world with different backgrounds.
5. The food: first big tech conference in Colombia to provide lunch to all the attendees! The food was delicious, with different varieties, and they had many healthy options!
6. A good place to learn, have fun and make new friends: thank you NodeConf CO! The conference was a success!