Swag is not excuse to spam.
In this episode, we talk about Oculus Quest 2 users being forced to link their account to a Facebook account, a fun use of the McDonald's API, Microsoft phasing out Internet Explorer with Edge, and some important tech-related issues on U.S. ballots. Then we be speak with Emily Kager, senior mobile android engineer at Mozilla, about a big controversy over Hacktoberfest. Finally, we chat with senior software engineer and Node.js TSC Member at Red Hat, Beth Griggs, and Michael Dawson, Node.js lead for Red Hat and IBM, about the release of Node v15.
Saron Yitbarek is the founder of CodeNewbie, and host of the CodeNewbie podcast and co-host of the base.cs podcast.
Josh Puetz is Principal Software Engineer at Forem.
Beth Griggs is a Senior Software Engineer at Red Hat and Node.js Technical Steering Committee Member. Her work includes contributing to the upstream Node.js project, to building tooling to support Node.js deployments to Kubernetes.
Michael Dawson is an active contributor to the Node.js project and chair of the Node.js Technical Steering Committee(TSC). He contributes to a broad range of community efforts including platform support, build infrastructure, N-API, Release, as well as tools to help the community achieve quality with speed (ex: ci jobs, benchmarking and code coverage reporting). As the Node.js lead for Red Hat and IBM , he works with Red Hat's and IBM's internal teams to plan and facilitate their contributions to Node.js and v8 within the Node and Google communities.
[00:00:10] SY: Welcome to DevNews, the news show for developers by developers, where we cover the latest in the world of tech. I’m Saron Yitbarek, Founder of Disco.
[00:00:19] JP: And I’m Josh Puetz, Principal Engineer at Forem.
[00:00:22] SY: This week, we’re talking about Oculus Quest 2, a funny use of the McDonald’s API, Microsoft Edge, and some important tech-related issues on US ballots.
[00:00:31] JP: Then we’ll be speaking with Emily Kager, Senior Mobile Android Engineer at Mozilla, about a big controversy over Hacktoberfest.
[00:00:37] EK: People might think, “Oh, well, it’s only a couple of spam pool requests a week or you can just go in and close them or tag them.” But it’s just a lot of extra maintenance on maintainers who already are very like strapped for time and resources.
[00:00:50] SY: And then we’ll chat with Senior Software Engineer and Node.js TSC member at Red Hat, Beth Griggs, and Michael Dawson, Node.js lead for Red Hat and IBM, about the release of Node v15.
[00:01:02] BG: So it’s kind of like how can you tell a little bit faster so that you can handle out risks early and properly in your application development.
[00:01:10] SY: Okay. So I’m a big fan of VR. I use it regularly. I’ve had the Go and the Quest and the Vive and you Quest 2 and this bit of news about the Oculus Quest 2 really put a sour taste in my mouth. So one of the things about the Quest 2 that it requires a Facebook account at launch for user verification, which is I think something that everyone was kind of afraid would come. And then here it is. This was a huge bummer for people who love the system, but who just don't want a Facebook account? Right? Like being able to play VR games and like having a social media presence should be two separate things. And there are reports that people who didn’t already have a Facebook account or who reactivated an old account had trouble with the verification system. And so they either had to wait long periods of time for their accounts to be reviewed or they just lost access to their Oculus and all the games they bought just completely. And are you ready for some more disheartening news, Josh?
[00:02:05] JP: I mean, like worse than requiring Facebook?
[00:02:08] SY: So if you ended up connecting your Oculus account to your Facebook account, they are now inextricably linked. And if you later decide to delete your Facebook account, it will also delete your Oculus purchases and account information.
[00:02:19] JP: Oh!
[00:02:21] SY: So this means that even all of your data that you have on your Quest, your Rift, your Rift S would all disappear. Oh, and also, if you delete your account, the data is lost permanently.
[00:02:32] JP: Oh, that’s really disappointing.
[00:02:32] SY: There’s no like fake delete where you can actually reactivate it at some point. It’s actually gone. For once, your data’s actually gone.
[00:02:40] JP: This is the one time your data is actually gone. I think this was everyone’s fear when Facebook purchased Oculus that we would be in a situation where this would happen and here it is.
[00:02:50] SY: Yeah, I’m really interested to see kind of how far they take it. For example, I have my Facebook account to use my own Oculus, but the fact that I’m on Facebook, it’s not present. You know what I mean? Besides the login, it doesn’t feel like, “Oh, I’m in Facebook’s virtual reality. It feels like I’m just in virtual reality.” And so if the first step is you have to log in through a Facebook account, I’m kind of thinking, “How else is Facebook going to like show up in this experience? Where’s it going to pop up and how’s it going to start feeling different with this being step one?” You know?
[00:03:25] JP: Yeah. I’m also a huge VR fan and I have a Quest and a Quest 2 as well. And I’ve noticed that there was this original way of meeting up with people and watching things called “Venues” in Oculus Quest. And those have gone away now with the Quest 2 and instead there is a Facebook venues replacement. There’s also something called “Facebook Horizon”, which is kind of a virtual meeting space.
[00:03:47] SY: Heard that. Yeah.
[00:03:48] JP: Yeah. So they’re slowly taking away the Oculus stuff and that you’re seeing more Facebook branded stuff in the Quest, which is a little concerning to me.
[00:03:57] SY: Yeah, especially when you think about just how much data they pick up, like biometric information, they pick up just from your body and your hands. I mean, there’s just so much information that they can get on you physically. And I still don’t really know how that’s going to be incorporated into Facebook’s business model, but I feel like I’m not going to like it.
[00:04:20] JP: I’m dreading the day that I get a Facebook ad out of my Quest or maybe I’m playing a game and I see an ad in a Facebook feed related to it. I know it’s going to happen. Oh!
[00:04:29] SY: Yeah. Yeah. I’m just waiting for it. Anyways, that’s our update on the VR land.
[00:04:35] JP: Next up is a story that really tickled myself and our producer, Levi. Using the McDonald’s API, developer Rashiq Zahid created a website called “McBroken”, which shows a map of every McDonald’s in the United States and overlays which ones currently have a broken ice cream machine. You get some fun analytics about what percentage of broken ice cream machines are in each city. The part that I was absolutely tickled by is how he’s doing it. He has a bot and it tries to add an ice cream every 30 minutes in McDonald’s mobile app to a shopping cart and it tries to add an ice cream from every single McDonald’s location across the country. Now if McDonald’s has a broken ice cream machine, the mobile app will mark the item as “Currently Unavailable” on the menu. So the app looks at this and then identifies the location with a broken ice cream machine and puts it with a red dot on a map instead of a green dot. And so you can see at a glance which ice cream machines are broken. I know you are going to ask, Saron, why is this so interesting?
[00:05:40] SY: Yeah. I mean, I have to admit that when I first heard the story, I was like, “This is so silly. Why? Why does this exist? What is the big deal?” Because it wasn’t just that like, “Oh, it’s a fun app.” It was right about on the verge. That’s a pretty big online publication. You know what I mean? And I was like, “I don’t get where everyone is obsessed with this.” And you said, “Okay, well, what is your cheap, fast food of choice?” And I thought about it and I was like, “The Ikea Hotdog.”
[00:06:08] JP: Excellent.
[00:06:09] SY: You know? That you go through this huge maze of all this furniture and all these names you can’t pronounce and you’re tired and you’re through the warehouse and you picked up all of your stuff that’s going to take you days to put together. But at the end of all of that, you have your 99-cent hotdog to look forward to.
[00:06:26] JP: Yes.
[00:06:27] SY: And once you compared it to my 99-set Ikea hotdog, I thought, “Now I understand why this is so important.”
[00:06:34] JP: It’s the same function for me. I don’t live near an Ikea, but I do have two McDonald’s in my town. Sometimes after a hard day of adulting, we’ve been grocery shopping, we’ve got the mask on, we’re living in this pandemic hellscape, I just need a McDonald’s ice cream cone to reward myself. And I have waited in line at the drive-through, got to the speaker, ordered my ice cream cone, ordered one from my daughter in the back seat. And they say, “We’re sorry, the ice cream machine is broken.” And it just crushes you.
[00:07:09] SY: If the Ikea hotdog machine was broken, I would be devastated.
[00:07:12] JP: Right? This way, you know before you go. He’s recording some statistics by geographical area so you can see, like in New York, 20% of the ice cream machines are broken. I was surprised how often these stats seem to change. I’ve been watching my local town.
[00:07:28] SY: Oh, interesting.
[00:07:29] JP: It’s blinking on and off. It really makes me curious.
[00:07:32] SY: I wonder if McDonald’s finds it helpful or if they’re just annoyed that their API is getting hit so many times.
[00:07:37] JP: So McDonald’s actually issued a statement over Twitter, but still a statement, and they said they were really impressed with Zahid’s ingenuity. They didn’t say they were going to block him or anything. Frankly, for McDonald’s, it’s great publicity.
[00:07:51] SY: It is great publicity. Yeah, absolutely. So this next bit of news is going to bum out the five people who were still using Internet Explorer. Starting next month, Microsoft will start phasing out their old web browser in favor of their new web browser called Edge. The way they’re doing this is by forcing certain websites to automatically open an Edge even if you’re trying to open it using Internet Explorer. In other words, Microsoft is literally edging out Internet Explorer. There are currently 1,156 sites. So activate this behavior, including YouTube, Twitter, Yahoo Mail, and Stack Overflow.
[00:08:27] JP: This is wild. There’s actually a DLL that is getting installed on people’s Windows machines. The name of it is “IEToEdge BHO”. They say BHO stands for Browser Helper Object. And developers took a look at the compiled code, disassembled it, and they can see the actual names of the websites in the DLL that are routing to Edge. Crazy.
[00:08:50] SY: Oh, cool. Yeah, I would love to meet the people who use Internet Explorer for by choice.
[00:08:57] JP: This was a couple years ago, but I’ve read that it’s still very popular in a lot of overseas banking conglomerates.
[00:09:03] SY: Oh, interesting. Why?
[00:09:05] JP: it’s a very low bar of entry. Like think about it, Internet Explorer runs on a lot of older Windows systems.
[00:09:11] SY: Yup. Yup.
[00:09:11] JP: So if you’ve got a lot of customers that are using older equipment, maybe low-end equipment, it makes sense to still be compatible with Internet Explorer.
[00:09:20] SY: Yeah. That’s true. That’s true.
[00:09:21] JP: I have a feeling very many web designers would love to manually place their websites on this list to get out of having a supported Internet Explorer.
[00:09:30] SY: Right. Yeah. Absolutely.
[00:09:32] JP: Well, with the US election around the corner, we couldn’t justify not discussing something ballot related. So we wanted to tell you about a list of tech-related ballot items routed up by the markup, and we’ll include a link to that article in our show notes. Here are some of the most interesting ballot items that we found. In California, there’s Proposition 22, which will decide whether gig economy workers such as Uber or Lyft drivers are considered employees or independent contractors. If the measure passes, gig workers will remain as independent contractors as they do now and they’ll receive 20% above the state’s minimum wage.
[00:10:10] SY: Okay.
[00:10:11] JP: If it doesn’t pass, gig workers are going to be considered employees and they'll be eligible for more benefits, such as paid sick days and paid overtime. But this will have an impact on Uber and Lyft’s bottom line, of course.
[00:10:25] SY: So which one do we want to happen?
[00:10:29] JP: I think that’s very interesting. I’ve read pros and cons, especially from Uber and Lyft drivers. Some want to remain independent contractors.
[00:10:37] SY: Oh, interesting. Why?
[00:10:39] JP: You know, I’m not exactly sure. The little bits that I’ve read talked about how, if you’re a contractor for Uber or Lyft, you can drive for both. You can choose when you work, when you don’t. You can dip in and out very easily. But of course, you’re not getting any benefits. And so I’ve read a lot more arguments for being considered an actual employee.
[00:10:59] SY: Yeah. So basically flexibility over stability sounds like maybe the two options there.
[00:11:04] JP: Yeah.
[00:11:05] SY: Yeah. I get that. What else is on the ballot?
[00:11:08] JP: So also in the ballot and also in California, Proposition 25, this would eliminate the state’s cash based bail system. So if you get arrested and you’re waiting trial, you pay a certain amount of money. You don’t have to wait in jail. You can go with a promise to come back for your trial date. Proposition 25 would replace that system with an algorithmically determined risk score to decide if a defendant should be locked up in jail before their trial date. So proponents of this proposition say that the current cash bail system doesn’t really take into account how likely a defendant is to commit a crime or to not show up for their trial date. But instead, it’s all about how much money they can pay. Opponents of the proposition point out that risk assessments, which are already used in the federal criminal system, have been shown to be biased against black defendants.
[00:11:55] SY: Yeah. I don’t know about this one. I mean, I totally get both sides, right? The cash bail system has been criticized so much and so often because it just ends up penalizing the poor, penalizing people who need $500 and just don’t have $500. So I totally get that argument. It’s kind of just ridiculous that you need to pay to be free.
[00:12:17] JP: Right.
[00:12:17] SY: Anyway, just the bail, it always felt very strange to me, but then when we talk about adding machines, it’s like if you’re using past data, which is generally what machine learning does and your past data says, “Well, all the people who have previously needed a cash bail are all black people or poor people,” or whatever it is and you’re basing it on historical data, that’s already biased because of human bias, then we’re just kind of like writing that in stone, which I’m not excited about that option.
[00:12:47] JP: Right. How will that system ever improve if it’s always using past history? Yeah.
[00:12:53] SY: Right. Exactly.
[00:12:54] JP: And then there’s all these questions about who is writing those algorithms and is it public information. Like if you are assigned a high risk score, do you have a right to know where that came from and what went into it? Could you attest it?
[00:13:07] SY: Yeah.
[00:13:07] JP: Finally, in Chicago, there is Public Question 1, which asks, “Should the City of Chicago act to ensure all the city’s community areas have access to broadband internet?” So currently, one in five children in Chicago do not have broadband internet access, which considering Chicago public schools are currently only online, it’s a pretty sad number.
[00:13:30] SY: That is tough. Yeah. I mean, it always amazes me the number of people who don’t have internet either at home or just access to internet in some capacity, because that’s huge. Right? The internet is how I do like literally everything, especially in quarantine, especially when I can’t go out and see my family, can’t see my friends, like everything I do, all my meetings, all my entire social life, everything is online, and it really is just astonishing to me the number of people who go around, who just don’t have that access. So I mean, I don’t know how expensive it is. I don’t know what the implementation is, but the idea that all the community centers should have access to broadband seems like an obvious yes to me.
[00:14:07] JP: Yeah. It has to be as well, like right now, especially with the pandemic with people being at home. If you don’t have the internet and your kid’s school is closed, you are stuck. I’ve heard stories about parents giving their cellphones to kids to do their homework. Imagine trying to do your homework on a cellphone. It’s rough.
[00:14:24] SY: No.
[00:14:24] JP: Yeah.
[00:14:25] JP: So this month was the seventh annual Hacktoberfest, a promotion that DigitalOcean puts on to celebrate open source, where they give away a free t-shirt to every developer who makes four pull requests on GitHub. However, this month, a lot of criticism of the event popped up after a tweet made by Google Senior Engineer Domenic Denicola which said, “Ugh, oh no, October is starting. Prepare for a month of spam pull requests... whatwg/html,” which is their repository, “has already been hit hard, at 5 in the last 3 hours. @hacktoberfest, please, please stop this annual tradition of wasting maintainers’ time. You are a net negative for the world.” We reached out to Domenic to talk about the Hacktoberfest controversy, but he declined to be on the show. Full disclosure, Dev/Forem is a Hacktoberfest partner. However, we keep our editorial and business dealings completely separate. So coming up next, we are joined by Emily Kager, Senior Mobile Android Engineer at Mozilla, who is also a vocal critic of Hacktoberfest to talk about the controversy after this.
[00:15:46] JL: Triplebyte is a job search platform that allows you to take a coding quiz for a variety of tracks to identify your strengths, improve your skills, and help you find your dream job. The service is free for engineers and Triplebyte will even cover your flights and hotels for final interviews. So go to triplebyte.com/devdiscuss today.
[00:16:36] SY: Joining us is Emily Kager, Senior Mobile Android Engineer at Mozilla. Thank you so much for being here.
[00:16:42] EK: Thank you so much for having me.
[00:16:44] SY: So before we get into Hacktoberfest, tell us a bit about your developer background.
[00:16:49] EK: I have a bit of a non-traditional background. I went to school for neuroscience and actually ended up switching into computer science via a post-bac program and actually got my first internship and job at Mozilla. And so I’ve been there ever since.
[00:17:04] SY: Wow! That’s neat. Good for you.
[00:17:06] EK: Yeah, it’s great. And yeah, we’re all open source. So I think it’s definitely kind of a unique experience having your first job and experience in tech being a full-time open source maintainer.
[00:17:21] SY: For sure.
[00:17:22] JP: So what kind of projects do you work on at Mozilla?
[00:17:23] EK: Yeah. So I’ve always worked on our mobile products and currently I’m working on the flagship Android browser, which we just did a massive rewrite of in the last like two years.
[00:17:33] SY: Wow! That’s neat.
[00:17:35] JP: Congratulations. So this month, there were a lot of criticisms of October past, including yourself on Twitter. We noticed that there was an entire Twitter account called “shittoberfest” that was keeping track of all of the posts that were critical of the event. And I was wondering if you could talk about what some of the issues were with Hacktoberfest in general and in particular this year that you and some others brought up.
[00:17:58] EK: Yeah. So I think a couple of the problems are just whenever you incentivize people with free t-shirts, for some reason, people just go crazy, right? So I think this year in particular, there was a problem because the rumor I heard, at least, I didn’t actually see it, but someone posted a video in some public platform where basically they were encouraging people who weren’t even devs to kind of get involved with Hacktoberfest just for the free t-shirt and the advice they were giving was, “Oh, just go into the docs and change a few words and submit pull requests and you’ll get t-shirts no matter what. It doesn’t matter if you’re just like spamming or don’t know how to code or whatever.” Right? So I’m not saying you have to code to be an open source contributor, but it was definitely not in good faith to just go spam a bunch of open source repos and get a free t-shirt out of it. And who cares what happens to the PRs or the maintainers afterwards? And I think just the main problem is open source maintainers are already so overwhelmed. I mean, I’m kind of a special case and that I am paid to work on open source. So for me, it was more of just an annoyance when you see these like spammy PRs, and you’re like, “Okay, that’s going to take me a few minutes to deal with that in my day.” But most open source maintainers are not paid. They’re taking time to build tools that a lot of other developers are using, just people that they’re building like products, right? And some of your spamming people who are already volunteering their time and now have to deal with these spam requests, then it’s not nice.
[00:19:26] SY: Tell me a little bit more about how this flood of pull requests, these spammy pull requests in particular affect your work.
[00:19:34] EK: Sure. So part of the job of an open source maintainer is to review code and make sure that contributors can contribute. So obviously, we tag issues as good first issues, or if documentation is broken, people are always welcome to submit pull requests and we’ll take time out of our day to look at those. And it’s kind of budgeted into my day that some part of my day is going to be spent looking at pull requests either from my teammates or from contributors. And we get like probably hundreds every few weeks. Right? So it’s definitely like a large volume. So when you’re adding to that volume, it’s just going to take us more time to go over all of these pull requests and suss out the ones that are spam. We don’t want to be mean, so we’re going to reply something like, “Hey, this isn’t a very helpful pull request. Maybe next time try our good first issues.” We’re going out of our way to try to interact with the community in like a helpful way. And so people might think, “Oh, well, it’s only a couple of spam pull requests a week or. You can just go in and close them or tag them.” But it’s just a lot of extra maintenance on maintainers who already are very like strapped for time and resources.
[00:20:44] JP: So Hacktoberfest isn’t new. I think this is the seventh year it’s taking place. Why do you think that there was so much criticism this year as opposed to other years? Do you think it was the t-shirt issue?
[00:20:56] EK: Yeah. I think they’ve always given t-shirts. This year in particular, I think it was mainly that video that was kind of fueling the fire and encouraging people who weren’t even really interested in the tech space to just go and do this to get a free t-shirt right. Basically just, “Oh, anyone who just wants a t-shirt, go and change some words in GitHub, make an account, blah, blah, blah.” Right? So there was definitely a very low barrier to entry. And I think people had been frustrated before, but this kind of all brought it to a head when everyone was suddenly getting flooded with truly spam requests, not just people who weren’t really sure what they were supposed to be doing. And it’s honestly just annoying, but I think this year in particular was bad, but definitely these concerns have come up before and our team has joked about it before. And I think on the 1st of October of this year, I was even like messaging my teammates, like, “Brace yourself. Get ready. It’s going to be Hacktoberfest.” And they were like, “Oh my gosh! Hacktoberfest is coming up.” Right? So you definitely have people in the past. Even this year in the middle of September, there was a kind of a funny story. There was like a good first issue that I had tagged and even tagging good first issues, honestly, is a service that we’re doing to the community because really most good first issue is like, “I could do myself in a minute,” but we really want to give people the opportunities to contribute to open source if they want to. And so there was a good first issue that I had tagged and someone came in and commented and was like, “I want to claim this issue.” And usually you respond, you’re like, “Sure. Whoever wants to submit a pull request, I’ll take a look at it.” And the person replied and was like, “Well, I want to claim it, but I don’t want to do it until October.”
[00:22:33] SY: Oh, wow!
[00:22:34] EK: You have to count towards the t-shirt. And I was like, “All right, we don’t do that. We don’t reserve issues for weeks at a time so that you can get a t-shirt. Our schedule does not revolve around a free t-shirt that our contributors are getting.” I get it. You want some nice gifts, I guess, for contributing to open source and maybe there aren’t enough incentives in general to contribute to open source and maybe that’s part of the problem. But yeah, definitely like it’s been a problem before and I think this year, it kind of, like I said, came to a head and people were really like, “This is ridiculous,” especially when all these really spammy requests are like flooding in.
[00:23:11] SY: So DigitalOcean did respond to this criticism. What was their response?
[00:23:16] EK: Yeah. So they responded and I think they changed the requirements for pull requests that would be counted to try to discourage people from spamming. So it’s pretty clear on the Hacktoberfest website now that you have to contribute to a repository that’s been tagged as Hacktoberfest friendly, either that or the maintainers have to tag the pull requests themselves as like Hacktoberfest accepted for it to actually be counted. So it definitely helped. Right? And they did it pretty fast within like a week of Hacktoberfest starting or something.
[00:23:47] SY: That’s not bad. Yeah.
[00:23:48] EK: Yeah. I know. It wasn’t bad. And honestly, I don’t blame DigitalOcean and I think Hacktoberfest is like a good idea and getting people involved in open source is great. It’s just maybe they hadn’t realized how much the developers on open source hated Hacktoberfest when it came up. Right? And honestly, I think it’s just a bigger problem within open source that everyone is so strapped for time and resources. But it definitely doesn’t help when a bunch of bad actors are flooding into these repos.
[00:24:18] SY: Yeah. absolutely.
[00:24:20] JP: So other than the response from the Hacktoberfest group, what are some other solutions and changes you think would be beneficial to the program and to just open source development in general in the future?
[00:24:31] EK: I personally think that maybe sending t-shirts is not what we need to be doing. I mean, just environmentally and resource wise, if Hacktoberfest was some like a badge on your GitHub profile or even this year, I think they started offering to be able to donate like a tree instead of getting a t-shirt in the mail, which I already have enough tech t-shirts. So I was like, “Great.” I always sign up for Hacktoberfest just because literally I do it on like the first day. I think it’s fun too. It’s like a fun little thing and you get an email. It’s like an exercise goal. But for open source, contributions, right? But yeah, I think if they move towards more or just maybe everyone plants a tree and that’s the reward, it would disincentivize people who are just in it for the t-shirt and maybe get a little bit testy and desperate when they need to fulfill the pull request before they get their reward. Right?
[00:25:25] SY: Is there anything that we didn’t cover already that you want to talk about?
[00:25:29] EK: Yeah. I mean, I would just say we really do enjoy having contributors and I think it doesn’t need to be around an event for contributors to come in and get involved with open source. And people should also know that during Hacktoberfest. I think, the open source maintainers are particularly stressed and I think people always need to give open source maintainers a bit more leeway. Most people who are open source maintainers are not being paid for their time. They are there to build something that’s helping people and helping the community and being rude to them or spamming them with their time is not nice. So I would just say have a little bit more leeway for the open source maintainers. They’re very stressed.
[00:26:12] SY: Yeah, absolutely. Thank you so much for joining us.
[00:26:15] EK: Thank you so much for having me.
[00:26:22] SY: Coming up next, we are joined by Senior Software Engineer and Node.js TSC member at Red Hat, Beth Griggs, and Michael Dawson, Node.js lead for Red Hat and IBM, about the release of Node v15 after this.
[00:26:48] JL: Join over 200,000 top engineers who have used Triplebyte to find their dream job. Triplebyte shows your potential based on proven technical skills by having you take a coding quiz from a variety of tracks and helping you identify high growth opportunities and getting your foot in the door with their recommendation. It’s also free for engineers, since companies pay Triplebyte to make their hiring process more efficient. Go to triplebyte.com/devdiscuss to sign up today.
[00:27:45] SY: Joining us are Beth Griggs, Senior Software Engineer and Node.js TSC member at Red Hat, and Michael Dawson, Node.js lead for Red Hat. Thank you so much for being here.
[00:27:56] MD: Thanks for having us.
[00:27:57] BG: Yeah. Hi.
[00:27:58] SY: So before we get into Node v15, tell us a bit more about your developer backgrounds.
[00:28:04] BG: So I first started as a developer after leaving university. I joined IBM and I spent about four years in the Node.js runtime team where I started to get involved with the open source Node.js project. And just recently in the past month, I’ve moved over to Red Hat where I’ll be doing similar things again, working on the Node.js project.
[00:28:26] SY: Cool. And Michael, how about you?
[00:28:59] SY: So what were each of your roles in this new Node release? Beth, you can go first.
[00:29:04] BG: I’m an active member of the Node.js release working group and the actual process of creating the Node.js 15 release. That was kind of down to me. So it involved pulling the commits into the release of writing the change log, also working with the OpenJS Foundation on writing the announcement and also testing. So testing Node 15, we do have a tool where we test the impact of a new Node release across a large variety of the ecosystem modules. So that when we’re putting out a new major release of Node, we know which modules are going to be impacted and try to minimize or help fix those issues.
[00:29:43] MD: I, in my case, much more of a supporting role. Bethany really had the lead effort on this front as a contributor, as well as I did help to review the blog post that went out in terms of the release. But Bethany did all the heavy lifting in terms of actually getting the release and stuff out there.
[00:30:00] JP: So let’s get into it. What are some of the biggest features and updates in Version 15 of Node?
[00:30:05] BG: My favorite feature in Node 15 is the change to how we handle unhandled rejections. So in versions prior to Node 15, if you had an unhandled rejection in your application, you’d likely see a warning printed out saying kind of, “Please, don’t do this.” But after a fair few versions of Node with that warning being in place, we have now made the change to throw on 100 rejections. And what this means is when you have an unhandled rejection in your application, the Node process will exit. If you don’t have a special unhandled rejection hook set. And the reason I really liked this change is I think it helps people to understand why Node was printing these warnings for all this time and kind of just stop people falling down pitfall traps of having a bunch of unhandled rejections and messy error handling in their applications. So it’s kind of like how can you tell a little bit faster so that you can handle out risks early and properly in your application development.
[00:31:05] MD: And I’ll just add that like it took us quite a while to get that change in because we’re very cautious about changes that could affect existing applications. And so along with the change are a number of ways, which you can very easily go back to the old behavior. If you do find that it’s exposing some of the things which you likely need to fix in your application, but haven’t done yet. So there’s command line options. You can add a small amount of code, but very easily, work around the issue while you take the time to properly figure out what you want to do in the next version of your application.
[00:31:37] SY: When you look at the release as a whole and compare it to past releases, what are some of the big differences?
[00:31:43] BG: It’s interesting to see that over time, over the past few major versions, since I’ve been involved, the number of breaking changes seems to start reducing. So we don’t make as many. So this is kind of good news for all of our doctors of Node.js because that means they’re less likely to experience breaking changes. And it just shows that the platform’s kind of matured and there’s less kind of controversial changes being made these days.
[00:32:10] JP: Could you each talk about what some of the biggest challenges you came across while building this new release?
[00:32:16] BG: There was a runtime deprecation for the umask method that was originally in this release. It has been documentation duplicated for the past couple of releases, I believe, and we were going to move to a runtime deprecating it. Meaning that if your code is running and it tries to use this method, you will get a message output saying, “This method is deprecated. Please stop using it.” And we actually found that there were a lot of modules out there still using this umask property. We made the decision to revert that because we just felt it would cause too much ecosystem disruption at this point in time. I think that that kind of highlights our efforts that we go to in testing. We’re trying out all of these various modules. We’ve got over a hundred in our tool where we run our test suites to see if they’re going to be impacted. And that’s an example where we actually took the decision to revert something because it would just be too disruptive.
[00:33:12] MD: From my perspective, the biggest thing that stuck out is this time we had quite a lot of things that people wanted to get in at the last minute, which is it’s great that we have a lot of activity, but we don’t necessarily want to pour a large number of changes in Node.js Just before we cut a new major release. Ideally, we’d get those in, I think at least a couple of weeks in advance, we actually have a well-defined cutoff date after which we need the TSC to say, yeah, that that seems like it’s good to get in. So I don’t know if it was so much of a challenge. It’s something to think about for next time in terms of, “How do we avoid those sort of last minute requests and see if we can get them surfaced a little bit earlier?”
[00:33:53] BG: I think as an example, the VA update, I think landed with a couple of days before the release. It’s good that the VA update isn’t there, but a little bit more baking time before it goes into a release would have been nice.
[00:34:07] SY: So when we do releases and your projects in general, we don’t always get all the things that we want in that final release. So is there anything in this release that you were hoping would be there, but didn’t quite make it, anything that might be in the pipeline for a future release?
[00:34:23] MD: In terms of features, we’re actually quite flexible. Some projects are very much new features in new releases. The Node project is very much open to, we first land a new feature in Master. But once we get the required baking time, we actually fairly quickly move those back to earlier release lines. That actually means that when we come up with say 15 X release in this case, most of the things we’re calling out as new are the December major changes, but they’re generally not the most interesting things, December minors, which are the things where we’re adding new APIs and new features are the most interesting. But a lot of those have already been added to the previous version. So there’s not so much anything that I’m like, “Oh, I wish we’d gotten it into 15,” because we can put those into 15.1 or 15.2, and quite likely will. So there are things I’d wish we’d make more progress on, but that’s always the case from that perspective.
[00:35:25] JP: Well, speaking of 15.1 or 15.2, can you hint at any of the things that might be coming down the pipeline?
[00:35:31] MD: So one of the things we’ve called out in the release is the refinement of the async local storage APIs. So as an example, that’s an API we’ve been working on. We have it as an experiment feature. There is currently discussion around moving one part of that. There are two parts to the API. One is async local resource, which we need module owners and package maintainers to use within their applications to help propagate context across certain situations. And then there’s separately the API, which is what the APM vendors or other things like OpenTracing would use to basically turn on context tracing and allow you to propagate transactions across async operations. So that first one to do with the async resource, it seems like we have a reasonably good consensus that we should make that non-experimental and that’s the kind of thing we could do in a 15.1 or 15.2. And in fact, we had some discussion around that, whether we needed to accelerate the discussion or not and it turned out that no, we didn’t need to. Similar discussion was held around diagnostic channel, which is a set of APIs to help basically be able to do better diagnostics than to better report on what’s going on within Node itself.
[00:37:31] MD: Yeah. The other reason we do that is because it helps us maintain it more easily. Google has quite an accelerated lifespan for v8 releases. And so the most up-to-date one we can get the easier the maintenance aspect we have to take on ourselves is.
[00:37:49] SY: So now that Node v15 is out, do you imagine that people will find new ways to use Node? Do you find that being, I don’t know, any more accessible to new people? What are your thoughts on that?
[00:38:02] BG: I certainly think throwing on unhandled rejections will help maybe people who are not overly familiar with the asynchronous kind of development model of Node to understand what you should do in terms of error handling because of the fail-fast kind of behavior we’ve added in Node 15. I guess one other thing could be the experimental QUIC implementation. So that’s a very experimental feature. You have to build a node yourself with a flag to enable it. But QUIC is a new technology and having some way of people starting to play with it will be quite interesting, but it’d be good to track the adoption and what people build with those newer QUIC technologies.
[00:38:45] JP: Is there anything else that either of you would like to cover that we haven’t already asked about?
[00:38:50] BG: I think it was mentioned in the blog posts that we have some efforts, not necessarily tied specifically to this release, but for example, the next 10 team. The goal of that team is to look at what made Node.js so successful in its first 10 years and figure out what we should keep doing for the second 10 years, what we should stop doing, what new things we should start doing. We really need everybody’s input. The current thing we’re working on is the Node.js constituencies. So basically who are all the different groups who have an interest and are sort of affected by what goes into the project and we’re trying to work out what we think they need. And so people providing their input and making sure that we get that right I think would be very, very important. I’d like to mention that as something that people can take a look at and help give us their feedback to make sure we’re going in the right direction with future releases.
[00:39:45] SY: Well, thank you so much, Bethany and Michael, for being here.
[00:39:47] JP: Thank you.
[00:39:48] MD: Thanks for having us.
[00:39:49] BG: Thank you.
[00:40:00] SY: Thank you for listening to DevNews. This show is produced and mixed by Levi Sharpe. Editorial oversight by Peter Frank, Ben Halpern, and Jess Lee. Our theme music is by Dan Powell. If you have any questions or comments, dial into our Google Voice at +1 (929) 500-1513. Or email us at [email protected] Please rate and subscribe to this show on Apple Podcasts.