davidcalhoun/gist:9281828

## gistfile1.txt
Didn’t attend everything.. kinda bummed I got there too late to see TJ (new Node maintainer).

Most of these talks were basic or more philosophical.  Some interesting takeaways:
-resistance to Node is more political than anything.  The tech is ready, many enterprises are already using Node
-it is a bandwagon technology right now, but there’s benefits to that.  After Walmart tweeted on Black Friday about using Node.js to handle traffic (https://twitter.com/eranhammer/status/406300408647139328), they started seeing better candidates come to interview for them
-PayPal’s Erik Toth about the transitivity of technologies: "in 5 years, node will be replaced… (oops did that get recorded?)”.

Here’s some random notes that may or may not make sense.  They were recording, so I’m sure the videos will be posted:

10am Security (Adam Baldwin):
vulnerability: npm postinstall scripts: can be disabled through .npmignore
nodejs-sec list
Node Security Project
  -eventual goal is for npm integration
common npm misnames: missing punctuation, etc
-coffeescript test: took a week to remove fake module
-linting pre-commit
-npm shrinkwrap
-retire.js - scans code for vulnerable dependencies (outdated versions)
-OWASP top 10: top vulnerabilities and defences
-every developer is a vulnerability: the patch is to educate them


11AM The business case for Node (Joe McCann):
-node: 5 years old
-enterprise is now actively contributing
-node is ready for enterprise
-many people trying to sneak node into enterprise by building a project within a few days as proof of concept
-PayPal as user of node
-PayPal: same amount of requests for less hardware
-GroupOn
-PayPal: page load times decreasing by 50%
-WalMart
-after WalMart Black Friday tweet: Node.js attracted better quality candidates
-Yahoo
-faster and more efficient coding
-devs have less of a reason to leave (since they're doing something they like).  Hiring and retaining talent
-savings in using less hardware
-argument: the more Node.js is used in the stack, the more people will benefit
-audience Q: how do you get Java devs or other folks, where their life has been based around Java for ten years?  How do you get them on board with Node.js?
-audience: livability/maintainability of node?  Dav Glass: highly modularized.  Each module does one thing, and does it really well.  One module doesn't take on too much responsibility.
-audience: failure stories with node = packages that don't exist yet


1PM Moving a large developer workforce to NodeJS (Erik Toth)
-argument for node might be business-related, not technical
-not just a tech choice, it's a philosophy
-folks arguing against will parrot what they've read; outdated info.  (typing, fibonacci perf..  but are these practical problems?)
-"it's a fad!"
-"real engineers use *"
-real secret: influencers
-attempts: prototypes, showing to boss, etc.  Not about that - it's about politics, about influencers
-Kraken: on top of express.  Internal installation is setup with PayPal config. Alternative: happi?  Restify
-highly recommend against npm install in release process, because of registry instability.  Also tested code might differ from released code.
-started with mocha/chai -> tape/tap?
-Erik: "in 5 years, node will be replaced… oops did that get recorded"
-6 month process to get PayPal to vet node in their infrastructure.
-PayPal wallet app: parallel dev on Java and Node.  Java team wanted to quit and move to Node
-pm2 (runs in node) as watcher for node process.  alternative: yahoo(?) monit
-"cluster" written in app & ssl are deployment artifacts.  benefit to using pm2 here
	Didn’t attend everything.. kinda bummed I got there too late to see TJ (new Node maintainer).

	Most of these talks were basic or more philosophical. Some interesting takeaways:
	-resistance to Node is more political than anything. The tech is ready, many enterprises are already using Node
	-it is a bandwagon technology right now, but there’s benefits to that. After Walmart tweeted on Black Friday about using Node.js to handle traffic (https://twitter.com/eranhammer/status/406300408647139328), they started seeing better candidates come to interview for them
	-PayPal’s Erik Toth about the transitivity of technologies: "in 5 years, node will be replaced… (oops did that get recorded?)”.

	Here’s some random notes that may or may not make sense. They were recording, so I’m sure the videos will be posted:

	10am Security (Adam Baldwin):
	vulnerability: npm postinstall scripts: can be disabled through .npmignore
	nodejs-sec list
	Node Security Project
	-eventual goal is for npm integration
	common npm misnames: missing punctuation, etc
	-coffeescript test: took a week to remove fake module
	-linting pre-commit
	-npm shrinkwrap
	-retire.js - scans code for vulnerable dependencies (outdated versions)
	-OWASP top 10: top vulnerabilities and defences
	-every developer is a vulnerability: the patch is to educate them


	11AM The business case for Node (Joe McCann):
	-node: 5 years old
	-enterprise is now actively contributing
	-node is ready for enterprise
	-many people trying to sneak node into enterprise by building a project within a few days as proof of concept
	-PayPal as user of node
	-PayPal: same amount of requests for less hardware
	-GroupOn
	-PayPal: page load times decreasing by 50%
	-WalMart
	-after WalMart Black Friday tweet: Node.js attracted better quality candidates
	-Yahoo
	-faster and more efficient coding
	-devs have less of a reason to leave (since they're doing something they like). Hiring and retaining talent
	-savings in using less hardware
	-argument: the more Node.js is used in the stack, the more people will benefit
	-audience Q: how do you get Java devs or other folks, where their life has been based around Java for ten years? How do you get them on board with Node.js?
	-audience: livability/maintainability of node? Dav Glass: highly modularized. Each module does one thing, and does it really well. One module doesn't take on too much responsibility.
	-audience: failure stories with node = packages that don't exist yet


	1PM Moving a large developer workforce to NodeJS (Erik Toth)
	-argument for node might be business-related, not technical
	-not just a tech choice, it's a philosophy
	-folks arguing against will parrot what they've read; outdated info. (typing, fibonacci perf.. but are these practical problems?)
	-"it's a fad!"
	-"real engineers use *"
	-real secret: influencers
	-attempts: prototypes, showing to boss, etc. Not about that - it's about politics, about influencers
	-Kraken: on top of express. Internal installation is setup with PayPal config. Alternative: happi? Restify
	-highly recommend against npm install in release process, because of registry instability. Also tested code might differ from released code.
	-started with mocha/chai -> tape/tap?
	-Erik: "in 5 years, node will be replaced… oops did that get recorded"
	-6 month process to get PayPal to vet node in their infrastructure.
	-PayPal wallet app: parallel dev on Java and Node. Java team wanted to quit and move to Node
	-pm2 (runs in node) as watcher for node process. alternative: yahoo(?) monit
	-"cluster" written in app & ssl are deployment artifacts. benefit to using pm2 here