Herding Code 189: Gary Bernhardt on The Birth and Death of JavaScript

At NDC London, Jon and K Scott talk to Gary Bernhardt about his talk, The Birth and Death of JavaScript.

Download / Listen: Herding Code 189: Gary Bernhardt on The Birth and Death of JavaScript

Show Notes:

  • (00:15) The talk occurs in the year 2035. JavaScript is now pronounced differently, and there has been another world war.
  • (01:20) Jon ran over to the talk when he heard (via Twitter) that Gary was (or will be, it’s all so confusing) mentioning Singularity.
  • (02:20) Jon asks about Gary’s references to the performance improvements gained by turning off hardware protection. Gary and Jon discuss how Singularity and the (yet to be developed) Asm language offer high performance due to this approach.
  • (04:10) Jon asks why JavaScript has died, since Asm is universal. Gary mentions some of the problems – many historical – with JavaScript. And Gary should know, he’s famous for the "wat" talk showing several JavaScript insanities.
  • (05:37) Jon asks for some reasons why JavaScript had to die. Gary explains how it’s really just running on inertia now, and that it’d be preferable to use a better designed language like Clojure.
  • (06:30) Jon asks what we’re writing our code in, now that it’s compiling to Asm. Gary doesn’t specify that – it’s not really necessary to pick one, and he doesn’t need to alienate anyone unnecessarily.
  • (07:45) Jon asks if Asm is a binary format. Gary clarifies that it’s the JavaScript subset that was proposed in 2012.
  • (08:54) Jon asks if Asm is perfect, or just good enough. Gary talks about how both Asm and the HTML DOM (which also has become universal in 2035) are full of flaws, but they’re better than fragmentation. Jon and Gary talk abouthow
  • (10:45) K Scott says this all sounds plausible, all that’s needed is time. So, why 2035? Gary talks about his reasoning… it could happen faster. He talks about some core services moving into operating system kernels, and Jon and K Scott agree.
  • (12:55) Jon applauds Gary’s 25-30 minute talk length.
  • (13:15) Jon mentions some of the interesting audience questions at the end of the talk. Gary talks about some of the most interesting. All of them were pretty easy except for the question of parallel execution.
  • (15:20) There’s a discussion about the limitations of x86 architecture and parallelism.
  • (16:10) Jon asks about some of the other things Gary’s up to – there are the Destroy All Software screencasts and a consumer product Gary’s working on but isn’t ready to announce yet.
  • (16:40) K Scott asks Gary about relaxation and recreation. Gary says that he’d become really preoccupied with things that were bad in software, and it was stressing him out. He’s made three changes: intentional social interactions, crossfit and playing guitar. All three have helped him be less angry about the state of software… which is all hacks on x86, when we get down to it.

Show Links:

Modern Javascript Development:The arguments object, overloads and optional parameters

Reassign JavaScript Function Parameters In Reverse Order, Or Lose Your Params – In which Derek discovers that arguments object is a data structure with an identity crisis. ;)

That’s just bad, and it’s not specific to node.js. You should use the short circuit in the || operator to assign default values to your parameters instead of relying on ordinal indexes in the args pseudo-array in my opinion.

Modern Javascript Development: constructors and objects

The premise that someone would pass in b and c but not a is also weird. But, whatever. It does cause a problem due to the weird nature of the arguments object The big gotcha here is that JavaScript doesn’t support overloads.

In most languages that do support overloads, you would just define two different functions. One that takes three arguments and one that takes two arguments. But that won’t work since JavaScript is interpreted top-down. The last function definition clobbers the previous definition. So in the Fiddle posted above, the two argument function is the only one that exists.

Derek is correct that the arguments object is funky. It’s an array, but not really an array. It only has a “length” property. But it doesn’t have any really useful methods like pop or push. So assigning the variables in reverse order does work, for the reason you would expect knowing that JavaScript is interpreted top-down. I think a better way would be to convert the arguments objec to a REAL LIVE BOY ARRAY and access the values from that.

It has the same effect, but in my opinion it’s a little easier to understand.

Agile is dead? What’s next?

When I first saw these words written on Twitter I thought, “No way, Agile can’t be dead. There is too much money invested. Too many groups, conferences, books, and tools to be sold.” Turns out, I was right. People weren’t saying that “Agile” is dead, but that the term has been diluted so much as to be meaningless.

I have been thinking about that idea for some time, I actually thought that “Lean” bit the dust long before “Agile” did. Lean was dead as a meaningful term once “Lean startups” started to spring up. So do I really care that “Agile” as a term referring to the Agile Manifesto is dead? Not really.

So what next? Does the over-abundance of money-changers in the Agile temple mean that we give up on Scrum? Lean? Kanban? That we don’t value “Individuals and interactions over processes and tools”? No, we can continue to use these tools if they provide value. I hope that this discussion around the word “Agile” causes teams and individuals to reflect and evaluate what kind of return they are getting based on where most of their energy is spent. I’ve found that most Agile tools are centered around providing feedback and reports to managers (Who, in the Chicken & Pigs store are often Chickens. Often they are just farmhands to really bury the metaphor).

“Why do we need to point all of our stories in Super Frumpy Agile Tool 2.3?”
“So we can measure your velocity.”
“Why do we need to measure our velocity?”
“So we can estimate how long it will take you do finish”
“But velocity doesn’t really tell you when we will finish, only how many points we can get done, on average, in a sprint?”
“blurrggghhhh bar charts!”

Herding Code 188: Pete Smith on Superscribe

At NDC London, Jon talks to Pete Smith about Superscribe, a library which brings graph based routing to ASP.NET, Web API and OWIN.

Download / Listen: Herding Code 188: Pete Smith on Superscribe

Note: There’s a little bit of background noise due to the conference recording.

Show Notes:

  • Intro to Superscribe
    • (00:20) Jon asks Pete to explain what Superscribe’s graph-based routing means. Pete explains how traditional routing needs to check each route for a match, one at a time. Graph-based routing stores using a structure, so there are some performance gains due to only matching routes with a matching structure rather than using string matching.
    • (02:17) Pete explains that graph based routing is language agnostic, so there’s also a JavaScript implementation.
  • Extensibility due to strongly typed route nodes
    • (02:37) Each node in the graph is a strongly typed entity, so you can use an activation function for each node in the graph to determine if it’s a match rather than just using a simple regex match. You can write custom activation functions for any node. For parameter matching, Superscribe uses TryParse rather than regex matches.
    • (04:22) There are three guiding principles behind Superscribe: composability, efficiency and extensibility.
  • The OWIN connection
    • (05:22) Jon asks where Superscribe can be used. Pete says it’s currently usable in Web API and OWIN, with NancyFx and possibly MVC on the way.
    • (06:02) In addition to activation functions, you can also define an action function which says what should happen when a node is matched. This allows running different OWIN middleware based on route matches. This means you can hook up authentication middleware using an action function which will only operate on a specific node.
  • Graphs vs. Trees
    • (08:16) You can hook up optional nodes, which would allow things like an optional /debug/ route prefix which would hook up tracing middleware. Pete says this is something that wouldn’t be possible with tree-based routing (available in NancyFx).
    • (09:00) Jon asks what the difference is between tree-based routing and graph-based routing. Both are connected nodes, and trees are a type of graph in which the node connections branch out and ever reconnect, whereas in a graph any node may connect to any other node.
  • API options: Different ways to define route graphs
    • (09:53) Jon asks how developers will define nodes in Superscribe. Pete talks about the difference between economy and expressivity: economic design has fewer options but is easy to learn, while expressive design offers many options but a steeper learning curve. Superscribe is currently more expressive, using a domain specific language using operator overloads. It overloads the / symbol to add segments and the | operator to allow defining multiple routes (or the entire graph) in a single line.
    • (12:28) Jon says that you can always add an economic API layer over an expressive one. Pete agrees and says that since everything’s strongly typed underneath, you can configure it explicitly or fluently  as well (if you don’t like the DSL).
    • (13:14) Jon asks about how to hook in action functions or activator functions. Pete says they’re currently not available in the DSL, so you’d need to build those notes out by hand at this point.
  • Miscellaneous questions and pretend ending
    • (15:08) Jon asks about using routes for localization. Pete talks about some options for doing that.
    • (16:28) Jon asks what’s next on the list. Pete lists some features: syntax improvements and OWIN middleware ideas.
    • (19:12) Jon asks how people can learn more and keep up, Pete talks about Superscribe.org.
    • (20:12) Jon asks about the use case for Superscript in JavaScript. Pete talks about how activation functions are really useful in single page applications and how he’s using this in a production application. He’s working on packaging this up as Superscribe.js.
  • Update on the 0.4 release (follow-up phone call)
    • (22:11) Jon asks what’s new in the 0.4 release. Pete starts by describing some improvements to the routing syntax.
    • (23:02) You can now combine Web API replacement routing, traditional routing, Attribute Routing and Superscribe in the same application, so you can pick and choose.
    • (23:24) You can wire it up with an IOC container, so you can compose different components based on routes. You can also use route information in OWIN middleware.
    • (23:56) Everything about the new release is up on the Superscribe.org site.

Show Links:

Herding Code 187: Brock Allen on ASP.NET Security and Identity

At NDC London, Jon and K. Scott talk to Paul Betts about several of his recent open source libraries designed to simplify cross platform development on C#.

Download / Listen: Herding Code 187: Brock Allen on ASP.NET Security and Identity

Show Notes:

  • Intro
    • (00:18) Brock gave two presentations on security at NDC, as well as a two day pre-conference workshop with Dominick Baier (also on security).
  • Brock’s contribution of CORS support to ASP.NET Web API
    • (00:35) Jon asks Brock about the CORS support he recently contributed to ASP.NET Web API. Brock tells the history of how he built a CORS implementation at Thinktecture and how he went about contributing it.
    • (01:21) Jon asks Brock about what was involved in his CORS implementation. Brock describes the limitations browsers place on cross-origin requests and how CORS solves that. It’s defined in the HTML5 specs and is supported by all modern browsers.
    • (02:12) Jon asks what’s required on the server for CORS to work. Brock explains how servers respond to browsers to tell them they support CORS and which other servers they want to allow communications with.
    • (02:45) The most common form of browser communications for CORS is via an OPTIONS request from the browser, to which the server responds using predefined headers.
    • (03:14) K. Scott asks about the process of getting his CORS implementation added to the ASP.NET Web API codebase. Brock explains the process, including his big pull request and the month of work he and Yao put in to getting the code "Microsoftified." Brock’s implementation was pretty broad, the shipping version was targeted just at Web API.
  • Thinktecture Identity Model
    • (04:59) Jon asks if there’s any reason to use the Thinktecture Identity Model version now. Brock explains the other areas that Identity Model supports, and that many of the features of Thinktecture Identity Model have been removed as ASP.NET Web API has added a lot of these features to the core.
  • ASP.NET Identity and Membership Reboot
    • (06:09) K. Scott asks how the identity features in Thinktecture Identity Model compare to the new features shipped in the new ASP.NET Identity system. Brock describes the problems that the ASP.NET Identity system was designed to solve.
    • (07:02) Brock describes the membership system he wrote as an alternative to the ASP.NET provider model system, called Membership Reboot. His Membership Reboot system includes things like password resets and e-mail account verification which are not in the initial version of ASP.NET Identity, but he thinks that the new system is well architected to add these in, since it’s just a NuGet package.
    • (07:42) Jon asks Brock about the other features Membership Reboot covers. Brock says that was the subject of one of his talks – how he implemented features like password reset, e-mail verification and two factor authentication without opening up attack vectors.
  • ASP.NET Security
    • (08:27) K. Scott asks about the other talks Brock did at NDC London. His other talk was on ASP.NET Core Security – he focused on teasing apart the membership and forms authentication parts so they’re understood as separate components.
    • (09:20) Jon asks Brock how he got interested in security. Brock talks about his background in programming, and how he thinks it’s interesting to see how the different parts work together.
    • (09:48) Jon talks about cases he sees where developers decide they want to write their own security implementations for speed or other reasons. Brock says that was one of the key points of his talk: you don’t want to implement those things yourself.
    • (10:19) Jon asks about common security issues that developers commonly forget to consider. Brock lists several: proper implementation of SSL, password management, etc.
  • What’s Next For Brock?
    • (11:09) Jon asks what’s next for Brock. He’ll be busy: he’s got a lot of course rework for recent updates, Identity Server v3 (with OpenID Connect).
    • (11:46) Jon asks how OpenID Connect affects him as a developer.
    • (13:15) K. Scott asks what Brock does to relax. Brock does Tai Chi and Kung Fu.

Show Links: