 I'm just going to go through and we're going to talk about some things that have been happening in the JavaScript community over the last half a long, last month. So last month we talked about whether Express was dying or not. This is a valid concern because the lead maintainer of it, well, Doug Wilson, basically he was doing all the work and Strongloop was taking all of the credit and then IBM acquired Strongloop and Doug, I don't know which company he works for but apparently they're a direct competitor to IBM so then there was a big conflict and Doug wasn't sure why should I even bother working for this company where I'm not even getting any credit and not only that they're a competitor but being a good resolution to this, Express is now in an incubation project of the Node Foundation so this is sort of a new thing that's come out of the new open government's model which has been established for the Node project and hang on, oh god, go away, responsibilities, okay. So now it's been moved to a sort of an open model which is sort of similar to the way that the Node project itself is going to be governed so there's going to be a working group, a technical committee, all this kind of stuff which is first to help move the Express project forward. It includes Express, the website and all of the packages which Express uses because Express nowadays is really just sort of like a glue, it doesn't really do much, it just gives you that request response next pattern. So that's cool but what does this really mean, just means that Express gets to live. Doug Wilson who's doing really great work, he can continue to work on the project, he supports this move and also a lot of the other contributors, it's a very constructive thread if there's a very long GitHub issue, if you care to read it, go check it out, interesting but Express is now a part of the Node foundation so that's really cool. Last month we also had a remote memory disclosure via the buffer module which is built into Node so the buffer has an unsafe API where if you accidentally pass in a number to the buffer constructor you can get back uninitialized memory which could contain things like passwords or keys or other things which shouldn't be revealed to anyone. So this was a problem and Feros identified this and he's released a package called SafeBuffer so if you're concerned about accidentally leaking memory, uninitialized memory to your clients all you have to do is drop in the SafeBuffer module, it works exactly like the buffer module but it adds a couple of additional methods and the one that you're interested in there is the buffer.alloc method which gives you zeroed memory which will be safe to use, won't expose anything that it's not supposed to. Well there'll be a small trade off because it needs to zero the memory, a small performance overhead but minimal and you have to install it, you have to have it an extra dependency because that's the trade off. So another exciting development which that happened last month was Microsoft submitted a pull request to Node Core to add the JavaScript runtime that lives in the new Microsoft Edge browser to get that to live alongside the VA implementation in Node. So basically you would be running Node instead of on top of VA, you run it on Sharker Core which is pretty cool. There was a very, very lengthy discussion and lots of emotions and the issue was closed which may not be surprising but it was actually closed in a good way. It's been converted in, the resolution is that they've added a new repo under the Node JS account called Node Sharker Core and it's basically a fork of Node that runs on Sharker Core and it's under the Node JS account so it's like an official fork and the reasoning behind doing this as opposed to maintaining the fork, to maintain the other engine inside the Node account, the Node thing was they want to allow experimentation but they don't want to put any additional burden on the current maintainers which are already, they already have enough things to worry about like we'll see in a moment. And so how this will work is every week they'll merge with the Node core and update their version. It also, the Node issues queue is already full of stuff so I guess it's a nice thing as well because anything to do with the Sharker Core stuff can go into the Sharker Core fork issues so that's nice. Good resolution, support that. On to this month's news, the NPM, so Isaac released a blog post recently saying that he was intending on moving the Node command line client into A Foundation, didn't necessarily say that he was going to move it into Node JS Foundation but he wants to move it into A Foundation and I'm not sure what's prompted this but there has been a lot of alternative Node clients popping up and there's been a few issues coming around about people complaining about the fact that all of us were relying on a single company to make NPM happen so people are concerned about this and so moving into A Foundation, that's a really good thing. Good for the community, good for the client, it'll be overall good. We've now got ES 2016, it's been announced, you may have been quite excited when you saw the ES 2015 get released, it has all these many, many features, amazing number of features so you might be surprised at the next slide. Not only that, here I'll zoom in a bit, and they're not even very interesting. So exponentiation operator just allows you to do exponents, it's hat hat and includes, just tells you whether something's included. This is it, that's everything for ES 2016, yeah, 2015 was hopefully like a once off, the community, we still haven't got everything that was implemented in ES 2015, implemented in modern engines. So if they went and did that same thing again I'm pretty sure everybody would have burnt the place down, so this is probably a good thing. But the other point is that it doesn't, well you don't have to, well, things which people might be surprised, there was no decorators and there were no async functions, async functions were very close to getting in but they didn't quite make it. And the reason why is because the proposals to go into the spec have to go through a process, they start out at strawman and then they go through stage zero all the way up to stage four. And you can see if you go to this GitHub repo, cc39.com262, it gives you the status for all the proposals. And you'll see here that the only two ones that actually made it to stage four are these two includes and the exponentiation operator. So but the point is is that you don't have to actually wait for ES 2017, browsers implementers are free to implement the features as soon as they reach stage four. So what will happen is these features will start trickling into browsers and hopefully, so yeah as soon as it's at stage four it's basically ready to go into the spec. So hopefully we won't have to wait a whole year to get some of these other features which are already, the good features which are already at stage three. I recommend going to that website and having a look at some of the features that are being proposed and because there's a lot of interesting stuff in the pipeline. There was a node security release this month, includes two vulnerabilities, request smuggling and response splitting. If nothing, it's interesting just to go read what these things are, they're fairly low, they're not incredibly severe and there's also the updated versions of node that include that security fix also include an updated version of open SSL which comes with more fixes. So if you are running node in production, who's running node in production now? So if you are on 010, 012, 4.3 or V4 or V5, these versions are all affected by these vulnerabilities so make sure that you update to at least these versions. Promises and core. So somebody has submitted a pull request to take all of the core APIs and at the moment the API if you've used node, the API that we use is callback based and you pass a function to the thing that you're calling and you get an error and a response back but with promises you get like a dot then function that you get. So it's taking, well it's taking something that looks like this and making it look like that which might not seem important but some people think that this is basically the end of the world and it's a major drama, it's one of the most drama's drama. It's serious, serious reading and the poor lad that has submitted this pull request is this, this guy here Chris Dickinson, he's actually, he's very brave, let's just say that but he's been working like so hard to get this pull request in so people will raise issues and he writes like two feet of response, lengthy discussion, so this issue which is still open, it's been open for a number of days, has 544 comments on it with 83 participants, that's an issue, so the issue got so out of control, it's got a TLDR at the top of it and it's actually it's been converted into its own repo with open issues, there's 20 of them and pull requests, so it's serious but it might actually happen, you might actually get promises and call one day. So you promise or promise? I don't promise anything. But yeah some of the concerns are there's the existing APIs break so it would be really nice so if something like fs.read file, if it just, because at the moment it doesn't return anything useful, it could just return a promise but there's a bunch of APIs which do return stuff so you can't just apply this thing liberally over the entire API so that sucks, it also breaks a bunch of introspection tools which are in Node, things like, when you've got promises things like syntax errors will now get caught by this thing and then you have this bubbling issue and it also breaks post-mortem debugging, there's all these issues, if you want to watch this Node.js promises repo. It's interesting, it's very interesting. Browser news. Are you in favor or? I don't think it's worth having an opinion on other than, yeah, whatever. The thing is people get really emotional about promises and it's just like it's not worth it, it's not worth it. They're cool and generally the people who don't like them are exactly the people who haven't used them. If you haven't invested, let's say, if you haven't, I sort of feel like you don't have a valid opinion about something until you've used it with an open mind in production, until then you're just being emotional. Sorry. That's a good point. I actually started using promises because I hated them, I was wrong, I hated them and I was using them to dig up more dirt so that I would have a more substantial argument so I could say exactly why they were crap. But I was like, oh, they're actually not that bad. So anyway. In browser news, I had trouble finding good stuff on this, but nearly done. All the major browsers are now implementing fetch and everything except for Edge is shipping service workers and Edge is prototyping it. So that's really cool. So these are interesting new features which are coming down the line. And also our mate Glenn, he also points out that everything by Edge has now got CSS variables, which is also a really powerful feature. So that's cool. Looks like all the web stream stuff is happening. Go check out Jake Archibald's post on that. This changes the way that we interact with servers, basically. Local news. Ghost, which is a popular blogging platform built on Node.js. They're moving their business to Singapore. It doesn't mean they're actually ever going to be here, but it's nice. So that's cool. And there's also an event called Fossa Asia which is happening next month and I would like to invite the person who is running that to come up and talk a little bit more about that in a second. Because, well, otherwise I have to come up and show this one slide which says End. Afterwards. So that's it. That's me. I'm done. Thank you.