Skip to content

Commit

Permalink
fix some unintelligibles in JS Party episode thechangelog#18
Browse files Browse the repository at this point in the history
  • Loading branch information
@neontuna
neontuna committed Oct 8, 2018
1 parent b3fe9af commit f17efc3
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions jsparty/js-party-18.md
View file
Expand Up @@ -52,13 +52,13 @@ I'm glad that the Foundation is talking about China a bit more. I tried to talk

**Mikeal Rogers:** Yeah, which is like -- full stack is just such a weird one, because it's like... If you click back-end and front-end, is that not just full stack? \[laughter\] Yeah, but it's interesting that the full stack metric here actually outpaces the front-end metric.

**Paul Frazee:** What would you think it means \[unintelligible 00:07:33.29\] use Node.js for my front-end?
**Paul Frazee:** What would you think it means if I just say I use Node.js for my front-end?

**Mikeal Rogers:** I like the desktop application, mobile and IoT stuff was on here too, because it makes front-end really mean Javascript front-end. If your front-end is an Electron app, you're gonna click the desktop application box... So that's great.

**Alex Sexton:** \[00:07:55.19\] Mikeal, I know you used to have numbers on downloads, but it still feels like based on what gets downloaded from NPM, that over 50% of all use of NPM is for building front-end tooling, right?

**Mikeal Rogers:** Well, the metrics on downloads from NPM are a little bit harder to contextualize than you would think. What you kind of have to do is that you've gotta look at how much these things are depended on, and basically try to filter out what you would expect the number of just things being pulled in as a dep is from what you might call a edge dependency, like something that somebody directly pulls in and uses. Express is like an edge dependency. People don't add it as a dep in a module that they \[unintelligible 00:08:54.20\] very often. And when they do, that module is probably like a full application.
**Mikeal Rogers:** Well, the metrics on downloads from NPM are a little bit harder to contextualize than you would think. What you kind of have to do is that you've gotta look at how much these things are depended on, and basically try to filter out what you would expect the number of just things being pulled in as a dep is from what you might call a edge dependency, like something that somebody directly pulls in and uses. Express is like an edge dependency. People don't add it as a dep in a module that they push up very often. And when they do, that module is probably like a full application.

Express is a very good indicator of "How many downloads are happening for this particular web thing?" I think Yarn is an edge dependency that is probably an accurate interpretation of people that are probably doing some frontend stuff, that are touching one of those.

Expand All @@ -80,7 +80,7 @@ A good example of this is like -- Request is depended on quite a bit, and it's d

\[00:11:53.07\] You can even use NPM without using the website, but chances are in a three-month period you're going to engage with it if you're a user... Unless you're in China. And there's a bunch of reasons for that, but before we get into that, we also have metrics on the NodeJS.org website, and because it's localized in so many different languages, it gives you a very good indication of the geographic distribution of Node users. It doesn't give you a great indication of how many users, because you can just user Node.js and never ever touch the Node.js website. There's not really a reason to go there. But it gives you a great distribution.

**Alex Sexton:** \[unintelligible 00:12:29.25\] docs are on there.
**Alex Sexton:** Yeah, just docs are on there.

**Mikeal Rogers:** Well, so we did not have metrics on the API documentation until about a month ago... \[laughter\] Yeah, so this is the website minus the API docs, because they're often in their own section. But anyway, because you have that 12% -- because you know that the market share is about 12% and you know that that market share is basically missing from the eight million number, you can go like "Oh, okay... Well, do we know how many independent users are in China?" It turns out that we do, because virtually every Node.js user in China is a part of this forum called cnodejs.org, which is basically like a forum where people are speaking in Chinese, and they're supporting each other, they're answering different tech questions, and a lot of the answers to those tech questions are just in time translations of different module or API documentation... But yeah, it's just a resource that virtually everybody is engaged in, and their metrics really do back that up. They can give us metrics on how many active users that they have, and then we can look at "Is that number 12% of that eight million number?" We've been able to do these correlations for years now, and the NPM number has always just kind of tracked perfectly with what we think the user metrics are.

Expand Down Expand Up @@ -114,7 +114,7 @@ What does the containers number go up to if you take out the build tool only peo

**Alex Sexton:** Yeah... I'm always skeptical of those things, too. I'm old school, jQuery crew, but it was amazing how many logos were the same across Dojo, MooTools and jQuery's websites. It's like, "Oh yeah, IBM uses jQuery. IBM uses Dojo. IBM uses" -- well, IBM never used MooTools... \[laughter\] But I think I pushed at the time for jQuery to remove IBM's logo, because they were very clearly a Dojo shop. They had tons and tons of contributors to Dojo, and their marketing sites used jQuery, so it was like "Oh yeah, IBM uses jQuery", and I really didn't feel like that was fair.

I'm interested \[unintelligible 00:18:02.05\] Labs team, four people at X company use Node, or it's like the API that that company is known for built on Node? Because you could say Stripe uses Node for sure, but we don't have any production services - that I'm at least willing to mention here - that use Node. Does it make sense?
I'm interested does the skunkworks labs team, for people at X company use Node, or it's like the API that that company is known for built on Node? Because you could say Stripe uses Node for sure, but we don't have any production services - that I'm at least willing to mention here - that use Node. Does it make sense?

**Mikeal Rogers:** Yeah. This was something that when I was at the Foundation I had to talk with analysts a lot about. Analysts heard for years about how enterprises are adopting Ruby, and what it always was was like "Somebody is using a test framework somewhere written in Ruby", and it wasn't like they were actually moving off of Java, and it took a while to convince them that "No-no-no, people are building production applications with all of their traffic in these enterprises running through Node", this is not just like a thing in their front-end toolchain, although they do have it in their front-end toolchain somewhere.

Expand All @@ -132,7 +132,7 @@ I know that there's a lot of weird identity politics about "Node.js is back-end,

**Alex Sexton:** You know how to write Bash.

**Mikeal Rogers:** Yeah, you know how to write Bash... There's a lot of great things about Python, but Python never had - and still does not - have a great platform story. They're still pretty \[unintelligible 00:20:54.06\] on Windows, and so is Ruby, and so is -- like, a lot of languages just never really did the work to be a first-class citizen the way that Node did in 2012.
**Mikeal Rogers:** Yeah, you know how to write Bash... There's a lot of great things about Python, but Python never had - and still does not - have a great cross platform story. They're still pretty \[unintelligible 00:20:54.06\] on Windows, and so is Ruby, and so is -- like, a lot of languages just never really did the work to be a first-class citizen the way that Node did in 2012.

**Paul Frazee:** Of course, Windows is trying to change that with their UNIX stuff. I don't know, I haven't tried that - has anybody here tried that?

Expand Down Expand Up @@ -160,15 +160,15 @@ Anyway, I think one thing, Alex, to point out is that this survey definitely pic

**Paul Frazee:** I've been hearing that Mongo has really ironed out a lot of those bugs at this point. I don't know if that's true, I haven't used them, but that's the story they're trying to get out there. It's like "Yeah, we had growing pains", but you know, they made a lot of money, they got to be as big as they are, and then they put in the engineering effort necessary to stop losing data. If that's true, there you go.

**Mikeal Rogers:** The real thing was just like for the longest time - and maybe they've changed this, but even after they added good transactional integrity and they could make those kinds of claims, it wasn't \[unintelligible 00:23:29.18\] default. And as soon as you enabled it -- MongoDB is pretty slow, and one of the reasons why people gravitated towards this for so long was because of these claims that they made about how fast it was.
**Mikeal Rogers:** The real thing was just like for the longest time - and maybe they've changed this, but even after they added good transactional integrity and they could make those kinds of claims, it wasn't enabled by default. And as soon as you enabled it -- MongoDB is pretty slow, and one of the reasons why people gravitated towards this for so long was because of these claims that they made about how fast it was.

Some of them were quite absurd, though... I remember there was a blog post about how MongoDB is faster than Memcached for writes. The reason is because Memcached has a response when you write, and the protocol for MongoDB didn't have a response for write. You just write it to the socket and you're like "I bet it's stored." Basically, what this metric was testing is how fast can you write write messages to a socket.

**Alex Sexton:** \[00:24:13.11\] UDP versus TCP... \[laughter\]

**Paul Frazee:** Yeah, the UDP of databases...

**Alex Sexton:** Stripe had a back-team for a little bit to do work on this, and for the most part \[unintelligible 00:24:25.15\] has a tool called Jepsen, and Jepson tests this type of stuff on databases, and it has a series called "Call me maybe." If you search for "Aphyr Call Me Maybe", there's some really good stuff on how good Mongo is, with what settings... So essentially, in order to make Mongo safe, you have to put it on the absolute most max settings, even though three down is called "Guaranteed Safe", or something... \[laughter\] So you have to go two past Guaranteed Safe to get Guaranteed Safe. But I don't know how much is public or not, so I shouldn't say too much, but Stripe has been on MongoDB for a long time, and because we have a lot of dependencies there, we're slower to upgrade than someone who's using it as a pet project. And I think we've seen a lot of great performance improvements, even on point release updates to Mongo, and that's been encouraging, at least... But every few years we're like, "Should we keep this?"
**Alex Sexton:** Stripe had a back-team for a little bit to do work on this, and for the most part he did this on his own. Kyle Kingsbury, better known as Aphyr, has a tool called Jepsen, and Jepson tests this type of stuff on databases, and it has a series called "Call me maybe." If you search for "Aphyr Call Me Maybe", there's some really good stuff on how good Mongo is, with what settings... So essentially, in order to make Mongo safe, you have to put it on the absolute most max settings, even though three down is called "Guaranteed Safe", or something... \[laughter\] So you have to go two past Guaranteed Safe to get Guaranteed Safe. But I don't know how much is public or not, so I shouldn't say too much, but Stripe has been on MongoDB for a long time, and because we have a lot of dependencies there, we're slower to upgrade than someone who's using it as a pet project. And I think we've seen a lot of great performance improvements, even on point release updates to Mongo, and that's been encouraging, at least... But every few years we're like, "Should we keep this?"

Generally, the benefits it gives are good enough, and we're good enough at keeping it up and we run enough game days to know that when it goes down, we can \[unintelligible 00:25:51.11\] In 3.2 they swapped out the underlying subsystem for something or other, and I think that made a huge difference.

Expand Down Expand Up @@ -204,7 +204,7 @@ It took maybe like six months to get a browser UI on top of Electron, get all th

**Paul Frazee:** No, actually not at the moment. This is an interesting thing, and actually we're really open to hearing from other people about this... Dat and IPFS are really, really similar. They both use the same mental model from BitTorrent, which is this idea that you have crypto addresses, so either like a hash of the content or a public key, and that is now like the basis of your URLs. Then you share some files on this network, and other people that download from you can then rehost for you. So as you have more peers in the network, there are more hosts for a piece of content, so the network sort of automatically scales up to make sure that any files that gets popular, you can find it quickly and nobody has to give away a lot of bandwidth.

So they're so similar that for a while we supported both, but at one point we kind of stopped and said "How do we communicate to users which one they ought to use?", because maybe the biggest difference between them is that IPFS is really narrowly focused - or mainly focused, I'll say - on static pieces of content that are addressed by content hashes. I think they maybe tend to use a SHA-3 (don't quote me on that), and then Dat tends to focus much more on archives of data that change over time... So those are addressed by public use. Now, just saying that probably puts three or four people to sleep, so I don't know how we would say it inside the browser, that's like "Oh yeah, well obviously I wanna use IPFS for this particular case", so we ended up dropping it because we just didn't really understand how we'd be getting a lot of benefit to users other than the fact that you might be able to browse two protocols, and maybe the content that you wanna use is on IPFS and not Dat. So we're relatively happy with it right now \[unintelligible 00:34:16.28\] and we're just gonna keep on -- we'll stay light on our feet; if IPFS end up blowing up, we'll get it in there.
So they're so similar that for a while we supported both, but at one point we kind of stopped and said "How do we communicate to users which one they ought to use?", because maybe the biggest difference between them is that IPFS is really narrowly focused - or mainly focused, I'll say - on static pieces of content that are addressed by content hashes. I think they maybe tend to use a SHA-3 (don't quote me on that), and then Dat tends to focus much more on archives of data that change over time... So those are addressed by public use. Now, just saying that probably puts three or four people to sleep, so I don't know how we would say it inside the browser, that's like "Oh yeah, well obviously I wanna use IPFS for this particular case", so we ended up dropping it because we just didn't really understand how we'd be getting a lot of benefit to users other than the fact that you might be able to browse two protocols, and maybe the content that you wanna use is on IPFS and not Dat. So we're relatively happy with it right now its let us stay really focused and we're just gonna keep on -- we'll stay light on our feet; if IPFS end up blowing up, we'll get it in there.

**Mikeal Rogers:** It's almost like you're just waiting for someone to send a pull request. \[laughter\]

Expand Down Expand Up @@ -238,15 +238,15 @@ So the privacy story is really good, but so is the open source/open architecture

**Alex Sexton:** I see. So the prime thing to know there is that the address is the public key, which means that you can't spoof a different private key... I mean, you could make a totally different website... So how recognizable are -- so if the website is just a public key, what stops me from, say, "Oh, here, go to Paul website" and it's just my website that is an exact copy of yours, but now it's my public key. Is there SSL certs, is there EV? How do we manage the whole identity situations? Ring of trust, that type of stuff.

**Paul Frazee:** That's an interesting question, because we actually could start to get into ring of trust, \[unintelligible 00:40:59.10\] at some point. What we've done at the moment -- first of all, just to answer the very basic of your question... The public keys are 64 characters long; they're \[unintelligible 00:41:10.10\] so you're never gonna be able to look at it and say "Yeah, that's the right address."
**Paul Frazee:** That's an interesting question, because we actually could start to get into ring of trust, or other trust ideas at some point. What we've done at the moment -- first of all, just to answer the very basic of your question... The public keys are 64 characters long; they're hex strings so you're never gonna be able to look at it and say "Yeah, that's the right address."

**Alex Sexton:** Yeah, right.

**Paul Frazee:** I would argue that that's probably usually been the case also for IP addresses, too; similar story - you never would send out --

**Alex Sexton:** Right, which is why DNS is so important, with SSL certs, right?

**Paul Frazee:** Right. So we don't have anything quite like SSL certs yet, because that's a whole big social enterprise to have SSL certs existing... So what we've done is we do have a DNS solution, and it's kind of a hack. Let me think how to describe this well... We make you run an HTTPS server; so if I have BeakerBrowser.com, you have to run an HTTPS server, and then \[unintelligible 00:42:00.00\] you put it a file title "Dat", and this file has the key to the raw URL for the Dat that you wanna have at that address. So what happens is whenever I try to type into my browser "Dat://BeakerBrowser.com", what Beaker will do is it'll contact HTTPS://BeakerBrowser.com and it'll look for that well-known /dat file. If it's there, and if a valid Dat URL comes in with the content of that file, it'll then go ahead and say "Okay, that's the Dat address you're trying to look up."
**Paul Frazee:** Right. So we don't have anything quite like SSL certs yet, because that's a whole big social enterprise to have SSL certs existing... So what we've done is we do have a DNS solution, and it's kind of a hack. Let me think how to describe this well... We make you run an HTTPS server; so if I have BeakerBrowser.com, you have to run an HTTPS server, and then under a .well-known folder you put it a file title "Dat", and this file has the key to the raw URL for the Dat that you wanna have at that address. So what happens is whenever I try to type into my browser "Dat://BeakerBrowser.com", what Beaker will do is it'll contact HTTPS://BeakerBrowser.com and it'll look for that well-known /dat file. If it's there, and if a valid Dat URL comes in with the content of that file, it'll then go ahead and say "Okay, that's the Dat address you're trying to look up."

**Alex Sexton:** So it kind of piggybacks off the centralized system just as a kind of verification system. It makes sense.

Expand Down

0 comments on commit f17efc3

Please sign in to comment.