Herding Code 137 – Mass Assignment, New New iPad, JavaScript libraries, Windows 8, Visual Studio, and Sad Trombones

Oh, hey. A discussion show. Haven’t done one of those for a while. Bonus: recorded during the day so K Scott’s awake.

Download / Listen:

Herding Code 137: Mass Assignment, New New iPad, JavaScript libraries, Windows 8, Visual Studio, and Sad Trombones[audio://herdingcode.com/wp-content/uploads/HerdingCode-0137-Mass-Assignment-New-New-iPad-JavaScript-libraries-Windows-8-Visual-Studio-and-Sad-Trombones.mp3]

Show Notes:

• K Scott asks everyone’s opinions on the GitHub / Ruby on Rails “mass assignment” debacle.
  • Everyone talks about mass assignment binding issues in MVC frameworks, including Rails and ASP.NET MVC – is this a security issue in the frameworks, or the web developer’s responsibility?
  • Jon says that it’s often tricky to debug negative cases, Kevin says that everything should be secure by default, and Scott K can go either way on it.
• K Scott asks us all who will buy the new new iPad.
  • Scott K says it struck him that they were limited in demonstrating it by the projection resolution.
  • Kevin wants one.
  • Jon thought it was interesting that Retina isn’t a hard DPI spec, it’s driven by the expected distance the device will be from your eyes – can he get a Retina effect by just sitting far from his desktop monitors?
  • There’s a discussion about the lack of a version number.
  • Jon wonders if that high quality of display will show up on other devices, or if Apple bought all the pixels. Oh, and patents.
  • K Scott asks Kevin if Samsung users laugh at him.
  • Jon says that’s no longer a issue now that software updates brought 4G to this iPhone… magic!
• Twitter question: What JavaScript libraries is everyone using?
  • Kevin talks about the Mocha JavaScript test framework.
  • Jon mentions Upshot from the ASP.NET Single Page Application framework.
  • K Scott talks about Sylvester and Zoomooz.
  • Scott K talks about tiny libraries like Zepto, Ender, and the Micro.js list.
  • Jon says he likes cdnjs.com for JavaScript library hosting.
• Scott K talks about the difficulty he had in shutting down Windows 8.
  • Jon says it’s all about search now… and what’s wrong with hitting the start button to power off?
  • Scott K says we’ve been trained for decades not to do that.
  • Jon says this is the biggest shift since Windows 95… there’s a lot of learning and unlearning to do.
• What about Visual Studio 11?
  • There’s some discussion about the color and design aspects. Should there be color? Metro?
  • Jon says at least it’s a lot faster, and he likes the quick search.
  • Scott K said it worked fine once he figured out what it was for… and maybe there should be fewer items in the menu to begin with.
  • Jon throws out a crazy idea – what about the ribbon interface for Visual Studio and kind of convinces Kevin.
  • Scott K says the memory usage is still way too high. Jon asks if that really matters. After some discussion, Scott K says something’s slow in there.
  • Oh, hey, the macro recorder’s gone now. Jon actually used that in Visual Studio recently.
  • Kevin asks if there’s really no way to customize the install anymore. The gang all agree they don’t want to install stuff like C++ and VSTO. Jon says the blog post says that few people actually customize the installation, but Scott K doesn’t believe it.
  • Scott K runs through some fun issues on the Visual Studio UserVoice.
  • Kevin put up a bajillion issues on Connect long ago, most are Closed – Won’t Fix.
• Jon talks about a post about 24 bit / 192 khz audio he read. Nobody seems to care all that much.
• Jon asks everyone what they’ve been up to.
  • K Scott’s travelling around and working on project that’s Ruby / Mongo on the backend and ASP.NET MVC on the front end. This freaks Kevin out.
  • Jon’s been working on ASP.NET MVC / Web API release stuff and hacking on Code52 project late at night.
  • Scott K spoke recently at NodePDX on is doing a bunch of crazy stuff at work around deployment.
  • Kevin remembers what a DSN is when nobody else does.
• Somebody sneaks in a Sad Trombone. Jon is unable to figure out who is playing tricks and motions to adjourn.

 

Show Links:

• GitHub posts: Public Key Security Vulnerability and Mitigation and Responsible Disclosure Policy
• Brad Wilson post: Input Validation vs. Model Validation in ASP.NET MVC
• Mocha – JavaScript test framework
• Sylvester – Vector and Matrix math for JavaScript
• Zoomooz – an easy-to-use jQuery plugin for making any web page element zoom
• Zepto – a minimalist JavaScript framework for modern web browsers*, with a jQuery-compatible syntax
• Ender – The no-library library
• microjs – tiny JavaScript libraries
• cdnjs.com – The missing CDN (for all the other JavaScript libraries)
• Windows 8 blog post – Evolving the Start menu
• Visual Studio 11 Beta Performance blog post series
• Visual Studio UserVoice
• Kevin Dente’s Visual Studio Connect Bug list
• 24/192 Music Downloads …and why they make no sense
• Scott K’s talk at NodePDX – info / video