Within the Whale: A tale of enterprise Node advocacy from the inside out.

Transcript

1. None

2. A tale of enterprise Node advocacy from the inside out.

   Within the Whale How we're promoting Node.js within Green Dot, a large company with a lot at stake. ☸
3. None

4. Social networking startup ~30 employees iOS, Android & Web Microsoft

   & FOSS stack Macs <3 Prepaid debit cards ~500 employees Retail & finance Highly regulated Microsoft only
5. None

6. node.js @ Internal tools & a new web product Developer

   productivity Less context-switching Faster vs. Rails New things are fun
7. None
8. None
9. None

10. Startups Engineers Customers

11. Enterprise Engineers :( Customers Management Marketing InfoSec Compliance

12. node.js @ Internal tools & a new web product Developer

    productivity Less context-switching Faster vs. ASP MVC New things are fun

13. node.js @ Internal tools & a new web product A

    whole new way of doing things.

14. node.js @ Internal tools & a new web product Shorter

    release cycles Lightweight architecture Fat-client JS applications Frequent AJAX requests Use of Free libraries Attract Valley engineers

15. Day 1 Already using Node for internal tools platform Useful

    prototype of new mobile web app

16. Initial Champions Engineers within Green Dot who had tried or

    heard of Node already Web engineers within Loopt

17. Evangelism Introductory Node.js workshop Anyone welcome, including non-engineers Big response!

18. Top-level Support Advocates at senior VP level Would be impossible

    without support from above

19. Business Case Why should people who don’t write code care

    which runtime we use? What advantages are there over our trusty, tested Microsoft stack?

20. Business Case Seriously, this is important.

21. Compromise

22. Compromise Architecture Platform OS Tools Workflow

23. Linux → Windows GitHub → ??? Self-hosting → iisnode `npm

    install anything` → InfoSec approval No damn way! GitHub + Perforce

24. Given the level of compromise, does Node still make sense?

    Ask yourselves this question:

25. Security Our customers trust us with their money. How do

    we live up to that?

26. Documentation Justification Processes Analysis Procedure

27. InfoSec, etc. Adversaries? No, they’re advocates for customer safety. You

    need to trust in one another.

28. Documentation Your greatest weapon. Document, justify and provide examples.

29. e.g. Show how you can address OWASP Top 10 in

    a Node.js app. https://www.owasp.org/index.php/Top_10_2010-Main

30. • Provides guidelines for future developers. • Outlines security concerns.

    • Compares with existing technologies. • Describes how things will behave in production. • Is honest about strengths and weaknesses. Node.js Developer Guidelines & Enterprise Readiness Document Node.js Coding Standards • Fairly standard concept. • Based on existing coding standards docs. • Helps legitimise something new.

31. Trust We understand what we’re doing. We are aware of

    the drawbacks and vulnerabilities. We’re doing everything we can to mitigate them.

32. Stages I. Educate the people. II. Find your champions. III.

    Get leadership on board. IV. Write documentation. V. Persuade security team. VI. Build something fantastic.

33. VI. Build something fantastic. http://www.gobank.com @gobank @dansitu I’m Daniel Imrie-Situnayake

    [email protected]