Hey folks, I'm a super busy guy and you probably are too. You probably have a lot going on with kids going back to school, maybe some new projects at work. You've got open source stuff you're doing or a blog or a podcast or who knows what else, right? But you've got stuff going on and if you've got a lot of stuff going on, it's really hard to do the things that you need to do in order to stay healthy. And one of those things, at least for me, is eating healthy. So when I'm in the middle of a project or I just got off a call with a client or something like that, a lot of times I'm running downstairs, seeing what I can find that's easy to make in a minute or two, and then running back upstairs. And so sometimes that turns out to be popcorn or crackers or something little. Or if not that, then something that at least isn't all that healthy for me to eat. Uh, the other issue I have is that I've been eating keto for my diabetes and it really makes a major difference for me as far as my ability to feel good if I'm eating well versus eating stuff that I shouldn't eat. And so I was looking around to try and find something that would work out for me and I found these Factor meals. Now Factor is great because A, they're healthy. They actually had a keto line that I could get for my stuff and that made a major difference for me because all I had to do was pick it up, put it in the microwave for a couple of minutes and it was done. They're fresh and never frozen. They do send it to you in a cold pack. It's awesome. They also have a gourmet plus option that's cooked by chefs and it's got all the good stuff like broccolini, truffle butter, asparagus, so good. And, uh, you know, you can get lunch, you can get dinner. Uh, they have options that are high calorie, low calorie, um, protein plus meals with 30 grams or more of protein. Anyway, they've got all kinds of options. So you can round that out, you can get snacks like apple cinnamon pancakes or butter and cheddar egg bites, potato, bacon and egg, breakfast skillet. You know, obviously if I'm eating keto, I don't do all of that stuff. They have smoothies, they have shakes, they have juices. Anyway, they've got all kinds of stuff and it is all healthy and like I said, it's never frozen. So anyway, I ate them, I loved them, tasted great. And like I said, you can get them cooked. It says two minutes on the package. I found that it took it about three minutes for mine to cook, but three minutes is fast and easy and then I can get back to writing code. So if you want to go check out Factor, go check it out at factormeals. Head to factormeals.com slash JSJabber50 and use the code JSJabber50 to get 50% off. That's code JSJabber50 at factormeals.com slash JSJabber50 to get 50% off.

Hey folks, I'm a super busy guy and you probably are too. You probably have a lot going on with kids going back to school, maybe some new projects at work. You've got open source stuff you're doing or a blog or a podcast or who knows what else, right? But you've got stuff going on and if you've got a lot of stuff going on, it's really hard to do the things that you need to do in order to stay healthy. And one of those things, at least for me, is eating healthy. So when I'm in the middle of a project, or I just got off a call with a client or something like that. A lot of times I'm running downstairs, seeing what I can find that's easy to make in a minute or two, and then running back upstairs. And so sometimes that turns out to be popcorn or crackers or something little, or if not that, then something that at least isn't all that healthy for me to eat. Uh, the other issue I have is that I've been eating keto for my diabetes and it really makes a major difference for me as far as my ability to feel good if I'm eating well versus eating stuff that I shouldn't eat. And so, um, I was looking around to try and find something that would work out for me and I found these factor meals. Now factor is great because a, they're healthy. They actually had a keto, uh, line that I could get for my stuff. And that made a major difference for me because all I had to do is pick it up, put it in the microwave for a couple of minutes and it was done. Um, they're fresh and never frozen. They do send it to you in a cold pack, it's awesome. They also have a gourmet plus option that's cooked by chefs and it's got all the good stuff like broccolini, truffle butter, asparagus, so good. And you can get lunch, you can get dinner. They have options that are high calorie, low calorie, protein plus meals with 30 grams or more protein. Anyway, they've got all kinds of options. So you can round that out, you can get snacks like apple cinnamon pancakes or butter and cheddar egg bites, potato bacon and egg, breakfast skillet, you know obviously if I'm eating keto I don't do all of that stuff. They have smoothies, they have shakes, they have juices, anyway they've got all kinds of stuff and it is all healthy and like I said it's never frozen. So anyway I ate them, I loved them, tasted great and like I said you can get them cooked. It says two minutes on the package. I found that it took it about three minutes for mine to cook, but three minutes is fast and easy and then I can get back to writing code. So if you want to go check out Factor, go check it out at factormeals, head to factormeals.com slash JSJabber50 and use the code JSJabber50 to get 50% off. That's code JSJabber50 at factormeals.com slash JSJabber50 to get 50% off.

 

CHARLES MAX_WOOD: Hey everybody and welcome to another episode of JavaScript Jabber. This week on our panel, we have Steve Edwards. 

STEVE_EDWARDS: Hello from Portland. 

CHARLES MAX_WOOD: AJ O'Neill. 

AJ_O’NEAL: Yo, yo, yo. Come at you live from Frigid Provo. 

CHARLES MAX_WOOD: I'm Charles Max Wood from devchat.tv. And this week we're going to be talking about some Node stuff. And, uh, AJ, you kind of brought this up with some of the security stuff they're putting into Node. And I thought that might be an interesting place to start. And then we can dive into Node 13, which was released today as we record this. Yeah, it should be interesting just to see, you know, where we end up, I guess, with node and changes and all that stuff. 

AJ_O’NEAL: All right. 

 

This episode is sponsored by Tidelift, the enterprise ready open source software managed for you solution. Tidelift provides commercial support and maintenance for the open source dependencies you use to build your applications backed by the project maintainers save time, reduce risk, and improve code health. The Tidelift subscription is managed open source for application development teams. It covers millions of open source projects across JavaScript, Python, Java, PHP, Ruby,.NET, and more. Your subscription includes security updates from Tidelift security response team that coordinates patches for new breaking security vulnerabilities and alerts immediately through a private channel so your software supply chain is always secure. Tidelift also verifies license information to enable easy policy enforcement and adds intellectual property and demunification to cover creators and users in case something goes wrong. You always have a 100% up-to-date bill of materials for your dependencies to share with your legal team, customers, and partners. Tidelift ensures the software you rely on keeps working as long as you need it to work. Your managed dependencies are actively maintained and we recruit additional maintainers when required. Tidelift helps you choose the best open source packages from the start and then guides you through the updates to stay on the best releases as new issues arise. Take a seat at the table with the creators behind the software you use. Tidelift's participating maintainers earn more income as their software is used by more subscribers, so they're interested in knowing what you need. Tidelift supports GitHub, GitLab, Bitbucket, and more. They support every cloud platform and other development targets too. The bottom line is you get all the capabilities you expect and require from commercial software, but now from the key open-source software you depend on. Check them out at devchat.tv slash tidelift.

 

AJ_O’NEAL: Well, let me give you some background on what I'm doing. Like I've been on the show as a guest before to talk about this. So let's encrypt. I maintain a client called Greenlock, which is kind of the premier node client for let's encrypt and let's encrypt for those that are unaware is how you get free SSL certificates. So it's a joint venture, not really venture per se, but a collaboration between the electronic frontier foundation, Mozilla and a number of sponsors, they have their own root certificate. And for those that don't know, certificate signing, you know, you pay $10 or $300 or whatever, there's no actual real cost in a certificate except for when it's validated. So if they have to call you up on the phone or you have to fax in, like if you do extended validation, which that you're more likely to need for a code signing certificate for say, Windows applications or Mac applications that you wanna get into a store, not something you really need for a website. So the actual real cost of SSL certificates is basically nothing. And so Mozilla and the Electronic Frontier Foundation got together and there's kind of a buy-in process. If you want to be a certificate authority, you have to buy into it. There's another organization, ISRG, I think is what it is, Internet Security Research Group, they're another part of this collaborative effort. So they all got together and just put up a server that will perform a series of validations via either an HTTP call or via checking a DNS record, or even some fancy stuff down at the layer in between TLS and the HTTPS or other application that sits on top of it, a layer that's called ALP or application protocol, something identifier. And basically it says whether you're using HTTP one or HTTP two, or if there's another protocol that you're using. So that's kind of the broad scope of what I'm working in and what brings me to the types of uninteresting and boring things that I come to. So before I go further on that. 

CHARLES MAX_WOOD: Yeah, well, and I just wanted to throw in, you know, I mean, I've been using, let's encrypt for a while now. I moved completely off of the paid-for SSL certificates just because it's free and I just set up the, let's encrypt and then set up a cron job and it's done. And there are actually scripts that'll just do it for you now. So, I think GreenLock is one of them, I believe. 

AJ_O’NEAL: Yeah, so GreenLock has a couple of different components. It has, a command line tool, it has an actual web server that you can integrate with Express, and it has a library. So whether you're building, and the primary focus of GreenLock and what I built it for is more in the IoT space. However, the greatest adoption in terms of like per certificates issued has been from small web hosting companies. But I've created it for IoT and enterprise on-prem because that's the need that. I had with the home server that I've been working on is in that space. It also works great for local development. If you want to get a certificate, instead of having self-signed certificates on localhost, you can get a local.mydomain.com and get a certificate on that through it. Those are some of the use cases that it fits in well. So, Let's Encrypt recently made a change. For some reason, they didn't change their API number from V2 to V3, even though it was a breaking change but they decided that it was small enough and it'd be easy enough to fix. They didn't need to do that. Well, now it's almost November and the change was supposed to go live November 1st. It actually still does in the staging environment, but they are not requiring, they're giving it a year before they require it in the production environment, which is like, whew, a lot of, oh, just, it's hard when you're working against a deadline of something that's gonna break and you built it. Six months ago, six months ago was last time you did significant work in it and you realize, you know, you need to do more stuff anyway. So I did an Indiegogo campaign that was actually quite successful from the people that have been using it to gather funds, to be able to work on it full-time for a couple of weeks to basically dig out all the crufty code because it's, it's supported, uh, I think as far back as node six, maybe even, maybe even it. The current version might even work on node four, but it's kind of time to get rid of a lot of that legacy cruft, just code that accumulates in the code base as you work on something over a couple of years and you're trying to keep backwards compatibility and then trying to keep backwards compatibility leads to bugs that you fix it one way you lose, you fix it the other way you lose.