cf.Objective() 2014
May 20, 2014 #javascript #encryption #security #conference
Last week I was a speaker at cf.Objective() 2014: The World’s Only Enterprise ColdFusion Conference, giving my Developer’s Guide to JavaScript and Web Cryptography presentation. It took place May 13-16, 2014 at the Radisson Blu - Mall of America, Bloomington, MN. Session organizers were looking for more Front-End / Mobile / CSS sessions including js.Objective(), a full track dedicated to JavaScript topics.
When I was there, I caught a couple interesting (and relevant) sessions.
Jen Myers (@antiheroine) - slides Jen is a web designer/developer, teacher and speaker from Chicago. She gave a good presentation on diversity in software development, an especially relevant topic in today’s environment.
Pete Freitag (@pfreitag) - slides Pete shared some good info on Content-Security-Policy at Content Security Policy Reference & Examples
Also, by viewing HTTP headers coming from Google Fonts, I learned about the Timing-Allow-Origin Response header from the Resource Timing spec:
The PerformanceResourceTiming interface exposes timing information for a resource to any web page that has included that resource. To limit the access to the PerformanceResourceTiming interface, the same origin policy is enforced by default and certain attributes are set to zero, as described in Section 4.5 Cross-origin Resources. Resource providers can explicitly allow all timing information to be collected for a resource by adding the Timing-Allow-Origin HTTP response header, which specifies the domains that are allowed to access the timing information.
David Epler (@dcepler) - To get good at writing secure software, you really should try and hack your own code - ZAP is a tool that can help you do that.
Elliott Sprehn (@ElliottZ) -
slides -
Elliott is the tech lead for the web components effort at Google, so he seemed qualified to speak on this topic. His HTML5 based slide deck was written using Web Components (you can view source and look for <sd-deck>
and <sd-slide>
elements). He also helped me make progress on an open Chromium bug I submitted last fall: Issue 304722 - chromium - Intl NumberFormat minimumFractionDigits options property not honored
Jason Dean(12Robots) (@JasonPDean) - Jason is also from MN and the person who shared the call for speakers with the JavaScriptMN Meetup group last fall. His presentation was more intro level, but he had great examples of JavaScript variable hoisting which validated his session title by confusing the audience.
Nothing really new in this moderator led panel discussion on client-side vs. server side development, but it did validate that this is a common issue faced by many web developers. The answer almost always was that “it depends.”
Marcin Szczepanski (@MarcinS) - Marcin traveled from Australia where he works at Atlassian. ECMAScript 6 is adding new language features and syntactic sugar to JavaScript. Marcin even updated Jason’s var hoisting examples, by converting them to let, which gives JavaScript block scope local variables. It will be a bit before the browsers catch up (took about 4 years for ECMAScript 5), but until then you always have transpilers: google/traceur-compiler · GitHub
The full schedule has many more topics with the final slide decks to be available on slideshare soon.