Podcasts about event stream

Event Stream Request I Want To Stream Your Events Please talk with me on MEETN to coordinate live stream dates and times. [https://meetn.com/jackbosma](https://meetn.com/jackbosma) is provided. Say hello when joining and share the MEETN link. https://anchor.fm/jack-bosma3/episodes/Event-Stream-Request-e1s1i04 #meetn #stream #meetings --- Send in a voice message: https://anchor.fm/jack-bosma3/message Support this podcast: https://anchor.fm/jack-bosma3/support

Previously, in episode 2, Dr. Esteberger of Area J explains point clouds, FOJIP polyhedrons, and type 2 simulations, then draws our attention to the fact that John Spillers was one of the 39 men left behind at La Navidad in 1492 by Christopher Columbus—that Spillers stopped aging in 1518 as a side effect of the deformation of his human luminescence. He also suggests that Spillers has become unclamped from the human layer of the Event Stream. In episode 3, we peek into the top secret interrogation facility at Ramey Air Force Base, and learn about two of its occupants: a 460 year old ceiba tree and Captain Cristian Monserrate Sepulveda. https://roughmasters.substack.com/p/3-the-memories-of-trees-and-men

「Blackmagic Design導入事例：ライブストリーミング会社「Event Stream Team」の場合」　Blackmagic Designによると、ライブストリーミングの会社であるEvent Stream TeamがBlackmagic Designのワークフローを採用したライブストリーミングキットを使い、新たなサービス群を構築したという。Event Stream Teamは、120以上のアクティブなクライアントを抱えており、多様なクライアントのニーズに応えるために、最近複数のBlackmagic Designの新製品を導入した。

Modelowanie domeny z użyciem Event Sourcingu wymaga wzięcia pod uwagę kilku czynników. Jednym z nich jest liczba zdarzeń, jaka będzie związana z modelowanym obiektem. Wraz z Oskarem Dudyczem, Developer Advocate w EventStore, rozmawiamy w tym odcinku o temporal modelingu, czyli modelowaniu obiektów w odniesieniu do upływającego czasu, kontroli długości strumieni zdarzeń i powiązanych problemach. Wszystko oczywiście w kontekście Event Sourcingu.

Concept of the week: Event Stream abstractions and Pravega: 15:15Demo of the week: Event Stream abstractions and Pravega: 1:11:00PR of the week: Pravega presto-connector PR 49: 1:20:51Question of the week: What is the point of Trino Forum and what is the relationship to Trino Slack?: 1:26:07Show Notes: https://trino.io/episodes/28.htmlShow Page: https://trino.io/broadcast/

Heute sind wir mal auf den Hype-Train aufgesprungen und habe ein unboxing Video aufgenommen: wir kommentieren das aktuelle Apple Event auf der das neue iPhone vorgestellt wird! Es ist ein sehr langer Podcast und irgendwie stellt sich das Gefühl ein, dass immer wieder dasselbe passiert... Wer durchhält wird mit einem Teaser belohnt ;)

Liran Tal joins the Jabber to talk about how to secure your applications and how to check for security vulnerabilities in your application and its dependencies and infrastructure. Liran explains how to check your supply chain and your own code to make sure you're not leaving things open to malicious actors. Panel AJ O'Neal Charles Max Wood Dan Shappir Steve Edwards Guest Liran Tal  Sponsors DigitalOcean  Raygun | Click here to get started on your free 14-day trial Dev Influencers Accelerator Links 5 ways to prevent code injection in JavaScript and Node.js Command injection: how it works, what are the risks, and how to prevent it JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne | Devchat.tv DevOps 062: Behind the SolarWinds breach | Devchat.tv DevOps 064: Software Dependencies: Do you Know What’s Lurking in your Software? | Devchat.tv PortSwigger Essential Node.js Security for Express Web Applications Snyk Code Twitter: Liran Tal | React and Node.js Security ( @liran_tal ) Picks AJ- Twitter: _MG_ ( @_MG_ ) AJ-  In Order to Live AJ- Live Stream Node.js Auth Project Charles- Who Now How Charles- As a Man Thinketh Charles- Psycho-Cybernetics Charles- Monday.com Charles- Discourse Dan- JSJ 442: Breaking Into Tech with Danny Thompson | Devchat.tv Dan- JSJ 439: More Jabber About Less JavaScript with Alex Russell | Devchat.tv Dan- How I Learned to Code and Started Freelancing Full-Time in 8 Months Dan- The Mobile Performance Inequality Gap, 2021 Liran-  Working out Liran- Cult of the Dead Cow Liran- Darknet Diaries Steve- GitHub | kutia-software-company/vue3-starter Contact AJ: AJ ONeal CoolAJ86 on GIT Beyond Code Bootcamp Beyond Code Bootcamp | GitHub Follow Beyond Code Bootcamp | Facebook Twitter: Beyond Code Bootcamp ( @_beyondcode ) Contact Charles: Devchat.tv DevChat.tv | Facebook Twitter: DevChat.tv ( @devchattv ) Contact Dan: GitHub: Dan Shappir ( DanShappir ) LinkedIn: Dan Shappir Twitter: Dan Shappir ( @DanShappir ) Contact Steve: Twitter: Steve Edwards ( @wonder95 ) GitHub: Steve Edwards ( wonder95 ) LinkedIn: Steve Edwards

Liran Tal joins the Jabber to talk about how to secure your applications and how to check for security vulnerabilities in your application and its dependencies and infrastructure. Liran explains how to check your supply chain and your own code to make sure you're not leaving things open to malicious actors. Panel AJ O'Neal Charles Max Wood Dan Shappir Steve Edwards Guest Liran Tal  Sponsors DigitalOcean  Raygun | Click here to get started on your free 14-day trial Dev Influencers Accelerator Links 5 ways to prevent code injection in JavaScript and Node.js Command injection: how it works, what are the risks, and how to prevent it JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne | Devchat.tv DevOps 062: Behind the SolarWinds breach | Devchat.tv DevOps 064: Software Dependencies: Do you Know What’s Lurking in your Software? | Devchat.tv PortSwigger Essential Node.js Security for Express Web Applications Snyk Code Twitter: Liran Tal | React and Node.js Security ( @liran_tal ) Picks AJ- Twitter: _MG_ ( @_MG_ ) AJ-  In Order to Live AJ- Live Stream Node.js Auth Project Charles- Who Now How Charles- As a Man Thinketh Charles- Psycho-Cybernetics Charles- Monday.com Charles- Discourse Dan- JSJ 442: Breaking Into Tech with Danny Thompson | Devchat.tv Dan- JSJ 439: More Jabber About Less JavaScript with Alex Russell | Devchat.tv Dan- How I Learned to Code and Started Freelancing Full-Time in 8 Months Dan- The Mobile Performance Inequality Gap, 2021 Liran-  Working out Liran- Cult of the Dead Cow Liran- Darknet Diaries Steve- GitHub | kutia-software-company/vue3-starter Contact AJ: AJ ONeal CoolAJ86 on GIT Beyond Code Bootcamp Beyond Code Bootcamp | GitHub Follow Beyond Code Bootcamp | Facebook Twitter: Beyond Code Bootcamp ( @_beyondcode ) Contact Charles: Devchat.tv DevChat.tv | Facebook Twitter: DevChat.tv ( @devchattv ) Contact Dan: GitHub: Dan Shappir ( DanShappir ) LinkedIn: Dan Shappir Twitter: Dan Shappir ( @DanShappir ) Contact Steve: Twitter: Steve Edwards ( @wonder95 ) GitHub: Steve Edwards ( wonder95 ) LinkedIn: Steve Edwards

Liran Tal joins the Jabber to talk about how to secure your applications and how to check for security vulnerabilities in your application and its dependencies and infrastructure. Liran explains how to check your supply chain and your own code to make sure you're not leaving things open to malicious actors. Panel AJ O'Neal Charles Max Wood Dan Shappir Steve Edwards Guest Liran Tal  Sponsors DigitalOcean  Raygun | Click here to get started on your free 14-day trial Dev Influencers Accelerator Links 5 ways to prevent code injection in JavaScript and Node.js Command injection: how it works, what are the risks, and how to prevent it JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne | Devchat.tv DevOps 062: Behind the SolarWinds breach | Devchat.tv DevOps 064: Software Dependencies: Do you Know What’s Lurking in your Software? | Devchat.tv PortSwigger Essential Node.js Security for Express Web Applications Snyk Code Twitter: Liran Tal | React and Node.js Security ( @liran_tal ) Picks AJ- Twitter: _MG_ ( @_MG_ ) AJ-  In Order to Live AJ- Live Stream Node.js Auth Project Charles- Who Now How Charles- As a Man Thinketh Charles- Psycho-Cybernetics Charles- Monday.com Charles- Discourse Dan- JSJ 442: Breaking Into Tech with Danny Thompson | Devchat.tv Dan- JSJ 439: More Jabber About Less JavaScript with Alex Russell | Devchat.tv Dan- How I Learned to Code and Started Freelancing Full-Time in 8 Months Dan- The Mobile Performance Inequality Gap, 2021 Liran-  Working out Liran- Cult of the Dead Cow Liran- Darknet Diaries Steve- GitHub | kutia-software-company/vue3-starter Contact AJ: AJ ONeal CoolAJ86 on GIT Beyond Code Bootcamp Beyond Code Bootcamp | GitHub Follow Beyond Code Bootcamp | Facebook Twitter: Beyond Code Bootcamp ( @_beyondcode ) Contact Charles: Devchat.tv DevChat.tv | Facebook Twitter: DevChat.tv ( @devchattv ) Contact Dan: GitHub: Dan Shappir ( DanShappir ) LinkedIn: Dan Shappir Twitter: Dan Shappir ( @DanShappir ) Contact Steve: Twitter: Steve Edwards ( @wonder95 ) GitHub: Steve Edwards ( wonder95 ) LinkedIn: Steve Edwards

Nesse episódio especial, entrevistamos um dos criadores do projeto Strimzi (Apache Kafka no Kubernetes) Jakub Scholz para nos contar um pouco da história do operador Strimzi.Alguns dos pontos que foram discutidos nessa entrevista:* Apache Kafka no Kubernetes* Operador Strimzi e suas Características* Cenários e Utilização* Apache Kafka e Microsserviços* Tipos de Deployment do Apache Kafka* Benefícios da Remoção do Apache Zookeeper* Novos Recursos no Strimzi * Dicas e RecomendaçõesAlém disso, falamos do grande movimento das empresas para a adoção do Kubernetes para aplicações que guardam estado, e como o Strimzi pode facilitar o deployment do Apache Kafka para que sua jornada seja mais leve e divertida. Luan Moreno = https://www.linkedin.com/in/luanmoreno/

Aalyah - Try Again Mary J Blige - Family Affair Fat Joe - What's Luv? Eve - Let me blow ya mind Missy elliot ft ludacris One minute man Eve - Who's That Girl Jennifer Lopez Ft Fabolous - Get Right Eve - Got what you need Beyonce Ft Jay-Z - Crazy In Love DJ Khaled Ft Rihanna And Bryson Tiller - Wild Thoughts Nicky Jam Ft J Balvin - X (Refresh Club Edit) Nio Garcia Ft Darell, Casper Magico, Bad Bunny, Nicky Jam And Ozuna - Te Bote (Rmx) Anitta - Loco Wiley Ft Stefflon Don,  Sean Paul And Idris Elba - Boasty QLM Jolem Sanchez Ft Babe - La Maca Rena Puri Ft Jason Derulo - Shatta Cono (Vonji Edit) Corona - Rhythm of the Night (Stavros Martina & Kevin D Rmx) Beenie Man & Ms. Thing - Dude (Alex Dynamix Edit) P Diddy Ft Loon, Ginuwine And Mario Winans - I Need a Girl Part 2 (Rmx) Foxy Brown ft. Blackstreet - Get Me Home - Tomcio & Bonxo Remix Will Smith - Miami (Merco Bootleg) Young T Ft Bugsey And Headie One - Don't Rush J Balvin - Mi Gente (DJ Farock Afro Transition 105-128 Bpm) Panjabi MC - Mundian To Bach Ke (Bader Afro Flip) Bader - E Samba Enur - Calabria (Anthem Kingz Que Calor Bootleg) KD One - Hay Que Bueno (Pedro Cabrera Calabria Bootleg) ETC!ETC! Ft Desamor - PUTC Eduardo Luzquiños Ft Menol Cotize And Matt Lasong - Baila Conmigo El Dembow Redeem - Purrida Topo La Maskara Ft MC Fioti - Da Phonk (Transition 126 - 104 Bpm) Enrique Iglesias Ft Pitbull - Move To Miami Mc Kevinho - O Grave Bater (Make & Take Rmx) Ozuna - Baila Baila Drake x Latin - One Dance (Valeuu Latino Edit) French Montana Ft Swae Lee - Unforgettable Nickelbass - Papi Chulo (2k18 Riddem Edit) Benny Blanco Ft Tainy, Selena Gomez And J Balvin - I Can't Get Enough DJ Snake Ft Anitta And Sean Paul - Fuego Scott Storch Ft Ozuna And Tyga - Fuego Del Calor DJ Snake Ft Selena Gomez, Ozuna And Cardi B - Taki Taki DJ Snake Ft J Balvin And Tyga - Loco Contigo Fat Joe Ft Mase And Lil Jon - Lean Back (DJ Juize Moombahton Rmx) Black Eyed Peas Ft Ozuna And J Rey Soul - Mamacita (FunkyJ & Attractiv Rmx) Shaggy - Sexy Lady - Kevin D & Stavros Martina Remix

J Balvin - Tu Veneno Major Lazer Ft Guaynaa - Diplomatico J Balvin - Blanco J Balvin Ft Bad Bunny And Mr Eazi - Como Un Bebe Sergio Mendes - Mas Que Nada Scott Storch Ft Ozuna And Tyga - Fuego Del Calor Daddy Yankee Ft Sech - Definitivamente (DJ Peligro & DJ Zero Rmx) Nick William - Baila Conmigo (Madrik Rmx) Ozuna Ft P Diddy And Dj Snake - Eres Top Don Omar - Pobre Diabla (Jm Castillo & Jesús Fernández Rmx) Bad Bunny - Callaita (iRony Club Edit) Bad Bunny Ft Ozuna, Nio Garcia And Nicky Jam - Te Bote (Midrk & Greg Rmx) Daddy Yankee Ft Snow - Con Calma (IGORITO Hype Edit) Don Omar - Bandolero (DJ Peligro Rmx) Drake - In My Feelings (Ash, Dopeman & Afro Bros Rmx) Corona - Rhythm of the Night (Stavros Martina & Kevin D Rmx) The Black Eyed Peas Ft J Balvin - Ritmo (Bad Boys For Life) Eva Simons Ft Konshens - Policeman (Fdb Acap In Edit) Aaliyah - Try Again (D'Maduro Rmx) Kelis vs Wiley Ft Stefflon Don -  Milkshake To Boasty (JD Live Blend) Wiley Ft Stefflon Don,  Sean Paul And Idris Elba - Boasty Los Del Rio - Macarena (Stavros Martina & Kevin D Rmx) Tom Thomson x Boavista - Chikita Major Lazer - Bumaye Becky G Ft Burna Boy - Rotate Sean Paul Ft Busy Signal - Boom Charly Black - Gyal You A Party Animal (DJames Style A Style Riddim Edit) Nicky Jam Ft Anuel AA - Whine Up (Dj Cruz Edit) Make Ft Take - Dale x Candy Shop x Whorth It (2fingz Bootleg) Ozuna - Baila Baila Baila (Nick William Rmx) ASH Ft Jimmy Gassel - Bella Ciao (Dj Sayze Edit) Nicky Jam Ft J Balvin - X (IGORITO & DJ Sino Velasco 18 Plus Intro) Karol G And Nicki Minaj - Tusa Daddy Yankee - Problema J Balvin - Amarillo (Extended Hype In by Marinx) J Balvin - Reggaeton Bizzey Ft Kevin And Spanker - Insta Dimitri Vegas Ft Like Mike, David Guetta, Daddy Yankee, Afro Bros And Natti Natasha - Instagram Afro Bros Ft Steve Andreas - The Feeling Daddy Yankee Ft Anuel AA, Kendo Kaponi And Sisqo - Don Don (Acap In by Jekey & Marinx) (Bruno Torres & Marinx Edit) Eve - Let Me Blow Ya Mind (Moombahton Rmx) BSSMNT - Tu Vas Danser (DJ Marinx Custom Edit) Angosoundz - Miqmore (Puteuh) (Davy D Moombahton Recut) DeeWunn Ft Marcy Chin - Mek It Bunx Up Koonshens Ft J Capri - Pull Up To Mi Bumper (Hype Romano Edit)

Charles is joined by Caleb Fornari and Jeffrey Groman as we discuss the challenges of public versus private package managers and the security implications of using public repositories. Panel Caleb Fornari Charles Max Wood Jeffrey Groman Sponsors Dev Heroes Accelerator Links Adventures in DevOps - Devchat.tv Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies Devchat.tv | JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months GitHub | The Node Security Platform Picks Caleb- Have a plan to mitigate damage if someone is able to get inside your network. Don’t just secure the public side of your technical infrastructure, make sure your internal security as just as strong as your external security. Charles- Dev Heroes Accelerator | Devchat.tv Charles- The Umbrella Academy | Netflix Charles- Personal Retreat Jeffrey- Asset management: Know and document where all of your digital assets reside. Whether servers, VMs, EC2 instances, and all of your structured and unstructured data. Jeffrey- You can’t secure what you don’t know about  

Charles is joined by Caleb Fornari and Jeffrey Groman as we discuss the challenges of public versus private package managers and the security implications of using public repositories. Panel Caleb Fornari Charles Max Wood Jeffrey Groman Sponsors Dev Heroes Accelerator Links Adventures in DevOps - Devchat.tv Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies Devchat.tv | JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months GitHub | The Node Security Platform Picks Caleb- Have a plan to mitigate damage if someone is able to get inside your network. Don’t just secure the public side of your technical infrastructure, make sure your internal security as just as strong as your external security. Charles- Dev Heroes Accelerator | Devchat.tv Charles- The Umbrella Academy | Netflix Charles- Personal Retreat Jeffrey- Asset management: Know and document where all of your digital assets reside. Whether servers, VMs, EC2 instances, and all of your structured and unstructured data. Jeffrey- You can’t secure what you don’t know about  

Panelists Allen "Gunner" Gunn | Eric Berry | Justin Dorfman | Richard Littauer Guest Dominic Tarr Show Notes Hello and welcome to Sustain! Our special guest today is Dominic Tarr, an open source sailor hacker person, calling from his boat in New Zealand. He’s been instrumental in the early JavaScript scene. Dominic tells us how he got into open source, coding, and how he got involved in JavaScript and Event Stream. We will also learn what Dominic is doing now and how does he envision open source going forward. How does Dominic fund his life living on a boat? Download this episode now to find out! [00:01:35] Dominic tells us how he got into open source, how he got into coding, how he ended up where he is today, and how he got involved in JavaScript. [00:06:45] Richard informs us that Dominic was in a group of influential people in Node JS who made a bunch of modules, one of them being Event Stream, which is Dominic’s. He also tells how many modules he’s written for NPM. Dominic also talks about how he initially dealt with the “fixing the bug” issues, since he was making these modules in his spare time and coding for fun. [00:10:00] Justin wants to know how Dominic got 700 modules and how did he manage it for as long as he did. [00:12:02] Richard wonders what Dominic is doing now and how does he envision open source or JavaScript going forward if it’s not fun to work on. [00:14:07] Eric wants to know if Dominic has any reflections or thoughts around the shift in the overall view of NPM over the years. [00:20:19] Richard wonders how Dominic’s funds his life because he lives on a boat. [00:24:55] Where can you find Dominic on the internet? Find out here. Spotlight [00:25:16] Eric’s spotlight is called Mind Stream. [00:25:47] Justin’s spotlight is EthGasStatio.info. [00:26:15] Gunner’s spotlight is signal desktop. [00:26:48] Richard’s spotlights are Scuttlebutt and Patchwork. [00:27:11] Dominic’s spotlight is the Project Gemini. Quotes [00:11:13] “We had this one SquatConf where we just had our own conference, and we kind of timed it with some other, like more boring conference that would fly people in and then we would be like, okay, now we’re all in this place and let’s just have our own thing.” [00:14:17] “So, for a long time, I guess before it became a corporation, I believe incorporated, before that it was very much open to everybody contribute and then it became a business, which obviously there’s good reason for it to become a business.” [00:23:13] “I’m not a terribly big fan of schemes to pay open source developers, especially the ones that are like based on some kind of charity thing. Either they’re like straight forward charity things like Gratipay, then you never got very much money or you have strings attached or something.” Links Dominic Tarr Twitter (https://twitter.com/dominictarr?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) NPM (https://www.npmjs.com/) Mindstream (https://www.mindstreaminteractive.com/) EthGasStation (https://ethgasstation.info/) Signal (https://signal.org/en/) Scuttlebutt (https://scuttlebutt.nz/) Patchwork (https://www.electronjs.org/apps/patchwork) Project Gemini (https://gemini.circumlunar.space/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Dominic Tarr.

Welcome to the first EVER episode of The Hubcast, hosted by My PT Hub's Head of Support Ryan Hallett! In the first episode, Ryan interviews Joe Mitton, Founder and Owner of MittFit, a UK-based personal training and online fitness company.MittFit specialises in Group training and runs challenges throughout the year for their clients across the globe, such as the highly successful 28-Day Online Challenge!Back in March 2020 when the Covid-19 Pandemic sent people into lockdown practically overnight, Joe Mitton quickly adapted his business to make sure MittFit could still serve its clients and help people get results. MittFit uses My PT Hub to train clients virtually through the Event Stream feature, setting up super successful virtual group training sessions, which they are now going to continue running even when life is fully back to 'normal'!

Jazz Central Studios in Minneapolis is helping Fans and Players experience live music with a three-day streaming event. It is called Stream Fest, and held Friday through Sunday June 26 through 28. When Mac Santiago of Jazz Central Studios sat down with Phil Nusbaum, Mac addressed why Stream Fest was created.

SAS’s vision of transforming ‘a world of data into a world of intelligence’ seems more relevant than ever with the incredible and seemingly endless amount of data we are producing with the Internet of Things. For those who aren’t familiar with SAS, they are one of the largest software companies today, providing a suite of analytics solutions, of which 92% if the Fortune 100 companies use to help access, manage, analyze and report on data to aid in decision-making. This week on the Mr. Beacon Podcast, we are working from home with Saurabh Mishra, who heads up Product Management at SAS for their Internet of Things offerings. In this episode, we talk all things SAS: their company culture, what offerings drive their business, the evolution that brought about the Internet of Things division, and the real life use cases they are solving today in transportation, manufacturing, retail, and supply chain. See acast.com/privacy for privacy and opt-out information.

Guest Paige Niedringhaus has been a developer full time for 3 years, and today she is here to talk about Node 12. One of the things she is most excited about is the ES6 support that is now available, so things that used to require React, Angular, or Vue can now be done in Node. The require function will not have to be used in Node 12. AJ is worried about some of these changes and expresses his concerns. Paige assures him that in the beginning you won’t have to switch things to imports. You may have to change file extensions/types so Node can pick up what it’s supposed to be using. They are also trying to make it compatible with CommonJS. Node 12 also boasts an improved startup time. The panel discusses what specifically this means. They talk about the code cache and how Node caches the built in libraries that it comes prepackaged with. The V8 engine is also getting many performance enhancements.  Paige talks about the shift from promises to async. In Node 12, async functions will actually be faster than promises. They discuss some of the difficulties they’ve had in the past with Async08, and especially callbacks.  Another feature of Node 12 is better security. The transcripted security layer (TLS), which is how Node handles encrypted strains of communication, is upgrading to 1.3. The protocol is simpler to implement, quicker to negotiate sessions between the applications, provides increased end user privacy, and reduces request time. Overall, this means less latency for everybody. 1.3 also gets rid of the edge cases that caused TLS to be way far slower than it needed to be.  The conversation turns to properly configuring default heap limits to prevent an ‘out of memory’ error. Configuring heap limits is something necessary when constructing an incredibly large object or array of objects. Node 12 also offers formatted diagnostic summaries, which can include information on total memory, used memory, memory limits, and environment lags. It can report on uncaught exceptions and fatal errors. Overall, Node 12 is trying to help with the debugging process. They talk about the different parsers available and how issues with key pairing in Node have been solved.  Paige talks about using worker threads in Node 12. Worker threads are really beneficial for CPU intensive JavaScript operations. Worker threads are there for those things that eat up all of your memory, they can alleviate the load and keep your program running efficiently while doing their own operations on the sideline, and returning to the main thread once they’ve finished their job. None of the panelists have really used worker threads, so they discuss why that is and how they might use Worker Threads in Node 12.  In addition, Node 12 is making Native module creation and support easier, as well as all the different binaries a node developer would want to support. Paige makes it a point to mention the new compiler and minimum platform standards. They are as follows: GCC minimum 6 GLIVC minimum 2.17 on platforms other than Mac and Windows (Linux) Mac users need at least 8 and Mac OS 10.10 If you’ve been running node 11 builds in Windows, you’re up to speed Linux binaries supported are Enterprise Linux 7, Debian 8, and Ubuntu 14.04 If you have different requirements, go to the Node website Panelists J.C. Hyatt Steve Edwards AJ O’Neal With special guest: Paige Niedringhaus Sponsors Tidelift Sentry use the code “devchat” for 2 months free on Sentry’s small plan Sustain Our Software Links Async CommonJS njs Promise Node Event Stream llhttp llparse LLVM Papa Parse Json.stringify  Json.parse Optimizing Web Performance TLS 1.3 Overlocking SSL Generate Keypair Follow DevChatTV on Facebook and Twitter Picks J.C. Hyatt: AWS Amplify framework 12 Rules for Life: An Antidote to Chaos by Jordan Petersen React and Gatsby workshops Steve Edwards: The Farside comic coming back? AJ O’Neal: Field of Hopes and Strings Link’s Awakening Dune Paige Niedringhaus: DeLonghi Magnifica XS Automatic Espresso Machine, Cappuccino Maker CONNECT.TECH Conference Follow Paige on Twitter, Medium, and Github

Guest Paige Niedringhaus has been a developer full time for 3 years, and today she is here to talk about Node 12. One of the things she is most excited about is the ES6 support that is now available, so things that used to require React, Angular, or Vue can now be done in Node. The require function will not have to be used in Node 12. AJ is worried about some of these changes and expresses his concerns. Paige assures him that in the beginning you won’t have to switch things to imports. You may have to change file extensions/types so Node can pick up what it’s supposed to be using. They are also trying to make it compatible with CommonJS. Node 12 also boasts an improved startup time. The panel discusses what specifically this means. They talk about the code cache and how Node caches the built in libraries that it comes prepackaged with. The V8 engine is also getting many performance enhancements.  Paige talks about the shift from promises to async. In Node 12, async functions will actually be faster than promises. They discuss some of the difficulties they’ve had in the past with Async08, and especially callbacks.  Another feature of Node 12 is better security. The transcripted security layer (TLS), which is how Node handles encrypted strains of communication, is upgrading to 1.3. The protocol is simpler to implement, quicker to negotiate sessions between the applications, provides increased end user privacy, and reduces request time. Overall, this means less latency for everybody. 1.3 also gets rid of the edge cases that caused TLS to be way far slower than it needed to be.  The conversation turns to properly configuring default heap limits to prevent an ‘out of memory’ error. Configuring heap limits is something necessary when constructing an incredibly large object or array of objects. Node 12 also offers formatted diagnostic summaries, which can include information on total memory, used memory, memory limits, and environment lags. It can report on uncaught exceptions and fatal errors. Overall, Node 12 is trying to help with the debugging process. They talk about the different parsers available and how issues with key pairing in Node have been solved.  Paige talks about using worker threads in Node 12. Worker threads are really beneficial for CPU intensive JavaScript operations. Worker threads are there for those things that eat up all of your memory, they can alleviate the load and keep your program running efficiently while doing their own operations on the sideline, and returning to the main thread once they’ve finished their job. None of the panelists have really used worker threads, so they discuss why that is and how they might use Worker Threads in Node 12.  In addition, Node 12 is making Native module creation and support easier, as well as all the different binaries a node developer would want to support. Paige makes it a point to mention the new compiler and minimum platform standards. They are as follows: GCC minimum 6 GLIVC minimum 2.17 on platforms other than Mac and Windows (Linux) Mac users need at least 8 and Mac OS 10.10 If you’ve been running node 11 builds in Windows, you’re up to speed Linux binaries supported are Enterprise Linux 7, Debian 8, and Ubuntu 14.04 If you have different requirements, go to the Node website Panelists J.C. Hyatt Steve Edwards AJ O’Neal With special guest: Paige Niedringhaus Sponsors Tidelift Sentry use the code “devchat” for 2 months free on Sentry’s small plan Sustain Our Software Links Async CommonJS njs Promise Node Event Stream llhttp llparse LLVM Papa Parse Json.stringify  Json.parse Optimizing Web Performance TLS 1.3 Overlocking SSL Generate Keypair Follow DevChatTV on Facebook and Twitter Picks J.C. Hyatt: AWS Amplify framework 12 Rules for Life: An Antidote to Chaos by Jordan Petersen React and Gatsby workshops Steve Edwards: The Farside comic coming back? AJ O’Neal: Field of Hopes and Strings Link’s Awakening Dune Paige Niedringhaus: DeLonghi Magnifica XS Automatic Espresso Machine, Cappuccino Maker CONNECT.TECH Conference Follow Paige on Twitter, Medium, and Github

Guest Paige Niedringhaus has been a developer full time for 3 years, and today she is here to talk about Node 12. One of the things she is most excited about is the ES6 support that is now available, so things that used to require React, Angular, or Vue can now be done in Node. The require function will not have to be used in Node 12. AJ is worried about some of these changes and expresses his concerns. Paige assures him that in the beginning you won’t have to switch things to imports. You may have to change file extensions/types so Node can pick up what it’s supposed to be using. They are also trying to make it compatible with CommonJS. Node 12 also boasts an improved startup time. The panel discusses what specifically this means. They talk about the code cache and how Node caches the built in libraries that it comes prepackaged with. The V8 engine is also getting many performance enhancements.  Paige talks about the shift from promises to async. In Node 12, async functions will actually be faster than promises. They discuss some of the difficulties they’ve had in the past with Async08, and especially callbacks.  Another feature of Node 12 is better security. The transcripted security layer (TLS), which is how Node handles encrypted strains of communication, is upgrading to 1.3. The protocol is simpler to implement, quicker to negotiate sessions between the applications, provides increased end user privacy, and reduces request time. Overall, this means less latency for everybody. 1.3 also gets rid of the edge cases that caused TLS to be way far slower than it needed to be.  The conversation turns to properly configuring default heap limits to prevent an ‘out of memory’ error. Configuring heap limits is something necessary when constructing an incredibly large object or array of objects. Node 12 also offers formatted diagnostic summaries, which can include information on total memory, used memory, memory limits, and environment lags. It can report on uncaught exceptions and fatal errors. Overall, Node 12 is trying to help with the debugging process. They talk about the different parsers available and how issues with key pairing in Node have been solved.  Paige talks about using worker threads in Node 12. Worker threads are really beneficial for CPU intensive JavaScript operations. Worker threads are there for those things that eat up all of your memory, they can alleviate the load and keep your program running efficiently while doing their own operations on the sideline, and returning to the main thread once they’ve finished their job. None of the panelists have really used worker threads, so they discuss why that is and how they might use Worker Threads in Node 12.  In addition, Node 12 is making Native module creation and support easier, as well as all the different binaries a node developer would want to support. Paige makes it a point to mention the new compiler and minimum platform standards. They are as follows: GCC minimum 6 GLIVC minimum 2.17 on platforms other than Mac and Windows (Linux) Mac users need at least 8 and Mac OS 10.10 If you’ve been running node 11 builds in Windows, you’re up to speed Linux binaries supported are Enterprise Linux 7, Debian 8, and Ubuntu 14.04 If you have different requirements, go to the Node website Panelists J.C. Hyatt Steve Edwards AJ O’Neal With special guest: Paige Niedringhaus Sponsors Tidelift Sentry use the code “devchat” for 2 months free on Sentry’s small plan Sustain Our Software Links Async CommonJS njs Promise Node Event Stream llhttp llparse LLVM Papa Parse Json.stringify  Json.parse Optimizing Web Performance TLS 1.3 Overlocking SSL Generate Keypair Follow DevChatTV on Facebook and Twitter Picks J.C. Hyatt: AWS Amplify framework 12 Rules for Life: An Antidote to Chaos by Jordan Petersen React and Gatsby workshops Steve Edwards: The Farside comic coming back? AJ O’Neal: Field of Hopes and Strings Link’s Awakening Dune Paige Niedringhaus: DeLonghi Magnifica XS Automatic Espresso Machine, Cappuccino Maker CONNECT.TECH Conference Follow Paige on Twitter, Medium, and Github

Sponsors Triplebyte Sentry use the code “devchat” for $100 credit Clubhouse CacheFly Panel Aaron Frost AJ O’Neal Chris Ferdinandi Joe Eames Aimee Knight Charles Max Wood Joined by special guests: Hillel Wayne and Richard Feldman Episode Summary In this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users. Links STAMP model in accident investigation Hillel’s Twitter Hillel’s website Richard’s Twitter Stamping on Event-Stream Picks Joe Eames: Stuffed Fables Aimee Knight: SRE book - Google Lululemon leggings DVSR - Band Aaron Frost: JSConf US Chris Ferdinandi: Paws New England Vanilla JS Guides Charles Max Wood: Sony Noise Cancelling Headphones KSL Classifieds Upwork Richard Feldman: Elm in Action Sentinels of the Multiverse Hillel Wayne: Elm in the Spring Practical TLA+ Nina Chicago - Knitting Tomb Trader

Sponsors Triplebyte Sentry use the code “devchat” for $100 credit Clubhouse CacheFly Panel Aaron Frost AJ O’Neal Chris Ferdinandi Joe Eames Aimee Knight Charles Max Wood Joined by special guests: Hillel Wayne and Richard Feldman Episode Summary In this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users. Links STAMP model in accident investigation Hillel’s Twitter Hillel’s website Richard’s Twitter Stamping on Event-Stream Picks Joe Eames: Stuffed Fables Aimee Knight: SRE book - Google Lululemon leggings DVSR - Band Aaron Frost: JSConf US Chris Ferdinandi: Paws New England Vanilla JS Guides Charles Max Wood: Sony Noise Cancelling Headphones KSL Classifieds Upwork Richard Feldman: Elm in Action Sentinels of the Multiverse Hillel Wayne: Elm in the Spring Practical TLA+ Nina Chicago - Knitting Tomb Trader

Sponsors Triplebyte Sentry use the code “devchat” for $100 credit Clubhouse CacheFly Panel Aaron Frost AJ O’Neal Chris Ferdinandi Joe Eames Aimee Knight Charles Max Wood Joined by special guests: Hillel Wayne and Richard Feldman Episode Summary In this episode of JavaScript Jabber, Hillel Wayne kicks off the podcast by giving a short background about his work, explains the concepts of formal methods and the popular npm package - event-stream, in brief. The panelists then dive into the recent event-stream attack and discuss it at length, focusing on different package managers and their vulnerabilities, as well as the security issues associated with them. They debate on whether paying open source developers for their work, thereby leading to an increase in contribution, would eventually help in improving security or not. They finally talk about what can be done to fix certain dependencies and susceptibilities to prevent further attacks and if there are any solutions that can make things both convenient and secure for users. Links STAMP model in accident investigation Hillel’s Twitter Hillel’s website Richard’s Twitter Stamping on Event-Stream Picks Joe Eames: Stuffed Fables Aimee Knight: SRE book - Google Lululemon leggings DVSR - Band Aaron Frost: JSConf US Chris Ferdinandi: Paws New England Vanilla JS Guides Charles Max Wood: Sony Noise Cancelling Headphones KSL Classifieds Upwork Richard Feldman: Elm in Action Sentinels of the Multiverse Hillel Wayne: Elm in the Spring Practical TLA+ Nina Chicago - Knitting Tomb Trader

Sponsors Sentry use the code “devchat” for $100 credit Triplebyte CacheFly Panel Josh Adams Mark Ericksen Charles Max Wood Joined by special guest: Chris Keathley Episode Summary In this episode of Elixir Mix, Chris Keathley introduces himself briefly and starts with talking about his work at Bleacher Report - a company specializing in sports culture - with respect to handling web traffic during major sports events and the implications of moving from Rails to Elixir as a backend system. He briefly touches on scaling issues, performance and the services they are running on their website. He then describes his Elixir journey until now and certain new areas he is working with, such as property based testing and distributed systems. He talks about maintaining the Wallaby library which is developed by him, mentions existing and upcoming exciting things in Elixir, and explains a few features of the Distillery and Vapor libraries. He also gives advice to people that are starting to work with Elixir on what must be learnt and more, and discusses certain projects and topics he wants to pursue and build knowledge in, in the near future. Links Functional Web Development with Elixir, OTP, and Phoenix: Rethink the Modern Web App Lance Halvorsen Bleacher Report Wallaby Distillery Vapor Elixir Outlaws Lonestar ElixirConf – Chris Keathley ElixirConf EU Benefits of Elixir: How Elixir helped Bleacher Report handle 8x more traffic Picks Josh Adams: Axe - tool GraphQL – Zero to Awesome Mark Ericksen: Bash command “cd -” to go back to the last working directory Charles Max Wood: Zapier Canon EOS M6 Camera Rode Microphone Chris Keathley: Moka Express Coffee Maker Picross S2 Stamping on Event-Stream

Sponsors Sentry use the code “devchat” for $100 credit Triplebyte CacheFly Panel Josh Adams Mark Ericksen Charles Max Wood Joined by special guest: Chris Keathley Episode Summary In this episode of Elixir Mix, Chris Keathley introduces himself briefly and starts with talking about his work at Bleacher Report - a company specializing in sports culture - with respect to handling web traffic during major sports events and the implications of moving from Rails to Elixir as a backend system. He briefly touches on scaling issues, performance and the services they are running on their website. He then describes his Elixir journey until now and certain new areas he is working with, such as property based testing and distributed systems. He talks about maintaining the Wallaby library which is developed by him, mentions existing and upcoming exciting things in Elixir, and explains a few features of the Distillery and Vapor libraries. He also gives advice to people that are starting to work with Elixir on what must be learnt and more, and discusses certain projects and topics he wants to pursue and build knowledge in, in the near future. Links Functional Web Development with Elixir, OTP, and Phoenix: Rethink the Modern Web App Lance Halvorsen Bleacher Report Wallaby Distillery Vapor Elixir Outlaws Lonestar ElixirConf – Chris Keathley ElixirConf EU Benefits of Elixir: How Elixir helped Bleacher Report handle 8x more traffic Picks Josh Adams: Axe - tool GraphQL – Zero to Awesome Mark Ericksen: Bash command “cd -” to go back to the last working directory Charles Max Wood: Zapier Canon EOS M6 Camera Rode Microphone Chris Keathley: Moka Express Coffee Maker Picross S2 Stamping on Event-Stream

Vi har besøk av Jacob Berglund og Jørgen Abrahamsen og har hyggelige og engasjerte samtaler om sikkerhetsbrudd på en populær pakke i NPM, event-stream, en interessant fremgangsmåte for å bøte på manglende cache ved inlining av CSS, et forslag til standarden om valgfritt typesystem og en uenighet rundt hva som er best å navngi felles globalt objekt i JavaScript. Shownotes: https://bartjs.io/tdz-8-event-stream-inline-vs-cache-pluggable-types-globalthis/

Adam Baldwin (@adam_baldwin) Director of Security, npm   https://foundation.nodejs.org/ https://spring.io/understanding/javascript-package-managers   Role in the NodeJS project     Advisory? Active role? Maintain security modules?     Are there any requirements to being a dev?     Are there different roles in the NodeJS environment?     Is there any review of system sensitive packages? (or has that ship sailed…)   Discussion of timeline from NodeJS security team     When were you notified? (or were you notified at all?)     What steps were taken to fix the issue?     Lessons learned?   Official npm security policy: https://www.npmjs.com/policies/security (good stuff!)   Event-stream (initial bug report):   https://github.com/dominictarr/event-stream/issues/116   Only affected bitcoin Wallets from ‘Copay’                     https://nakedsecurity.sophos.com/2018/11/28/javascript-library-used-for-sneak-attack-on-copay-bitcoin-wallet/ “Cue relief, mixed with frustration, for anyone not targeted. Developer Chris Northwood wrote : We’ve wiped our brows as we’ve got away with it, we didn’t have malicious code running on our dev machines, our CI servers, or in prod. This time.” (   https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4 “The damage this could have caused is incredible to think about. The projects that depend on this aren’t trivial either, Microsoft’s original Azure CLI depends on event-stream! Think of the systems that either develop that tool or run that tool. Each one of those potentially had this malicious code installed.”   https://thehackernews.com/2018/11/nodejs-event-stream-module.html “The malicious code detected earlier this week was added to Event-Stream version 3.3.6, published on September 9 via NPM repository, and had since been downloaded by nearly 8 million application programmers.”   https://www.analyticsvidhya.com/blog/2018/07/using-power-deep-learning-cyber-security/   Hacker News (with comments): https://news.ycombinator.com/item?id=18534392   Official npm blog post: https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident https://blog.npmjs.org/post/175824896885/incident-report-npm-inc-operations-incident-of https://resources.whitesourcesoftware.com/blog-whitesource/top-5-open-source-security-vulnerabilities-november-2018   2017 package/user stats: https://www.linux.com/news/event/Nodejs/2016/state-union-npm   According to npmjs.org: over 800,000 packages (854,000 packages, 7 million+ individual versions)   Dependency hell in NodeJS: https://blog.risingstack.com/controlling-node-js-security-risk-npm-dependencies/     “Roughly 76% of Node shops use vulnerable packages, some of which are extremely severe; and open source projects regularly grow stale, neglecting to fix security flaws.”   History of NodeJS security issues:   ESLINT: https://nodesource.com/blog/a-high-level-post-mortem-of-the-eslint-scope-security-incident/ Left-pad: https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/   How to ensure this type of issue doesn’t happen again? (or is that possible, considering the ecosystem?) What can devs, blueteams, or companies that live and die by NodeJS do to increase security, or assist in making NPM Security team’s job easier?   What the responsibility is of consumers of open source?   What can be done to ensure vetting for ‘important’ packages? Can someone manage turnover? (or is that ship sailed?)   Security scanners: https://geekflare.com/nodejs-security-scanner/ https://techbeacon.com/13-tools-checking-security-risk-open-source-dependencies-0   Threat assessment or ‘what could go wrong in the future’?     Bad code     “Trust issues”     Repo corruption     Hijacking packages     Keep up to date on NodeJS security issues: https://nodejs.org/en/security/ https://groups.google.com/forum/#!forum/nodejs-sec   ^ this is great for node, but if you want to stay up to date with security advisories in the ecosystem? npmjs.com/advisories or @npmjs on twitter https://rubysec.com/ -Ruby security group   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.

Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.

Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article. Compromised npm Package: event-stream https://medium.com/intrinsic/compromi... Open Source Developers And Infrastructure Are The New Front Line Of Security https://www.forbes.com/sites/forbestechcouncil/2018/05/11/open-source-developers-and-infrastructure-are-the-new-front-line-of-security/#2ad9e84457c2 Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof https://blog.sonatype.com/open-source-software-is-under-attack-new-event-stream-hack-is-latest-proof