JS Party ā€“ Episode #98

And... the website is down šŸ˜±

with Jerod, Divya, & Suz

All Episodes

Jerod, Divya, & Suz get together to discuss top-level await, the JS13kGames winner, Liran Talā€™s is-website-vulnerable, Vue 3ā€™s source code, and Facebookā€™s take on AR/VR/XR. Plus 3 awesome pro tips you donā€™t want to miss!

Featuring

Sponsors

Toptal ā€“ Freelance development jobs for world-class engineers. Toptal gives you the ability to work on freelance development jobs and projects with top clients who understand the value of elite engineering talent. Choose your rate, control your schedule, enjoy the 100% remote lifestyle. Learn more at toptaljobs.com

Linode ā€“ Our cloud server of choice. Deploy a fast, efficient, native SSD cloud server for only $5/month. Get 4 months free using the code changelog2019. Start your server - head to linode.com/changelog.

Algolia ā€“ Our search partner. Algoliaā€™s full suite search APIs enable teams to develop unique search and discovery experiences across all platforms and devices. Weā€™re using Algolia to power our site search here at Changelog.com. Get started for free and learn more at algolia.com.

Notes & Links

šŸ“ Edit Notes

Transcript

šŸ“ Edit Transcript

Changelog

Play the audio to listen along while you enjoy the transcript. šŸŽ§

Hey, hey! Itā€™s your JS Party friends! We are here to hang out and talk about JavaScript and the web. Itā€™s your boy Jerod, and I am joined by Suz, whoā€™s laughing at meā€¦ Whatā€™s up?

Itā€™s great to be back! Thank you so much for having me.

If I can start off the show with Suz laughing, itā€™s gonna be a good show. Weā€™ll see if we can get Divya goingā€¦ Divya is also here. Hi, Divya! Say hello to the crowd.

Hello! Howā€™s it going?

Itā€™s going well, itā€™s going very well. And we are here to talk about JavaScript and the web, celebrate such things, and we wanted to start off with a party with a little bit of catch-up. The new and noteworthy things in and around the JavaScript and web ecosystem. We have lots to talk about here. I wanna flip the script and actually start with a fun oneā€¦ I started at first with the most interesting, but now I wanna start with a fun one.

Letā€™s go to the JS13kGames - winners have been announced. If youā€™re unfamiliar with this game, itā€™s an awesome competition where youā€™re supposed to make a game in JavaScriptā€¦ And the website is down. [laughter] Are you seriousā€¦?

I have it up.

ā€œWhoops! It looks like something went wrong.ā€ Itā€™s a game in JavaScript in less than ā€“ what was it, 13 kilobytes of code. Correct, Suz?

Mm-hm. Yeah, I have it up. I was playing it earlier this morning.

Well, you crashed them, because their website is down. Sorry, JS13kGames.com. Is the winner still alive? Because we wanna talk about the winner, who has an awesome game, which I can no longer load, I donā€™t believeā€¦

Iā€™m gonna have to cache this tab for life now.

[laughs] Suz, why donā€™t you take over and tell us about the winner. Itā€™s a super-cool game. I canā€™t load it, so please do.

Yeah, letā€™s talk about it. I actually forget what itā€™s called, just because Iā€™m actually on the game. It looks like itā€™s like XX142-B2.exe.

There we go.

That is what Iā€™m reading from the title. I was really impressed with this immediately, because the first thing that happens with this game is you get thrown into what looks like a text-based narrative kind of description, like an opening scene of a text-based narrativeā€¦ And I remember thinking, ā€œThis has so much text. This has to already eat into the budget of the 13 kilobytes that you have.ā€ Iā€™m looking at it and Iā€™m like ā€œThis is hundreds of bytes alreadyā€, and Iā€™m thinking maybe they do something trickyā€¦ Like, are they allowed to fetch swathes of text via Ajax, and things like that. So I was looking into it, and so I thought ā€œWhatever. I bet you the rest of the game is really small. Iā€™ll look into this later.ā€ And then you click Continue and you just end up in this 3D game, and Iā€™m like ā€œAre you serious right now?! How are they doing this?ā€

[04:13] Itā€™s actually really cool. The idea is that you are this little sort of pointy avatar, and thereā€™s this concept of filesā€¦ I think you understand this a little better, Jerod, but youā€™re basically navigating through this 3D sort of path, and you have to use your previous ghosts of yourself expiring in order to sort of unlock gates to get through.

Yes, exactly. Thanks to pnevares in the chat who got us the direct link to the winning game, which is still loadingā€¦ And the entry test that youā€™re talking about - Iā€™ll just read it, because itā€™s such a cool setup.

ā€œThe year is 2413. Humanity is enslaved by an alien race for more than two centuries already. You are an AI weaponized virus, built to infiltrate the alien network and deactivate all power generators and weapon systems. The alien antivirus will detect and delete you after 13 seconds. But remember, a file is never really deleted. Use the execution backtrace from your previous attempts to break in and destroy the main memory core.ā€

So yeah, like you said, you basically move around and try to make it through certain gates. And the real gaming mechanism is the Backspace button, where you can start the level over and leave your previous trace there, and use it to advance. They say Backspace is kill -9 the executable, soā€¦ Super-nerdy, super-coolā€¦ Built by Ben Clarke and Salvatore Pravidi so congrats to them on an awesome game. Iā€™m amazed by how you can fit so much into 13k.

Yeah, Iā€™m looking through the source code and itā€™s actually really nice to read. Even though itā€™s minified, itā€™s still incredibly readable. Iā€™ve looked at the source code for these kinds of things before, like even JS1K and things like that, and itā€™s always just been completely illegible. But this oneā€™s really cool, so you can see that in order to produce those large swathes of text at the beginning, they just created a string that had all the letters of the alphabet and the first numerical numbers from 0 to 9, all next to each other in one string, and then theyā€™re just using character code at, with the correct offset in the ASCII table in order to pull out the index of which one they need to express as the next textā€¦ Which I thought was really awesome.

And then you can actually see how theyā€™ve set up a lot of the levels, too. They have a bunch of mappings with Xs and Ys, and things like that. So most of the actual source code is setting up all I guess the rooms, all the levels, and just plotting them outā€¦ I think thatā€™s really very cool, given that it feels like a very complex game.

It does. Itā€™s clever in so many facets. Just the idea itself is clever, and then the execution. The interesting thing about the way that I believe it would work is because the idea in the game is that youā€™re replaying the previous run-through, thereā€™s so much recursive code, or just executing back the previous functions that were called, that you can squeeze a lot out of very little code, and make it feel complex, but really itā€™s just rerunning something thatā€™s already run.

Yeah, itā€™s super-cool. And yeah, Iā€™m just surprised at how readable it is. They wrote some really beautiful code. A lot of the verbs and the variable namings really help you understand how it works. They didnā€™t even have to do that, and I admire the fact that they were very thoughtful about how the code was presented as well, soā€¦ It was an absolute joy this morning to take a tour of it.

Iā€™ve done one game jam in JavaScript and had a lot of fun doing it, but Iā€™ve never done any code golf kind of competitions, or even really tried coding golf. I know those kinds of things began in the Perl worldā€¦ Thatā€™s a tongue twister, Perl world. Have either of you done code golfs, or trying to squeeze every single character down to the smallest you could possibly do?

I think Iā€™ve seen the ā€“ someone has done challenges within like 140 characters when Twitter used to be 140 charactersā€¦ So you would write a problem, like a fizz buzz or something, within that character limit, as much as possible, which is really fun to see. Itā€™s still unreadable, but it worked.

[08:13] I think that the only stuff that Iā€™ve really run into is just regular ā€“ trying to write code for embedded devices, you are always resource-constrainedā€¦ I think the biggest golfing expedition I went on recently was ā€œHow many frames of a gif can I fit in memory for this device to receive over the internet? And then what is the best data structure to try and make the most of memory?ā€ I was like ā€œDo I just use a continuous stream of memory on the device (contiguous), or do I use linked lists in order to use that fragmentation better?ā€

For me itā€™s always like ā€œI need to fit more than six frames of this gif on this device. How do I do that?ā€ So my stuff is more like memory golfing more than actual file size golfing, I think.

The only bit that Iā€™ve done - Iā€™ve read the code golfsā€¦ I think it was like a Vim golf, which maybe Iā€™ve tried that, which was fun back in the dayā€¦ Like, ā€œWhat are the fewest number of Vim commands that you can do to accomplish whatever task is out there?ā€ Which is a great way to learn Vim if youā€™re into that kind of a thing. I used to do these code games where I would create code - usually in Ruby or JavaScript - that represented a movie title. The goal is the person has to guess then what movie it represents. Thatā€™s the only time Iā€™ve really written code; not for readability, or just to get this stinking thing to work, but to write it in such a way that the form ā€“ the form of the code is more important than what it actually executes. Itā€™s definitely mind-expanding.

Okay, letā€™s move on to a little bit less fun, but probably more impactful for your general JavaScript audience, those who are not making super-tiny code games or want to play themā€¦ Itā€™s that top-level await has landed in V8, and is in Babel, and a bunch of other things. Myles Borins, a friend of the show - I think heā€™s been on one or two episodes of JS Party back in the day - writing about top-level await on the V8 websiteā€¦ This enables developers to use the await keyword outside of async functions. So weā€™ve had async/await for a while now, but youā€™ve never been previously able to use it outside of an async function. Now you can use it right at the top-level of a module, and all sorts of interesting use cases fly out of that. Is this something that passed your guysā€™ radar? What do you think about async/await top-level await?

I know that Myles for the last few years was actually trying to gather use cases for itā€¦ Because I think he was one of the ones that initially suggested it; people were pushing back on async/await because of that, so he was trying ask ā€“ I remember he asked me about it, and I said, well, async/await is really nice for (again) embedded. Iā€™m like a broken record about this topic, but for hardware-related things it just makes the code so much more readable and maintainable, to a point.

So for me, having to wrap things constantly just kind of made some of my code a little bit more convoluted. It was just wrapping things for the sake of wrapping things, just to get it to work, which feels like a code smell. So I like the idea of itā€¦ Iā€™m actually kind of fascinated about how they would have implemented that in the engine more than anything. I think that itā€™s gonna make my life easier, but other than that ā€“ Iā€™m not sort of pumped and shouting out into the streets about it, but I know that this was a very long game to float this by the implementers of the spec.

[11:45] Yeah. I find it really annoying to always have to remember to reuse async when I await stuff. So for instance, if youā€™re calling an API, youā€™re always awaiting it, but then in order for that await to work, you have to wrap the entire function in an async. So I always get that console error saying ā€œHey, you donā€™t have async. You canā€™t use await without asyncā€, which is like ā€“ half the time Iā€™m like ā€œThe async feels very redundant.ā€ Itā€™s almost like doing a return promise and doing a resolve when you just wanna do Promise.resolve() instead. Itā€™s the same idea, where Iā€™m just wrapping and adding a lot of boilerplate to code that doesnā€™t have to use that particularly.

Specifically, a lot of times ā€“ I write Vue, so I would have to create an entire function thatā€™s async, even though only one part of it uses await and the rest doesnā€™t.

Yeah, totally.

So in a method itā€™s like, that method is async, and it does multiple things, but I need an await. So it makes it much cleaner this way, because there are a lot of times where youā€™re just using ā€“ the assumption is that there is a promise, youā€™re making an API call or whatever, thatā€™s a promise, so you can just await it, you donā€™t have the async.

I really like how you likened it to some of the boilerplate you have to do with promises, where you just wanna do the thing. Iā€™ve definitely felt the same sort of cringey feeling as Iā€™m trying to put things together, and itā€™s just causing bloat.

Yeah, especially because for a long time whenever the async/await was starting to come into the fore, people were talking about how async/await is way better than promisesā€¦ And I was like ā€œSure, itā€™s greatā€, but then ā€“ because a lot of the times corollary was talking about promise hell, and how frustrating that isā€¦ Because with await you can basically just create a const, and then you would await, and then whenever that is ready, then you can use it, and so on. But the thing is the argument around less boilerplate never made sense, because I was like, okay, yeah, async/await is cleaner to read, because you actually get a return value, versus promises, but at the same time you still have that boilerplate, because in order to use await, you need async. So you need to wrap everything constantly.

I think that was the part that not a lot of people talked about. Itā€™s kind of like the handwavy, like ā€œOh, itā€™s fineā€¦ Itā€™s better than what we had beforeā€, but that was the one annoyance I always had - just this constant having to rememberā€¦

Itā€™s almost similar to ā€“ I was talking to someone about thisā€¦ Whenever you create a button, you have to always create cursor pointer as a CSS.

Yes! Oh my god, yes!

Itā€™s like everyone needs that, and you still have to write that boilerplate.

[laughs]

Thank you, CSS working groupā€¦

Is that a fact?

I guess Iā€™ve never noticed thatā€¦

Yeah. I mean, every time you want a button, you always want a pointer on it. Always.

Sure, yeah.

But it doesnā€™t work by default, so you have to add cursor pointer. So the boilerplate is always button cursor pointer. [laughs]

Button cursor pointer.

Itā€™s like one of the first lines you write, because you just want a global for it. [laughs]

Exactly, yeah.

Yeah, throw that in your normalize, or whateverā€¦ So a couple of things ā€“ you mentioned the pushback, Suz, and Myles does talk about some of the arguments about top-level await being a footgun, which I guess thatā€™s a term I hadnā€™t really heard before, but itā€™s something from which to shoot yourself in the foot with.

A couple of things Rich Harris wrote about is that it could be a way to block execution, it could also block fetching resources, and the team has done a pretty good job of addressing these potential pitfallsā€¦ At least accounting for them. Now, I think you still probably can shoot yourself in the foot, but you can do that with most tools, especially sharp onesā€¦ So check out the blog post that Myles wrote for more information on that, and get out there and try top-level await.

Now, maybe youā€™re thinking ā€œI already have this. Itā€™s in my dev tools.ā€ Well, that was the only place it previously existed. It was in dev tools as (I guess) syntactic sugar, or a nice way of using it without that extra anonymous functionā€¦ But now youā€™ll find it in the browsers, outside of the dev toolsā€¦ So there you have it, top-level await.

I think that footgun actually does make senseā€¦ But the issue is that this says you can do a while loop that runs forever, and you can stuff it in an async function, and then that will actually stop it from blocking the whole execution main threadā€¦ Which is really interesting, so Iā€™m just hoping that people remember that they still need to put that in there.

Well, letā€™s talk about a different thing, which is security-related, maybe not necessarily performance-related. Itā€™s a cool new tool by Liran Tal (I apologize if I pronounced your name wrong). He works for Snyk, and heā€™s a sneaky security guy. Weā€™re actually talking with him to bring him on JS Party in a future episode and talk about security in JS and all of the different things that you have to think about to write secure JavaScript code.

He has a new tool called is-website-vulnerable, which uses public Zero-Day, or listening to the CVEs, the known vulnerabilities in JavaScript libraries. Itā€™s a command line tool that you can install, and then run on Npx is-website-vulnerable, pass it a domain, start with your own, and then you can move on to other people. Use it in a white hat way, pleaseā€¦ And you can find known vulnerabilities in the front-end JS libraries.

The example is run it against example.com, and it will spit out basically ā€œThis is running jQuery 2.1.4, which has two known vulnerabilitiesā€, it will link you to more information about those, and you can run it against your websites, and then fix all your known vulnerabilities. What would be cool is if it could fix your unknown vulnerabilities, but thatā€™s a whole other step.

The first thing I thought of when I read about this news was some people are gonna feel kind of threatened, just because not everyone sees public security conversations as a good thingā€¦ Theyā€™re basically gonna feel more vulnerable to attack from people and get afraid, but thatā€™s not the point of this.

And then the second thing I thought of was to do with bug bounties, and I was like ā€œOh, people have another tool for those who try to participate in security bounty programs to report vulnerabilities, and things like that.ā€ It gives them another tool in their toolbelt to try and find stuff when the source code of the website itself is not necessarily open source. Itā€™s kind of interesting, actually. It provides that weird middle ground.

Yeah, because itā€™s publicly available information, but itā€™s not easily-surfaceable. So I think probably script kiddies especially will have tools like these inside of tools like Metasploit, I believeā€¦ So I think if youā€™re already malicious and youā€™re bent that way, you probably have some of this information, or at least ways of getting at this information. This, I believe - its point is to point it at things that you care about and then fix them up. But yeah, any tool can be used both for good or evil, so therein lies the rub.

How does this work with the current npm vulnerabilities thing? If you have things on GitHub or if you use npm, you can do npm audit and it shows you all of the security vulnerabilities in that. Is it similar, orā€¦? I canā€™t quite tell.

[19:55] Yeah, thatā€™s a great question, and somebody actually asked him that. The thing that separates it from the npm audit is this is running on a remote website. So this is not a thing that youā€™re using internally, or in your dev dependencies, or anything that you would have private on your backend, so any Node modules youā€™re using, with Express, or server-side - it doesnā€™t do those. Itā€™s just whatever youā€™re shipping to your clients. Itā€™s basically just downloading whatever JavaScript that your website sends on requests, and then unpacking those, and detecting and running finger-printing tools to figure out what youā€™re running againstā€¦ So it says ā€œOh, you have jQuery 2.1.4ā€, and then it basically takes that knowledge, runs it against the databases, probably does some sort of remote lookup and says ā€œWell, what are the known vulnerabilities here?ā€ and displays them to you.

Iā€™m running it on my website right now.

Oh, stay tuned! Weā€™re gonna find out ā€œIs Suz vulnerable?ā€

I have probably less than 2kb of JavaScript on it. I try to keep my website very deliberately tinyā€¦ And so yeah, Iā€™m actually excited to seeā€¦ Zero total vulnerabilities!

Yaaay!

Yesss! [laughs] And that, folks, is how you fix up all your vulnerabilities - just donā€™t write JavaScript. [laughter]

Just donā€™t write any, thatā€™s right.

I have a tiny amount of JavaScript thatā€™s sort of like ā€“ I think there might be a small resize listener. Iā€™m using CSS Grid in a weird way, to create sort of a Pinterest-style tile layout, but itā€™s not quite perfectā€¦ So I have to run some JavaScript to adjust the heights, and things. Thatā€™s pretty much the only JavaScript I think I have.

Okay. Well, Iā€™m npm-installing it as we speak, and weā€™ll run it against changelog.com and see if weā€™re quite as cool as Suz. Spoiler alert, probably not.

I mean, Iā€™m cheating; I donā€™t think Iā€™m using a single library. Thatā€™s why, really. Itā€™s absolutely cheating.

Oh, yeah. Thatā€™s totally cheating. Because I think theyā€™re mostly checking known libraries, right? Not your ownā€“

Theyā€™re not gonna be checking for malpractices in your own code, Iā€™m guessing.

Yeah, that was the whole joke, sorry. [laughter]

Oh, okay. Good joke. It worked on me. [laughter] Okay, next up - we have Vue 3. So vue-next is the up-and-coming and not released version of the beloved Vue.js. The team has been working on this in a private repo, in the vue-next repo on GitHub, and theyā€™ve just recently open sourced that repo. So itā€™s not ready; I think itā€™s pre-alpha, which - alpha is pre-betaā€¦ So itā€™s pretty pre at this point. [laughter] Donā€™t use this; itā€™s not documented, and itā€™s still very much in developmentā€¦ But itā€™s out there, and you can read it and you can check it out. Thatā€™s exciting, because I didnā€™t even know there was a Vue 3 coming, and now I can look at source code.

Yeah, itā€™s been coming for a while. Itā€™s interesting, a lot of this, with Vue 3, were all in RFCs, so they were talking about what was to come in order to get people who were using Vue, and the community overall. So they had a lot of RFCs. The composition function API one was the huge controversial one, because it introduced huge changes in the way you write current Vue syntaxā€¦ So that was a way for them to get audience and community feedback overall.

And then when they released vue-next, actually, there was a lot of people who were very angry about that, just because when it was released, they were like ā€œOh, itā€™s all open source nowā€, and I think people were like ā€œHa-ha! TypeScript was open source from day one. This is not really open source, because you do things in private and then you show it at the endā€¦ā€, which kind of begs the question of what counts as open source.

I think itā€™s really unfair, because there was a lot of flack for people who were just basically tearing the Vue team apart, saying that they should have done this from the beginning, and why did they make this private, and so on. The RFCs were public, but how they were implementing things was still pretty private for a long time.

[24:03] So it seems from looking at GitHub ā€“ they essentially have checklist of all the things that theyā€™re working on, so they check them as they finish them. I think thereā€™s a couple more items on thereā€¦ Not that many. I think more than half is done. And they released it a week ago, from the time of recordingā€¦ So yeah.

I think itā€™s really great that they open sourced it as theyā€™re working through it. I donā€™t fault them for not open sourcing it from the start, in a way. As I said, itā€™s really unfair to claim something is not open source when it wasnā€™t open source in the beginning. There are lots of projects that werenā€™t open source in the beginning, and then they just were like ā€œOh, here you go. Hereā€™s the code that we worked on, that we used your money for.ā€ Yeah, itā€™s a bizarre argument.

Yeah, Iā€™m not a purist in any way. If you wanna work in private and then open source something, go for it. I think maybe from the inside of the community, if thereā€™s an outer circle and an inner circle in the community - which Iā€™m not claiming thatā€™s the case with Vue - I could understand where if I was on that somewhat outer circle, like Iā€™m a casual contributor and a user, and then thereā€™s this inner core and theyā€™re working on something in private, maybe from that perspective I might be a little offended, like ā€œWhy couldnā€™t I participate until now?ā€ I donā€™t know/believe thatā€™s the case necessarily with Vue.js, and I think from the outside perspective, the thing is pretty alpha. Itā€™s not like they just dropped version 3 on everybody and said ā€œHere, have fun.ā€ Itā€™s still very much community-oriented.

Yeah. And even then, if you look at the trajectory of how things have been going, a lot of Vueā€™s development has been through RFC. They didnā€™t do it in the beginning of Vue, so Vue 1 and Vue 2 didnā€™t do RFCs, but I think they started doing RFCs very recently.

In a way, a lot of the process around how exactly they came about with Vue 3 has been very public. Evan has been taking about Vue 3 forever, for a really long time, and just introducing the community to what is to come - TypeScript support, the function API, and all of that kind of stuff.

So they might not be showing the code that theyā€™ve been working on, but talking about it means that they are pretty public with what exactly is happening and what the thought process is in terms of whatā€™s to come. In a way, it still counts, because they were pretty open. They werenā€™t fully open, sure, but they were talking about it and trying to get feedback from everyone. I think just looking at the way the RFC process works, compared to other frameworks, they actually respond to every single person in the community; the core team members actually answered ā€“ like, if someone had a question on there in RFC, they would answer them. And theyā€™d even take conversations into separate channels, depending on the depth of someoneā€™s question, and if it was valid, and so on. So yeah, I think thatā€™s really cool.

So as I said, a couple times pre-alpha stage, but Divya, do you know, is there any sort of ETA, or anything?

They keep saying end of year, but I have no idea.

Well, thatā€™s pretty soon.

Yeah, end of year is pretty soon. Itā€™s already October. Maybe itā€™ll be like a Christmas present, like an end-of-year thing.

There you go.

I have no idea. And I donā€™t even think theyā€™ve put a specific date on it. Perhaps the core team internally have a date, that they havenā€™t publicly announced, just because itā€™s hard to be accountable when thereā€™s so many variables. So end-of-year is what theyā€™ve slated Vue 3 for, but thereā€™s a chance yeah..

Right. As the old joke goes, ā€œThey said end of year, but they didnā€™t say which year.ā€

[laughs]

So lots of room for slippage there.

Thatā€™s true, yeah.

And as those of us whoā€™ve done many estimates over the years, I will just say take the developersā€™ estimated time and then triple it, and then youā€™re gonna be about there. Youā€™ll be right on task, soā€¦ Wait and see.

Letā€™s talk about Facebook VR/AR lifelike avatars. Divya, this was your bullet point in the list of news, so tell us whatā€™s interesting about this.

[28:09] Yeah, so this came up recentlyā€¦ Iā€™m not super into VR or AR, I just constantly read stuff about it, because it seems really cool and totally outside of the zone of knowledge that I haveā€¦ But one of the problems Iā€™ve heard from the VR and AR community has generally been how terrible avatars are, and how thereā€™s not a lot of life-like features to them. Itā€™s very cartoony and silly-looking. So Facebook has been working on lifelike avatars, just because a lot of the times when you work in VR, the idea of VR and AR - I think they call it XR, like cross-reality, because itā€™s both augmented and virtual realityā€¦

There werenā€™t enough acronyms, so they had to add one more.

Yeah, XR. So the idea of it is if you want to extend ā€“ I think itā€™s extended reality; yeah, extended reality. So the idea of that is if you want people to have this augmented version of the current world, you need to implement a way of making it very much more real-lifelike. So theyā€™ve been working on trying to create avatars that are more akin to what you see IRL. Theyā€™ve been working on this - I donā€™t even know how long, but essentially with the Oculus now itā€™s able to capture gestures and facial features. It can even mimic how your face movesā€¦ Because in the past they would be pretty straight-faced; it would basically be your face, but they wouldnā€™t be able to capture tiny gestures that your face makesā€¦ But I think with the way theyā€™ve been working with Codec Avatars and real-life avatars, itā€™s able to capture facial movements, which tend to be really minuteā€¦ Which I think is really remarkable.

Iā€™m just waiting for the day that we have what they had on the Starship Enterprise, with the holodeck. Once weā€™re there, Iā€™m ready for it. Until then, the uncanny valley appears to go on for days. Very cool - links to the research inside of that in the show notes. Facebook is building the future of connection with lifelike avatars. Very interesting.

Yeah. Itā€™s funny to see the ā€“ they did the keynote at F8ā€¦ Thatā€™s the conference they do, right? Yeah. And it was interesting to watchā€¦ Because it seems so ridiculous. They had this interview with one person talking to another person, and asking them to do facial gesturesā€¦ And then the other person is like ā€œI can do a shocked faceā€, and she does a shocked face. [laughs] ā€œI can also roll my tongueā€, and I was just like ā€œWhat am I watchingā€¦?ā€

So hereā€™s a conspiracy theory - maybe Zucerkberg is their beta test for their lifelike avatar. Because he seems to be almost human.

Isnā€™t he like straight-faced? He has no facial gestures.

Thatā€™s what Iā€™m saying. Remember the video when he was being interviewed by Congress, or something? He was at a trial, and he was drinking the water, and everything was very robotic. He was, like, telling himself ā€œDrink water now, because thatā€™s what humans do.ā€ So maybe heā€™s just an avatar in progress.

The grand plan. But nonetheless, itā€™s actually really interesting. As much flack as we give for all these companies, like Facebook and Uber, they do a lot of interesting work. Uber is doing a lot of driverless vehicle type things, which is super-interesting and cool. And Facebook is doing this cool XR work, which is interesting as well. If you just take aside the ethics part of thingsā€¦

[laughs] If you just throw away the ethics, everything is cool.

Divya, are you seriousā€¦?! [laughter]

No, I mean like, ethics is important, Iā€™m just sayingā€¦

Right, right, right. Itā€™s not all bad, is your point.

ā€¦the technology is really interesting. But obviously, there are some ā€“ I have a lot of qualms around these particularā€¦ Because Iā€™m like, ā€œItā€™s cool to have lifelike avatars, but would I want to ā€“ā€ Iā€™m still like ā€œDo I want augmented reality to be a part of my reality?ā€ I donā€™t knowā€¦

If augmented reality is part of your reality, does that make it become just reality again? I donā€™t knowā€¦ These are the deep questions that we have.

Yeah, itā€™s like the metaverse, and Iā€™m just like ā€œI donā€™t know if Iā€™m ready for the metaverseā€¦ā€ [laughs]

Alright, we are backā€¦ And weā€™re here for Pro Tip time. This is where we share our pro tips, whether weā€™re an actual pro, or maybe not. But we have some lifehacks, weā€™ve got lessons learned from doing dumb thingsā€¦ Whatever it happens to be, we like to share them with you. Suz, please, share with us your pro tip.

Yeah, I wanna talk about Hamerspoonā€¦ Which is technically Lua, but Iā€™m gonna try to sort of say itā€™s similar syntactically to JavaScript.

[laughs] This is not Lua Party, Suz. But Iā€™ll allow it.

Iā€™m sorryā€¦! But itā€™s really good. So it is relevant to JavaScript, too.

This is only for OS10, so Iā€™m sorry to those out there who run Linux or Windows. This is specifically for OS10 or macOS. Hamerspoon is a tool for scripting automation, so you can do certain tasks. The reason why I bring this up is because you can write AppleScript or you can write JavaScript, which ends up just getting compiled back down to AppleScript. But those APIs that the native operating system gives you, even the JavaScript ones, are just not fantastic.

I agree.

And so Hamerspoon is aiming to be an alternative to that. It is for the Lua scripting language, but if you do write JavaScript, youā€™ll find it joyfully familiar. Itā€™s just not quite the same.

Hamerspoon was introduced to me by a colleague when we were running a bunch of demo stations at a conference recently. He wrote all of these scripts to set up four different demos, and we could just hit a shortcut and it would set everything up. It reminded me very closely of my Twitch stream setup, which Iā€™ve written in AppleScript. This is so much better that I actually wanna move all my stuff to it.

So I do actually have ā€“ my AppleScript for my Twitch stream is open source, and what it does is it pops up a bunch of Chrome windows that have things like lists of followers updating, so that I can read them out; it opens a specific Chrome window in a specific streaming profile for meā€¦ It also starts a bunch of programs and minimizes them, and then it starts playing music that I have in the background of my stream, and things like that.

You can check that out, I will include the link in the show notesā€¦ But it just has these weird ā€“ AppleScript has these weird issues with it. Iā€™ve actually had people open issues on my open sourced AppleScript, because theyā€™ll say ā€œWhat is that funny, weird, A ASCII character on the end of every single line that you have? Is that a bug when you were committing it, or is it something weird with your computer?ā€ And I said ā€œWell, no, AppleScript doesnā€™t allow you to just do line breaks wherever you please. It will actually break.ā€

[36:14] So the way to do it is to use ASCII code 182, and that is the A with circumflex accent. Thatā€™s how you actually get your code to go to a new line. But that character is visible in your AppleScript, so itā€™s extremely silly.

Iā€™m looking at it right now, it does look silly.

It does look very silly, and itā€™s only in certain locations, where Iā€™m trying to define an array, or something like that, and you canā€™t just have line breaks in an array. So you end up with these giant objects, long lines, which is really hard to read and maintain. Hamerspoon takes a whole bunch of that stuff away. Thereā€™s already pre-written spoons (thatā€™s what theyā€™re called), which are like plugins that do very specific things. It can even do things like when your computer transitions between different Wi-Fi SSIDs, you can actually have something happen. Incredibly useful things to augment your everyday life on your computer with.

I want to get more into this stuff. Not necessarily automation to be lazy, but just having little things happen that increase the quality of life on my computer every day, that Iā€™ve sort of smoothed over because I thought ā€œIā€™m not able to do that on the operating system.ā€

Yeah, I wonder if I can use this ā€“ I have one desire which I have never quite filledā€¦ I want a copy as markdown system service. You basically take some HTML ā€“ because we do a lot of stuff where weā€™ll copy it and then weā€™re basically covering it as a piece of newsā€¦ So we wanna put the markdown in there as like a blockquote with markdown. I want a copy as markdown, and thereā€™s a Chrome extension - again, I donā€™t use Chrome - or thereā€™s Safari things that donā€™t really workā€¦ But I would love it to be a system service. That led me to writing some AppleScript. Then I was like ā€œWell, I can use JavaScript now, right?ā€ So I went and looked at the JavaScript APIs that Apple exposes, and itā€™s like there be dragon.. whatā€™s going on thereā€¦ [laughter] And I was like ā€œI donā€™t really need this that badā€, so I just stopped. And I wonder if I can achieve that with Hamerspoon maybe.

I know that thereā€™s some markdowny things that you can do in it. The API is just so incredibly extensive, and it made our life so much easier with demo stations and automation, but it is really good for other little conveniences like that.

I didnā€™t hear - did you say youā€™re going to rewrite this Twitch setup, or you did rewrite this Twitch setup?

I was aiming to, but because itā€™s not cross-platform, Iā€™m just wondering what I should do about thatā€¦ But mostly because I also wanna be able to run some very similar tasks on Windows as well. So it hasnā€™t solved all of my problems, because I would have to use something like maybe autohotkey or something like that on Windows. So if anyoneā€™s got some good Windows automation suggestionsā€¦ Otherwise Iā€™m gonna have to use PowerShell, which is totally fine; itā€™s just that I donā€™tā€™ feel as comfortable ā€“ it doesnā€™t feel as intuitive to me to use something like PowerShell.

Very cool. Alright, Divya, you are up. Pro Tip time.

Cool. Mine is not a super-technical pro tip, but I feel like I should stress this - itā€™s really important to find balance in your life. Itā€™s more like a pro tip for me, myselfā€¦ Because I find that oftentimes you get really wrapped up in work and you assume that work is always a priority. And sure, it is, but I think itā€™s also important to note that your own health and well-being is also really important.

I feel like itā€™s such a clichĆ© to say self-care, but I like to think of it more as just like taking the time to basically refocus yourself. Iā€™ve been using Headspace a lot, just because itā€™s a really great tool to take however much time you needā€¦ They have various time increments, so you can do one minute if you donā€™t have a lot of time and youā€™re impatientā€¦

[40:08] Is this a website, is this an app?

Itā€™s an app for meditation.

Itā€™s also a great tool if you need a wind down before going to bed. They have various sleepcasts, they have bedtime storiesā€¦ I know it sounds so childish, but itā€™s kind of like a fun, little story ā€“ I mean, people listen to stories like This American Life, and all of this stuffā€¦

Kind of similar, but itā€™s just to take your mind off of the things that you were doing during the day, and to just wind downā€¦ Which I think is really important, because taking rest and just resetting is useful to being effective in your work, and so on.

I agree with this, and I also use Headspace. If you work in the U.S. and you have health benefit offerings, sometimes you are actually able to expense the subscription to Headspace as well, which is something to look into. In my last two jobs, including my current job, Iā€™m able to actually expense things like Headspace, which is really cool.

Yeah, itā€™s pretty cool.

I find that sometimes I accidentally get really pumped for something just before bed, which sucksā€¦ [laughter] Last night I was looking something up, and then I realized all of a sudden I could achieve something way easier in a technical sense for a project, and then I was like ā€œOh, I just wanna do that nowā€¦!ā€, and then I obviously had to go to bed. So I usually use Headspace - one of the bedtime ones - to just let go of that, so that Iā€™m not spinning all night, saying ā€œAnd then Iā€™m gonna do this, and then Iā€™m gonna write it in this way, and then Iā€™m gonna glue this piece together.ā€ Otherwise, I just donā€™t sleep. And then of course, I get up the next day and Iā€™m so ineffective and tired that I donā€™t end up being able to do the thing.

Iā€™m with you. Divya, you found out a couple weeks back on our learning lessons episode that I listen to podcasts before bed, or as I trail off to sleepā€¦ And one thing I try to do with those ā€“ I donā€™t do that to learn as much, although you do end up learning on accidentā€¦ But I try to listen to ones that I donā€™t really care about all that much, or that Iā€™m not invested in, or trying to dig everything outā€¦ Like the stories, or people playing games, people hanging out, or comedy podcasts where I donā€™t really care that much what theyā€™re saying. That helps me just turn my brain off, listening to somebody elseā€™s brain for a minute, until I can actually fall asleep. But Iā€™ve never heard of this ā€“ sleepcasts? Did you say sleepcasts?

Yeah, itā€™s part of the Headspace app. Headspace has various tracks, and I think sleepcasts is a part of that; thereā€™s a track for it. Itā€™s technically this idea of like ā€“ itā€™s meant for nighttime use. And then they also have various sounds. If you need the sound of rain, or a rainforest or something, they also have sounbites that you can use, if that helps, as well.

Speaking ofā€¦ My favorite podcast to fall asleep to lately has been Bilbcast. It is Bilbo the cat, purring for an hour.

Thatā€™s adorable! Thatā€™s so cute.

Itā€™s just a cat purring?

Oh, my godā€¦

And heā€™s sitting in his ownerā€™s lap, and sometimes sheā€™ll change the way sheā€™s giving him attention, and then heā€™ll just start purring in a different way, because he gets super into it. Maybe sheā€™s scratching him behind the ears, or somethingā€¦ And itā€™s very cute. You should follow him on Twitter too, heā€™s a great cat.

Love it.

That is amazing.

How about you, Jerod?

[43:50] Yeah, so for my pro tip - this is something I wanted to talk about during our communication episode that we did a few weeks back, we just never quite got around to itā€¦ And I thought Iā€™d throw it in here, as a bit of a follow-up for communication skills. We talked about issues, we talked about PRs, we talked about how to convince people of things, and talk to users and whatnotā€¦ One thing we didnā€™t address was just email in general, and how to write effective emails, and how to get back what youā€™re looking for.

There is a fellow named Lazarus Lazaridis. Sorry, Laz, I messed up your last name there. A little alliteration and some rhyming, butā€¦ He wrote a post called ā€œComposing better emailsā€ specifically for developers, like how to quickly address what youā€™re communicating, how to avoid misunderstandings, how to save time with your emailā€¦ Because we can all waste tons of time in email, both as a recipient and then as a sender. You send an email and youā€™re like ā€œWell, that email sucked, because the person didnā€™t understand me, or they didnā€™t answer the questionā€¦ā€ So he has a bunch of really cool tips.

The pro tip for me, which Iā€™ve just started to do in the last couple of years and Iā€™ve found to be the one small thing that I think has affected my emails for the better the most probably in my life, is if you have multiple things that youā€™re asking for - lots of times you have a few things that youā€™re saying, as the email tends to be a little bit longer form than a text, or a Slack, or what have you.

Letā€™s say you have three things that youā€™re asking of the recipient of the email. Itā€™s incredibly effective - I would love to have stats on this - if you number the things. And itā€™s a small thing. But if I have three things to ask, I will just put ā€œNumber one, hereā€™s my question. Number two, hereā€™s my question. Number three, hereā€™s my question.ā€

What happens oftentimes - maybe yā€™all have experienced this - is if you donā€™t number them, or make them explicit, and you do ask a few things, maybe you even finish it with a sentence thatā€™s a question, or three questions at the end, is people will either answer the first one and thatā€™s it, or theyā€™ll answer the last thing you said and thatā€™s itā€¦ Or sometimes theyā€™re really bad and they donā€™t answer anything that youā€™re asking of them; you canā€™t fix that. [laughter]

Iā€™ve found so many more people will answer all N questions that I have, or address all N things that I say, if I just number them out explicitly. Itā€™s a visual cueā€¦ And receiving, as well, I appreciate it. Iā€™m like ā€œOkay, hereā€™s your four answers - one, two, three, four - for the four questions.ā€ So thatā€™s a little bit of a pro tip. Also, Iā€™ll link up his post, ā€œComposing better emailsā€ in the show notes. Itā€™s worth a read. Heā€™s got a lot of good ideas as well.

I could do with this. Iā€™m definitely that person who is guilty of ā€“ Iā€™ll read an email from start to finish and then I might reply to it half an hour later, because I got distracted by somethingā€¦ And then I just wonā€™t see all of their requests in there, and then Iā€™ll be pegging on extra emails, saying ā€œOh, and by the way, to answer your other questionā€¦ā€

Follow-ups, yeah.

Thatā€™s very annoying.

Often, whenever I have to ask someone a question, I want to give context to that question, and then the question gets buried in that paragraph.

[laughs]

Right?!

Yeah, Iā€™ve been doing that a lot lately, too.

Yeah. Because itā€™s kind of rude to just start with the questionā€¦ But at the same time, Iā€™m like ā€œIf you started with it, they would be able to.. yeah.ā€

Iā€™ve started bolding stuff, which I feel is the more crass version of numbering things. I need to stop bolding things and actually just lay out my emails properlyā€¦

Itā€™s funny, because I know lawyers do that a lot. Theyā€™ll be like ā€œBlah-blah-blahā€¦ And please remember to do this thing.ā€

I know exactly what youā€™re talking about. I used to get ones from a certain attorney, highlighted in bright yellowā€¦ [laughs] In all caps. And I felt like they were yelling at me for being an incompetent client.

I think we all tend to use bolding. Rebecca in the chat says they also use bolding for most relevant bits. Youā€™ve gotta use bolds like you use salt on your meal - sparingly; too much, and you just ruin it. If everythingā€™s bold, nothing is bold. Am I wrong? [laughter]

[47:56] You really improve the taste, but sure. Yes.

Well, youā€™ve never tasted one of my emails. They are tasty morsels. [laughter]

Short and salty.

Short and salty. So there you have it, our pro tips. Iā€™m curious from you two, any other tips on emails specifically, besides the numbering bit that youā€™ve found to be helpful for folks? Iā€™m putting you on the spot.

I think the other thing that gets often forgotten is the importance of the subject as well, and crafting the proper subjectā€¦ Which is really hard. Because sometimes if I have a question that I want answered, I put the question in the subject, which is like ā€“ I donā€™t know if thatā€™s effectiveā€¦ Because sometimes I donā€™t want it to be too direct. Like if I ask the question and I donā€™t expect them to say yes, Iā€™ll be like ā€œIf they see the question, theyā€™ll say no and they wonā€™t even bother reading the emailā€¦ So I try to create a hook of a subject, that gives enough information, but not enough, so that they have to read the email.

Uuhā€¦

Uuuhā€¦

So crafty.

This is akin to clickbait, right? I mean, it really is.

Yeah, it really is. [laughter]

Itā€™s kind of the same concept. Itā€™s like with the title of a blog post - ā€œHow do I make it intriguing, but also not giving away the contentā€¦?ā€ Itā€™s tough.

Yeah, exactly. Being mysterious, but not ā€“ I donā€™t know.

Iā€™m not that creativeā€¦ Although one thing that a lot of people do at my new place of employment is instead of ā€“ because we use G Suite. So instead of highlighting a word and then linking it to something, and then you have these paragraphs where thereā€™s all of these distractions, where youā€™re like ā€œOh, thereā€™s a link there, and thereā€™s a link there; maybe I should read this and come back to the email.ā€ Like, you write the entire email and then you just do the markdown-style footnoting, where youā€™ll just have like zero in square braces, straight after something that youā€™re mentioning (like a document), and then you just number them all.

Then right at the bottom of the email, after signing off, you just list them one underneath each other, with those footnote numbers. And Iā€™ve found that so helpfulā€¦ Especially because new, Iā€™m just like ā€œI have to read all the documents, and I have to find out all these things!ā€ But instead, Iā€™ll read the email all the way through and Iā€™ll be like ā€œYeah, Iā€™m gonna look at them once Iā€™ve actually got the gist of whatā€™s going on.ā€ I donā€™t know, it just kind of shortcuts my brain away from wanting to click on all the links as Iā€™m going along.

Okay. Thatā€™s interesting.

That is interesting. Gerhard Lazu, whoā€™s a Changelog friend, whoā€™s done a lot of our infrastructure work, and has written some blog posts and whatnot - he wrote this big, long blog post about the new infrastructure a while backā€¦ And he put all of the relevant links at the very bottom, in the exact same style that youā€™re saying. And I went back and I was like ā€œDude, youā€™ve gotta in-line those, because nobody wants to wait till the endā€¦ā€ [laughter] And he goes ā€œAm I the only one who doesnā€™t like to be distracted in the middle of a sentence by a link, and then Iā€™m gonna click on it, Iā€™m gonna go somewhere else and never come back?ā€ Iā€™m like, ā€œYes, youā€™re literally the only one. You have to put those in-line.ā€ And now I can say ā€œNo, thereā€™s two people, because Suz loves it, especially in the context of emails.ā€

[laughs] Yeah. Iā€™m the person that has ā€“ I have a browser extension to stop and hide gifs, because I canā€™t read articles while there are gifs playing. I just stay off ā€“ BuzzFeed.com is not my website. I just donā€™t go on it, because thatā€™s just literally what it is. I just cannot deal with itā€¦ And thatā€™s the main reason why I use an AdBlocker too, because so many ads are videos, and all sorts of things; I literally canā€™t concentrate on the text.

Well, Suz, Divya, thanks so much for hanging out with me today. Everybody listening live and in the chats, thanks for hanging out with us while we party. For those listening on the produced version - hey, come hang out 1 PM Eastern on Thursdays. We throw a JS Party each and every week. We love to have you participating.

Did you know we take requests as well? If you have a show topic, a guest, or even specific hosts that youā€™re like ā€œI would like to see this person talk to that person about this thingā€, head to Changelog.com/request, and you can pick JS Party from the dropdown and let us know what you would like to hear on this show. We want to be by and for the community, because that makes everything more awesome and more fun. So let us know what you would like to hear, that way we donā€™t have to guess what youā€™d like to hear. Itā€™d be awesome.

Thatā€™s our show for this week. You donā€™t have to stay here, but you canā€™t go home. Thatā€™s not how you say itā€¦ [laughter] You donā€™t have to go home, but you canā€™t stay here. There we go.

Changelog

Our transcripts are open source on GitHub. Improvements are welcome. šŸ’š

Player art
  0:00 / 0:00