What is NodeConf Budapest?
NodeConf Budapest was a one-day, single-track conference with a focus on what people need to know about Node. It was the first such event organised by Gergely Nemeth of RisingStack, a Node consultancy and development company. Around 100 people attended from all over Europe and the lineup of speakers was similarly international.
We attended the NodeSchool and NodeBp meetups in LogMeIn’s offices the day before the conference itself. This gave us an opportunity to peek into the startup culture of Budapest and learn more about the stacks and technology used at RisingStack and Planorama - a company employing machine learning to verify store shelf placement through image recognition.
The talks covered a wide range of topics, from microservices infrastructure through to using Node to process radio waves and including advice on best practices for writing technical documentations. While all the talks were of the high quality, the following talks stood out as they felt most relevant to the work we do at YLD.
“I've been web developer for 17 years and this is what I've learned”
“Writing Secure Node Code”
Danny Gardner introduced Snyk, the Node and Ruby code security company he works for. According to Snyk, around 14% of npm packages and up to 83% of node applications contain security vulnerabilities. He used the example application Goof to demonstrate how such vulnerabilities could be exploited. Snyk collaborates with the Node Security Platform by sharing information about new security vulnerabilities. Snyk’s offering is the use of snyk-bot, which will scan an application’s git repository for insecure modules modules, create pull requests for fixes for the issues it finds and optionally patches modules on the “prepublish” hook.
“Solving service discovery in Node.js with SWIM”
Richard Rodger’s brought us a new perspective on how to solve service discovery in a microservice architecture. If you look at your services as a mesh of peers, which subscribe to patterns and listen to certain patterns, you reach a point where you no longer need to worry about how service A reachs service B, or which contracts to use between these. This sure sounds nice, but how can one build such system? The solution is SWIM. What is SWIM you might ask? Well, SWIM stands for Scalable Weakly-consistent Infection-style Process Group Membership Protocol. Although the name may scare you at first it is actually a very interesting solution. SWIM monitors the network members using a peer-to-peer periodic randomized probing protocol and when it comes to the information about membership changes, the messages are piggy-backed on pings and acknowledgements. If this sounded interesting to you give the paper a read, you’ll really enjoy it!
“Kill all Humans, Development Tool Automation Like a Pro”
Jan Lehnhardt of Neighbourhoodie Software introduced two cool tools in his talk. The setup automated semver compliant package publishing tool; semantic-release-cli, integrates with your chosen CI, generates semver numbers based on your commit messages and automates package publishing - therefore removing the need for the error prone manual process. Greenkeeper offers a service to automate the process of dependency management by ensuring the latest version of dependencies are installed.
“Shipping Resilient And Scalable Applications With Node.js And Artillery”
Hassy Veldstra showed us how important load testing is when designing and building an application. He first started by showing that the principles around load testing are not new nor exclusive to software, it is in fact a common engineering approach. But what is load testing you might ask? Quoting wikipedia - “Load testing is the process of putting demand on a software system or computing device and measuring its response.” - well, sounds quite straightforward right? Well it’s not that easy, while introducing Artillery, a load testing tool built with Node, Hassy showed what patterns one might aim at when load testing. For starters, document your work! It might come as obvious but one can easily get lost in a series of tests and mess up the collected data just because these weren’t properly documented. Speaking on collected data, you should collect it thoroughly and make sure to gather all the statistically relevant outputs, otherwise you’ll be doing it for the sake of doing it which is not the goal of testing (remember, we’re engineers!). Finally, actually try to mimic as close as possible the conditions you’ll expect on your production environment… Or better yet, do it in production… During peak time! No we’re not crazy and we do understand some conditions need to be in place in order for this to work, but hey, why not? Hassy gave us some clear examples of companies doing this today and, despite not going into much detail around it, he sure was interested in speaking with anyone who wanted to know a bit more about this (as I’m sure he is now).
The end of the day
NodeConf Budapest made for an intense, information packed day with twelve, twenty-five minute talks. The venue, Mosaik is a newly opened co-working space in the heart of Budapest and it functioned well - we certainly enjoyed the craft beer served at the end of the day! All in all, we learnt a lot, made new friends and had a great time.
By Joao Antunes and Judit Greskovits
Photo by Vera Deak