List of videos

User input and string manipulation are central to development, but many engineers and even popular libraries struggle with Unicode. And ECMAScript 5 doesn’t help, with many built-in string manipulation functions offering puzzling results. Security and the need for internationalization both throw these issues into stark relief. This talk highlights the many problems related to Unicode in JavaScript regular expressions, demonstrates how ES6 (aka. ECMAScript 2015) helps solve these issues, and explains how to polyfill in the mean time. You’ll walk away from this presentation knowing how to create Unicode-aware regular expressions in JavaScript with ease. You can read more on Mathias blog: https://mathiasbynens.be/notes/es6-unicode-regex Intro music by @halfbyte

Do you know how JavaScript engines work and why they are so blazingly fast? Learn about the fundamentals like abstract syntax tree, opcodes, and just-in-time compilation. JavaScript code can be almost as fast as native C++ code. How do engines accomplish this? Lets look into optimization techniques including hidden classes, ahead-of-time compilation, and single instruction multiple data computations, which, if applied correctly, will give your code a turbo boost. Understand the inner workings of JavaScript engines and learn by examples how to write faster code. *SpiderMonkey, SquirrelFish (Nitro), Nashorn, and V8 are JavaScript engines for Firefox, Safari, JVM, and Chrome. Intro music by @halfbyte

This talk will focus on the new generation of APIs which make the web a more capable platform for applications. Push Notifications, Offline Storage with Service Workers, and responsive UIs built in Web Components. These are the building blocks of the future. We will also look at the kinds of sites which excel as mobile web apps (backed with actual data!), and make the case for why you should be investing more in your mobile web experience. Intro music by @halfbyte

2015 is when WebRTC broke through. Barely a standard it already has its own conferences, yet is mostly known for it’s ability to do video calling. It is time the web developer community becomes aware of all the powers of WebRTC and a browser-to-browser web that can be faster, more resilient and safer. This talk wants to open minds, through the power of code and demos, showing incredibly useful, fun and even ridiculous use-cases (from WebTorrent to Karaoke to Selfies) cut through the complexity of WebRTC and inspire what could become the democratisation of the web. Intro music by @halfbyte

Burnout saps the joy from creating and leaves the world in shades of grey. What do you do when you realise your work is meaningless and you dread going in every day? As an engineer, you can analyse the system, determine what is missing, and inject some much needed color. Intro music by @halfbyte

The Bauhaus school’s emphasis on the importance of simplicity, the belief that form follows function, and the reconciliation of the fine and applied arts mirrors the development community’s struggles to reconcile code with design. We’ll examine how the ideas of Walter Gropius and other leading minds at the Bauhaus remain relevant nearly a century later, and focus on how these fundamental tenets can guide the way we structure our JavaScript. Intro music by @halfbyte

Does it seem like everyone else knows more than you? Do you see people on stage or organizing events and think, “I could never do what they do”? Have you felt marginalized by the tech industry? Getting involved can be a daunting prospect, especially if you’re from a marginalized group. But there are a few decent and kind communities out there, and getting involved can be highly rewarding. It’s also a lot easier than you think! In this talk, I will discuss how I got involved as a not straight male, how you can do it too, and how we can make our communities better and more welcoming for everyone. Intro music by @halfbyte

Modern JavaScript libraries and frameworks have become the de facto standard in web application development. However, the great strides in innovation have created framework-specific security vulnerabilities that most modern JavaScript security scanners are not programmed to search for. Personal research with intentionally vulnerable applications as well as live production code has shown that many popular scanners do not detect common application vulnerabilities. This talk will discuss some common security pitfalls developers make when working with popular client-side JavaScript frameworks. Intentionally vulnerable applications developed with Backbone.js, Angular.js, Ember.js, and Meteor,js will be attacked and exploited live. Github links to the vulnerable applications used in this presentation will be released after the presentation. Through strengthening the security posture of JavaScript applications, we can take strides towards creating a more secure Internet. Intro music by @halfbyte

In the recent years high-level frameworks have become the de facto standard for writing client-side webapp code. Angular, Polymer, or Dart all provide extremely useful abstractions for building applications, but also indirectly expose rough edges of the web platform which often lead to vulnerabilities (e.g. XSS). In my talk I will provide a security engineer’s perspective on some of the common pitfalls which tend to affect code written using such frameworks based on real examples of bugs in Google apps. I will also explain why security reviews of such apps are often more difficult to conduct than those of “bare metal” JS code, what could be done to fix this, and why framework designers should care about it. Intro music by @halfbyte