Paolo Insogna
Node.js TSC, Staff Developer Experience Engineer at NearForm, Polyglot Developer. RPG and LARP addicted and nerd on lot more. Surrounded by lovely chubby cats.
Campobasso, Italy
Actions
Node.js TSC, Staff Developer Experience Engineer at NearForm, Polyglot Developer. RPG and LARP addicted and nerd on lot more. Surrounded by lovely chubby cats.
Awards
Area of Expertise
Topics
The tale of avoiding a time-based DDOS attack in Node.js
Web applications are commonly vulnerable to several Distributed Denial of Service attacks, sometimes in unexpected ways. An example is the SlowLoris attack, an exploit that leads to service interruption by simply sending the data to the server as slowest as possible.
In this talk I will tell the tale of how it took almost 13 years for Node to be completely protected by SlowLoris attack. I will also show that sometimes prioritizing performance can lead to incorrect fixes that can result in a false sense of protection.
Your First Node.js Contribution
Have you ever wanted to contribute to a foundational open source project like Node.js? Maybe you don’t know where to start. Maybe you always assumed that was work reserved for “someone else.” Join experienced contributors who will guide you through your first (or second or third or fourth) commit to the Node.js core. They will be available to help troubleshoot any development environment issues and also to provide guided tours through specific areas of the Node.js core source code. Contributors of all skill levels and experiences are welcome (not every contribution has to be a code change). Come and make your first Node.js core contribution!
The bees are important: use SDKs wisely
It is a well-known fact that if bees go extinct, many things in the world (if not the world itself) would disappear.
The same goes for third-party APIs (which, with a horrible pun, translates to bees in Italian). Most of the time vendors provide a SDK for your language to interact with their API. While this speeds up productivity, it slows down performance and makes you dependent on SDK bugs or supply chain vulnerabilities, that are not always addressed at the speed you would expect. Moreover, you never deal with the API directly and this removes the pressure to vendors for a developer-first designed APIs.
In this talk, I will show how most of the time you don’t need an SDK since you can easily code everything you need by yourself using a simple HTTP call.
Fighting the imposter: from nowhere in Molise to Node.js contributor
We all hear that voice behind our shoulders that says “You’re not worth it. Somebody else should be here.”
The Imposter Syndrome is well known in the IT industry and at the same time is not well known in Italy and especially in its southern part. While it has not a name there, the symptoms and the effects are still there, even outside the industry.
I will tell you my story. I will show how from Molise, the smallest region in Italy to the Silicon Valley and back I was able to fight that voice and show the world what I’m capable of, to the point to become an international speaker and a Node.js core member and active participant in the Node.js Working Groups backed by OpenJS Foundation.
I haven’t defeated the voice yet, but now I know how to deal with it and I want you to deal with it as well.
Maths or magic? End-to-end encryption explained with art
Every time we send a message on the most popular messaging platforms, we want to make sure that our communication is private and inaccessible to malicious users. We also want to ensure that in case of a data breach, the messages will be encrypted so that no one could potentially easily decrypt them. But how do we do that?
How does end-to-end encryption work, and is it really that secure?
In this interactive talk, we will see how to make our communications secure by implementing one of the most popular e2e encryption algorithms... with some help from the public!
Do not break GraphQL, extend it!
GraphQL is powerful technology to retrieve and send complex structures from remote locations with a simple and effective syntax. One of its perks is avoid under-fetching and over-fetching as the client specifically requests the fields it’s interested in.
But what happens if we need to enrich or customize the data set and we can’t modify the upstream GraphQL server? Shall we break the spec?
In this talk I will show you how to use the resources the GraphQL specification already gives us to solve this issue without having to break the rules.
Love your maintainers
No developer is an island and no developer is perfect. This means that you cannot create anything without using components written by someone else and these components will have defects or missing features. At some point in our life we all asked for support to someone else.
But being a maintainer is not an easy task at all. Think about receiving tons of reports with partial or missing information, or being yelled by strangers for not being responsive or fast enough.
For the health of our industry we must love our maintainers more: in this talk I’ll show how to politely ask for help and how to make sure you provide all the necessary informations.
How to create a QR codes rendering service using Platformatic
Despite being 30 years old, QR codes have only recently started becoming widely used in mainstream applications, thanks to the availability of mobile phones and ease of implementation.
Have you ever wondered how these codes work? How hard would it be to implement a rendering service?
Bear with me on this amazing journey where I will show you how Platformatic makes it very easy to create a QR code rendering service in just a few minutes.
Programming with a martial art principles
In our daily studying effort, we all read article, blogs, books, watch video or attend conferences to learn something new about this bizarre industry we live in.
But we are not only developers and we have a life far from our keyboards. If we bring our other passions and philosophies in our coding experience we reach a broad new set of possibilities.
For instance, I’m a martial art practitioner (Which one? No spoilers!) and I recently started noticing that when I bring that art principles in my coding activities I get unblocked much faster. In this talk I will show how.
How to breed a good OSS community
You started creating a new amazing framework, or library, or proof-of-concept. Then you are amazed by your work and want to enable other to use it. A new Open Source Software (OSS) is just born and you are now responsible for it.
Not too late, new people start using, and contributing to it. The community grows and with it, its maintenance burden and complexity. If only you knew which good choices to make from the very first day…
Fear no more, this talk will give you a pletora of good indications and advices on how to breed a healthy OSS community from the very first day.
Milo, a new HTTP parser for Node.js
Node.js HTTP parsing currently relies on llhttp, a parser which provides very good performance but has currently some challenges for the health of the runtime.
Is it possible to create a modern, maintenable, well documented, secure and performant alternative? Yes it is!
Let me introduce you Milo, a new Rust based HTTP parser which I plan to integrate into Node.js and let me show you how you can help be a part of its first Rust component.
From Smart Home to Smart Cats: extending my home automation to my pets
When going online and searching for new gadgets for our home, we often find Alexa, HomeKit or Google Assistant compatibility badges. Are these compatibility layers hard to code? What if I want to code mine?
The truth is that every gadget that is connected to the internet is probably speaking to an HTTP or MQTT API. And this means you know how to use it.
In this talk, I will show you how I easily made my cat’s life way technological.
NodeConf EU 2022 Sessionize Event
Paolo Insogna
Node.js TSC, Staff Developer Experience Engineer at NearForm, Polyglot Developer. RPG and LARP addicted and nerd on lot more. Surrounded by lovely chubby cats.
Campobasso, Italy
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top