Does the Facebook Hack Language implements Better Asynchronous Programming than JavaScript? - Lately in JavaScript podcast episode 41

Recommend this page to a friend!
  Blog JS Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog Does the Facebook Hac...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  


Viewers: 6

Last month viewers: 2

Categories: Lately in JavaScript podcast, JavaScript APIs, JavaScript opinions

Facebook just released the Hack Language. It implements a way to do asynchronous programming without going through the callback hell, thus making asynchronous programming more pleasant and productive.

That was one of the topics discussed by Manuel Lemos and Arturs Sosings in the episode 41 of the Lately in JavaScript podcast.

They also talked about doing page scroll based animations, emulating a file system on the browser side, developing HTML5 browser based games with Unity, using Node.js from the browser, transmitting data via audio and microphones using HTML5 Audio API, and validating email addresses with email typo fix suggestions with Node.js.

Now Listen to the podcast, or watch the hangout video, or read the transcript to learn more about these interesting JavaScript discussions.

Loaded Article


Introduction (00:20)

Animations controlled by the scroll bar with ScrollMagic (0:55)

File System Access on the Browser Side with the Filesystem Object (05:42)

Bringing Unity Authored Games to the Browser (11:59)

Bringing Node.js to the Browser with Browserify (15:15)

Check Third Party Libraries with JSCritic (18:35)

Transmitting data to a Smartphone using HTML5 Audio API with MicIO (25:45)

JavaScript Interpreter in JavaScript with TinyJS (30:43)

Facebook Hack Language Does Asynchronous Programming the Way it Should Have Been in JavaScript (32:20)

Did You Mean Advanced Email Validation in Node.js and PHP (36:03)

JavaScript Innovation Award Winners of January 2014 (1:01:20)

Conclusion (1:07:14)


Listen or download the podcast, RSS feed

Watch the podcast video

Read the podcast transcript

Click on the Play button to listen now.

Download Size: 54MB Listeners: 1723

Introduction music: Riviera by Ernani Joppert, São Paulo, Brazil

View Podcast in iTunes

RSS 2.0 feed compliant with iTunes:

Watch the podcast video

Note that the timestamps below in the transcript may not match the same positions in the video because they were based on the audio timestamps and the audio was compacted to truncate silence periods.

Show notes

  • Animations controlled by the scroll bar with ScrollMagic
  • Check Third Party Libraries with JSCritic
  • Transmitting data to a Smartphone using HTML5 Audio API with MicIO
  • JavaScript Interpreter in JavaScript with TinyJS

Read the podcast transcript

Introduction (00:20)


Manuel Lemos: Hello. Welcome to the Lately in JavaScript podcast hangout. This is Episode 41. And as always, I have here with me, Arturs Sosins.

Hello, Arturs. How are you doing?

Arturs Sosins: Hello. I'm fine. Thank you.

Manuel Lemos: That's good to know. This month, guess what, we have JavaScript topics to talk about, lots of them. So, let's get started with this.

Animations controlled by the scroll bar with ScrollMagic (0:55)

Manuel Lemos: First, I would like to comment on something that seems to be the latest fashion on the Web, which is those automatic scrolling of pages that show different things as you scroll over them and they also implement animations, lots of effects.

And in this case, it is implemented with a library named ScrollMagic. It is interesting that it implements some animations, but I don't know. For now, this is still more or less a new thing, the scrolling. And as you scroll, it can show different things on the background, animation and stuff.

I just wondered how long until people will get bored of this magic scrolling things. Arturs, what do you think? I suspect that probably in a few months or so, nobody will be doing this scroll-hijacking sites like I heard somebody calling it.

Arturs Sosins: I remember when I think Nike was first to implement the parallax scrolling. I was doing the Web dev business in that time and every client that came next to me always wanted something like a parallax scrolling to them.

But eventually, that will in most cases only  slow down the website or make it more unusable. And now, with the era of the mobile devices, it's basically something that you should not implement in regular websites or pages or something like that.

Manuel Lemos: Right. I think once in awhile, we have something that is on fashion. It's a bit cool in the beginning because "Oh, this is new. Wow, this is a new effect." After awhile, people start getting bored of things like this, because it's no longer new, all the sites are using it. Or at least many sites are using it. I don't know.

By the way, this time we have a guest, Christopher. Hello, Christopher. How are you doing?

Christopher: I'm fine. Thank you.

Manuel Lemos: Yeah. What do you think about this scroll-hijacking web sites? Do you like them?

Christopher: Actually, I haven't heard about them. I just jumped in to the call now.

Manuel Lemos: I see, you have not seen too many.

Christopher: No.

Manuel Lemos: Right. But I think you'll find plenty here.

Christopher: You're referring to inference scrolling.

Manuel Lemos: Yeah. It's basically while you're scroll over the page, it touch on different things like scrolling backgrounds with parallax effects and things.

I have seen quite a few and I already have seen people also complaining about the abuse of these effects, because you can see scroll things on the background. And if you want to see more things, you have to scroll a lot. And there are a lot of users saying I don't know how this would work in mobile phones.

Arturs Sosins: Basically, the main rule would be not to play with the standard user input, the way they get used to use controls and scrolling. And this kind of library could be maybe great for presentation or something like that. But for real websites, I really doubt it.

Manuel Lemos: Yeah, this is yet another cool new effect that will no longer be new and people will get bored with it and everybody starts insulting whoever implements this thing on site. Well, that's my prediction. I'm not sure if that's what is going to happen, but it's just a guess.

File System Access on the Browser Side with the Filesystem Object (05:42)

Manuel Lemos: OK, but moving on now, let's talk about the next topic, which is... Let me share the screen in here. Probably, I need to increase the font and share the screen.  So you can see it too.

It's the FileSystemObject.js. Basically, this is a library that allows you to emulate a file system that you can create, write files, read files on your browser.

So, if you need, for some reason, to store files that would be probably faster to read from your browser because they are already on the browser side, you do not need to access the remote server, this seems to be interesting.

Probably very useful for offline applications. I don't know what was the main purpose of this. But it seems to allow people to create... I would say a temporary storage, probably large files that gets stored on the browser side. And inside, it contains the data from all sides that you create with it.

I wonder if this would allow also to load JavaScript dynamically. Probably would be useful because it would be much faster.

Arturs Sosins: But that could be done probably only through eval evaluating

Manuel Lemos: Oh, eval. I understood evil.


Manuel Lemos: Well, some people say that eval is evil.

Arturs Sosins: But it is.

Manuel Lemos: But what would be the alternative to using eval for loading code dynamically that you probably only get into a string of variables or something? I don't know if there is an alternative.

This would be, anyway, it could be a special case. And I think we mentioned in the previous episodes that there are solutions to load JavaScript from local storage. So basically this wouldn't be different.

Personally, I do not have exactly an application for this but I think those applications that would be able to run offline, like when the user loses the Internet connection, it would probably be very useful.

I don't know, Arturs, have you ever developed any application that would run offline or at least would not be stopping if you lose an Internet connection?

Arturs Sosins: Well, not really, but that actually could be quite interesting. You would need to put, I don't know, one check to check with the server and see if anything was changed and if your application is pure HTML or JavaScript, so you can basically cache it all locally.

Manuel Lemos: Yeah.

Arturs Sosins: And I think it should probably accept also binary files so you could save images and stuff like that. So, the whole website, if it's pure HTML, you can save it and run locally, edit. That's kind of OK.

Manuel Lemos: Yeah. Then, you can play Angry Birds totally offline.

Arturs Sosins: I actually had a class... WebNotes, if you remember... at JSClasses. And so, something like that could actually benefit from it and save all the notes locally and run offline. That could be useful, yeah.

Manuel Lemos: I guess, nowadays, Google Docs is able to run totally offline.

Arturs Sosins: Really?

Manuel Lemos: In the past, when we use to change parts of the document, we would try to save it immediately and if you were not really online, it would probably get stuck and you could not do any work.

It seems that nowadays, they have made it somehow that it save any changes later when the Net connection returns. So, libraries like this probably can help when you have your applications all in terms of files, like pulling data using an AJAX request would be like pulling data from a file.

That file is in local storage, it could be read or written while the connection is not available. Then later on , the connection will attempt to flash the changes to the server. Well, that's one idea.

Arturs Sosins: Well, I  think the most interesting thing about this library is that while underneath, you probably have one single blob, it virtually divides it in files and maps and so you can access that in some structured way. So that, I think, was worth to mention.

Manuel Lemos: Right, the important thing is that probably that it makes it simple for developers to think in terms in files because using local storage, we could always do that like storing data files.

Bringing Unity Authored Games to the Browser (11:59)

Manuel Lemos: OK, now moving on, with the next topic, on which we comment something that was announced recently, collaboration between Mozilla and Unity to bring Unity Game Engine to work on WebGL.

Well, as long as your browser is WebGL-enabled, you could eventually develop games using this game engine, using the Unity tools and you wouldn't need a plugin to implement something more native.

This is interesting. Arturs, you develop your own games, right?

Arturs Sosins: Yeah.

Manuel Lemos: So, what do you think being a professional of this skill in development?

Arturs Sosins: Well, running games in WebGL is not something so innovative because as we, in this previous podcast before it quit, is a browser that was basically running on WebGL and I think that I think that every EmScripten-translated program basically translates OpenGL to WebGL. And that is how it connects in the browser.

But in Unity case, yeah, there was always a Unity Web Player which was some kind of environment like Flash or Adobe or something like that, which has also required an external plugin.

Now, as they decided to cooperate to enable Unity to export to pure HTML5 and WebGL so it could run in the browser as you said without any plugins. So that's basically what this post is about.

They are not first to do that, but since Unity is the most popular basic engine to use for game development, that will enable lots of people to play critical games in the browser without any plugins.

Manuel Lemos: Right. I think the idea is also to take advantage of the game developments tools that Unity provides. It's not just the engine, it's also the editors for creating game scenes and game objects and game logic.

And well, I think the Web browser will become an additional target besides the targets that the Unity tools support like native games for Windows or for Android or iOS.

And now, I suppose this means that they are working on making the Web HTML5 and WebGL-enabled browsers to be another target for games. This seems to be great because it makes the lives of the developers simpler in terms of the effort that they need to do to adapt their games to different platforms.

Bringing Node.js to the Browser with Browserify (15:15)

Manuel Lemos: OK, moving on to another topics. This one is somewhat unusual. Let me increase the font here and share screen. Perhaps nobody see what I'm talking about.

This is Browserify. I have to confess, I have not tried it or practice so I'm not really sure if this is what I think it is. It's basically, it allows to run sort of Unix-like tools on the browser. For instance, you can run a Node.js on the browser because you'll be having access to a sort of a shell and you can execute commands that would work, usually Unix shells like Node.js.

Arturs Sosins: Yeah.

Manuel Lemos: I'm not sure if this is the right interpretation. Arturs, did you try this?

Arturs Sosins: As I understood, basically, Node.js is a server site, like language meant to be ran on the server side. And what Browserify does, it allows you to run it locally in your browser. So, basically, it transfers from your computer or your remote server to test it and run it and plug in into browser to emulate the server environment.

Manuel Lemos: Right. Well, I just don't know, if this was yet another Emscripten port...


Arturs Sosins: No, no. I really doubt it.

Manuel Lemos: So, how did they emulate the whole system of Unix that usually Node.js relies on?

Arturs Sosins: Have you heard of Browser Link or Test Link? That's basically a startup that provides running virtual machines in the browser.

Manuel Lemos: Alright.

Arturs Sosins: How they do it is basically they create a socket connection to a virtual machine and render it in the browser.

Manuel Lemos: So, it's not really running on the browser. It's just a connection to something remote.

Arturs Sosins: In their case, yes. In this case, I really don't know. I have not seen the code but it could be something like that.

Manuel Lemos: What about you, Christopher? Do you have any idea? Have you heard about Browserify before?

Christopher: No. But it looks interesting.

Manuel Lemos: Yeah. You can do some different things, because you usually think about Node.js and every other application about Node.js to something that relies on a server and if you can run independently on the browser, that opens space for lots of new types of applications. I have not even thought about the possibilities. But so this is interesting.

Check Third Party Libraries with JSCritic (18:35)

Manuel Lemos: Well, anyway, moving on to the next topic here. This time we're going to talk about a tool, JSCritic. Where am I? I shared the wrong screen, it's not Skype. Where is it? Oh, it minimized, that's why I'm not seeing it. OK. Here goes. JSCritic. I don't know if I can increase the font. OK, I think I can.

So, basically, it seems to be a wrapper around JSHint. JSHint is a tool for parsing and validating JavaScript code so you can test it.

And JSHint is also a tool that can run online although, I don't know, I'm not sure. I usually use it online so I'm not sure if this is one of those tools that you can also download then use it locally. But in this case, they are calling the JSHint from this JSCritic site. And it provides a summary of your code.

So, on this left side, I have here some code that I already pasted before this hangout, so I could try to see what happens. On the right side, it provides a summary of things, issues that it could have.

It talks about here things that it cause to be doing. And also, summary of compliance like global variables and unused variables. And this is really interesting because I have passed this code already in JSHint and for some reason, I did not see this global variable declaration here. That is probably a bug because I do not recall making any variables global in my library.

Arturs Sosins: Where it is defined?

Manuel Lemos: Yeah, I need to check. Now, I to bug-fix my own code. And it also talks about unused variables, but this is a bug in JSHint I think because I looked at it.

These are variables in... Actually, it's complaining about files that are not variables. These are parameters test to functions and in this case, this family parameter, I remember that is a parameter passed to bind callback to a networking function and probably named DNS call.  And the family would be, if it is IPv4 or IPv5 to  6 and generally the function does not use this parameter, it's complaining about it as unused variable.

So I think it is a bug in JSHint, not necessarily a bug in your code. I need to take a look at it later. Anyway, the idea is just to mention that there is this tool and it's probably useful to make a summary of the complaints of these tools.

Do you guys use any of these tools, JSHint, JSLint, to validate your code?

Christopher: Yes. JSHint is available in Adobe Brackets, which I'm using now.

Manuel Lemos: Oh, really?

Christopher: So, I would like to give you real-time feedback.

Manuel Lemos: Yeah.

Christopher: Also, if it would be useful if you'll find some jQuery plugin or something and you want to kind of know if it's been recently maintained in GitHub or if it's a dead project. You're going to see old code in it.

Manuel Lemos: Yeah, to see, you can always use this to check if the quality of the code without spending too much time looking at the code. You'll just get a summary of the complaints and see how good is the program even without looking at the code, just seeing the complaints.

Arturs Sosins: You can implement it JSClasses.

Manuel Lemos: Well, I can implement many things in JSClasses. One thing that would be even more useful than this is just to code coloring that is available on PHP Classes because PHP has a built-in function to do it, but not for JavaScript.

So I could either use one of these single libraries or probably develop one on my own to color the code. So, that would be something that I wanted to do before, even do things like this that integrate with JSLint or JSHint.

Anyway, talking about this, there's one thing that I have been planning, meaning that it will become sooner like this to expose an API so third parties can develop application that could somehow provide additional features on the site.

Somewhat like you have in Facebook that loads of applications that provide additional functionality to the whole site. Maybe an integration with JSHint, JSLint could be provided by a third party.

But that is something that I'm still thinking about it. I do not have any work in progress. It's just something that I have been planning. I don't know when I will implement it, but I certainly want to do it because we all know all sites that have provided the APIs enabled third party developers to provide applications that somehow increase the value of the sites to the users.

Well, but that was just a side comment related with the JSCritic tool here.

Transmitting data to a Smartphone using HTML5 Audio API with MicIO (25:45)

Manuel Lemos: So now, let's move on to the next topic, which is also related with another thing that is somewhat unusual. At least, I have not seen anything like this before.

There is this library, MicIO.js, which is basically, in the case of JavaScript implementation that they are mentioning here, a solution to use the audio API to create some audio, some noise that actually could be used to transmit data on the top of some sound that would transmit over the computer or whatever is your device, headphones, or whatever is outputting audio.

And on the other hand, microphones capture that audio and would extract the data from the audio. This means that audio could be used to transmit data between two different devices.

Well, this is not exactly new. This is how the phones, the modems based on phone lines, used to work at least in the dial-up days. And the advantage here is that you don't need a phone line, you  just need two devices being close enough, one to listen to the audio that the other produces and also be able to produce audio to transmit to the other device.

I don't know if you guys have taken a look at this. It seems to be every advanced. What do you think about this idea?

Arturs Sosins: Well, I have a radio-controlled helicopter. It think  it's called HELO TC and it can be also controlled from a mobile phone and how they achieve it is exactly like that. They put a cable in the audio port and connect it to remote control that way.

So, basically, what I do on the phone is translated through audio signal to the remote control and remote control sends a signal to the helicopter. So, with this library, I think it would be also possible to control this helicopter from a Web browser.

Manuel Lemos: Right. That would be a cool idea. And what is the speed of the date transmission that you can get from audio modulation?

Arturs Sosins: Well, I don't know. It's kind of hard to assess that because, well, like the helicopter, when you're controlling it, the controls are always delayed. There is an inertia or something like that, so I can't really understand how fast it gets.

But well, it's controllable, it's playable. So it's not that bad and probably there is a reason why they chose it over Bluetooth or Wi-Fi. Maybe because almost all phones have an audio port or something like that.

Manuel Lemos: Maybe because you don't have an Internet connection there.

Arturs Sosins: Yeah.

Manuel Lemos: But it seems interesting. But if you say there is noticeable delay, it's probably because the speed is not big deal.

But just for transmitting small amount of data just to send the control to the device and it probably is smart enough to establish some secure channel or else somebody would interfere with your helicopter. Somebody who has another mobile phone could use the same software to steal your helicopter, knowing you control it.

Arturs Sosins: Well, it's probably somehow attach to the remote control. They probably identify each other somehow, I don't know.

Manuel Lemos: It probably establishes SSL connection with...


Arturs Sosins: I think we'll get to that later, right?

Manuel Lemos: Well, you'll never know. We already sort of socket communication over audio. It's always possible to go further and implement real security, right?

JavaScript Interpreter in JavaScript with TinyJS (30:43)

Manuel Lemos: Now, we are going to talk about... I think we have talked about JavaScript interpreter before, I'm not sure. I think yes, if I'm not mistaken.

In this case, it's tiny.JS. It's at least partially implemented interpreter of JavaScript written in JavaScript. You can give it some JavaScript code and it interprets it. I did not try it and there is no demo here that could be used to show something in practice.

Arturs Sosins: I think there is a demo folder as I see.

Manuel Lemos: Yes, there is an demo folder but then, you look at some code and say what, "Oh".

Arturs Sosins: Yeah, true.


Arturs Sosins: There could be more description.

Manuel Lemos: Yeah, could be somehow some demo of what you can do with the JavaScript interpreter and JavaScript. I don't know, maybe you can run some code inside of a sandbox or something.

I don't know, this could be useful. Probably, we can recommend a JavaScript debugger in JavaScript. But I think we already have that in the browser, right?

Arturs Sosins: Yeah.

Manuel Lemos: I'm not sure. But this is just to mention about this library. Anybody interested in interpreters can take a look.

Facebook Hack Language Does Asynchronous Programming the Way it Should Have Been in JavaScript (32:20)

Manuel Lemos: And talking about this, we're going to move on to the next topic on which I'm going to comment about something that apparently has nothing to do with the JavaScript. This is more of a PHP thing. 

Facebook has been developing a new language called Hack. It is basically an evolution of PHP. It provides many new constructs in forms of programming. And the reason why I'm mentioning it here is because it provides some form of asynchronous programming.

What makes this worth mentioning it here is because they did it in a way that at least in my opinion, I think it is more sane, I would say, than the traditional call back based programming or based on promises, which is always callback page for me but OK.

And the way they do it, they implemented this async keyword that you can assign to functions to tell that it can be run asynchronously. And also, there is this await word keyword here. This means that the code that is in front will run and the execution will only proceed to the rest of the code after when this function here returns. Even if it is doing something asynchronous like waiting for some IOs and network connections or anything that could be asynchronous.

And, at which for me, this is more useable for programmers that need to develop applications that executes asynchronous operations, particularly to send Ajax request to some server and you need to process the response.

You no longer need to put it in a call back and this makes the lives of the developers much easier because sometimes, this asynchronous programming is done inside of loops and conditional code. And you don't need to go through Hacks at the nested callbacks and call callbacks recursively to deal with all the complexity of asynchronous programming.

I don't' know if you guys have seen this. What do you think? Do you think it will be simpler to do asynchronous programming? Or maybe you have not heard so much about asynchronous programming.

Christopher: When construct like the jQuery...

Manuel Lemos: Yeah.

Christopher: When inside, when you do a GET or something in Ajax and then you say Done.

Manuel Lemos: Yeah. But what about if you are in a loop? Can you break out of the loop depending on the result of the asynchronous code? I don't know, I think JavaScript is sort of limited in that sense.

And this ties to the next topic that we'll talk about. But Arturs, you are going to say something.

Arturs Sosins: Oh no, no. Nothing.

Did You Mean Advanced Email Validation in Node.js and PHP (36:03)

Manuel Lemos: Yeah, because the next topic actually, this time more related with JavaScript is about an article actually that I wrote about a library for validating email addresses. So, what this library does is it passes on an email address with... And there is some code with some code here. And there are some parameters that you can configure and then you pass a callback.

And this is a simple way of finding or validating emails with this library. Because inside the library itself, it does many operations that are asynchronous like sending requests to the DNS to resolve domains to see what is the IP address of certain domain and it resolves, if it exist.

It will also get the host name about certain IP address because that is used to match certain email server addresses to see if they are present in a blacklist that is used by this library, to see if the email address should be acceptable or not.

And just to give a brief overview about the types of invalid domains that it can detect, it can detect typing mistakes. For instance, somebody types Yahoo! with just a single code. And this is a very frequent mistake because people are in a rush and forget to type a letter or type a letter in the wrong order like typing Hotmali instead of Hotmail.

So this package can take a look at some configuration files with common mistakes and it can suggest fixes.

So this works like the 'Did you mean' feature of search engines when you're typing something incorrectly, it assumes that you probably meant something else and suggest a fix. And that's why the title of that is Did You Mean Advanced Mail Validation using Node.js in this case.

Another type of invalid address is when you use fake domains like somebody registering on the site and don't want to provide a valid email address and for some reason does not trust the site or something and puts domains like, which does not exist, or it's probably an inactive domain. And it also looks in the configuration files for this domains.

Another thing are those different domains like that allow you to create email addresses but they won't be valid for awhile while the users use the service.

Probably, if you have a site that you want your users to register, probably would not be a good idea to accept email addresses based on those domains, because the users may not be reachable later if they stop using those temporary domains.

Then there disposable mailboxes, which is also the case of users that don't want to register to a site because they have not just decided for some reason. So they go to some sites like Mailinator or something like that and create fake addresses, addresses that you really will not looking at later for the message that you may send to them. So it's also not a good idea for a site to accept registrations with this email addresses.

Arturs Sosins: But how can you actually know if it's a disposable or if it's a normal address?

Manuel Lemos: That's because there is a configuration file that has already listed some known disposable email addresses. It's not that the package is smart enough to guess that some email address is disposable.

There are some configuration in CSV format that you can add it and as you realize there are certain addresses that are disposable mailboxes. You can't put the domains of those addresses in those configuration files and that will allow the package here to detect the email as invalid.

And the same goes for spam trap. This is a less common thing, but they exist. They have the names that are fake, but if you send messages to those emails with those spam trap domains, they will trigger some trap and will add you and that the mail server that sent the message to a blacklist. That's why it is a trap.

This is used to spread some fake email addresses put on pages so those spammers that are harvesting email addresses by crawling pages will get caught later. But if you have a regular site, you are not a spammer, you are not doing anything wrong.

It was not a good idea to accept registration from users that provides spam traps because they're probably being malicious. They are trying to get your site being blacklisted.

And so, it is a good idea to also reject to non-spam traps. It is impossible again to know all the spam traps that exist in the world, but if you find some common spam trap domains you can edit to the blacklist and it allows this package to detect earlier any invalid addresses that are being just hit by spam traps.

Rejecting the servers are those servers that probably are regular email servers of certain domains where for some reason you have a problem in your server, it has been added to some blacklist, probably by some mistake or something wrong that you did, send email out that was considered to be spam and just start rejecting emails.

So this package attempts to send a message to the SMTP server and if the message bounce and is rejected, it will tell that the email address supplied is to be considered invalid because even if it looks valid, your server will not be able to send the message to it because it will be rejected.

And finally, one case that is not really permanently invalid addresses but temporary cases like for instance, when the user has a mailbox that is full, if you send a message to it, it will be rejected for awhile by the server but it issues a temporary status code.

This means that your server may try it later. This may work with the mailboxes that are full. Maybe the user goes there and cleans up some messages and makes some space and your message can be received.

But it can also be used with grey lists. Grey lists are servers that know that spammers, when they try to send messages, they only try one. But the regular mail servers keep message in the queue and try it later.

So when you send a message to a server that uses a grey list, the message temporarily rejected but it would be accepted later. So it may be the case when this package is testing email address, it may stumble into a server that is a grey list and you cannot consider it invalid.

So there is a third status code that this package will return which is not being valid or invalid. It's undetermined. In your application, you should consider undetermined email address as valid because it can be just a temporary situation.

Well, anyway, these are just the types of possible invalid email addresses that this package can detect. Basically, this package is a port of another package written in PHP many years ago.

And the biggest difference and that's why it was related with the previous topic is that using Node.js, many of these operations to connect to SMTP servers are DNS servers, they are asynchronous. And the way you deal with asynchronous operations in Node.js, it makes it very complicated.

OK, it was possible to implement all the logic that was implemented on the PHP code, the PHP class version. But what is really done here is that's all done in JS callbacks logic.

Well, in my experience it was OK. Christopher, I'll mute you for a moment so your feedback, your audio doesn't get back to the podcast.

Well, anyway, this package is useful for this purpose of validating email address. It does not fully resolve all possible cases of invalid email addresses, because some servers, you can send a message to them and then they do not tell you immediately if the email addresses is invalid; they can bounce it later.

So you have to have a different solution around this case, which is you can make the bounced message go to some addresses, then process the bounces somehow to determine the address that bounced and determine that it was invalid.

But in this case, it is not done with this package, you have to use some other solution. And as I mentioned before this the package. There's another package written in PHP.

So if you need the PHP solution, you can set up a Node.js based solution. You can move at this class mentioned here and there is a similar article to this also in the PHPClasses site where this PHP class version is hosted.

And finally, if you need to register users, there's a faster way to do it, including getting the user email address, which is to use the OAuth protocol to integrate with some social networks like Facebook and access with the user permission to the Google account of the user.

And with a few clicks, your site can get all the data about the user that you need. Again, with the user permission like user name and email address and other details that you may need. And this way, you do not have to go through the whole email validation process.

Well, anyway, this is a  sort of not-so-brief explanation on this article that talks about this package. I don't know if you guys have done any email validation in the past. I don't know what they think about the solution. Is it too complex or solveof a pain? What is your opinion?

Arturs Sosins: I basically have two comments, two. First is actually, wow, you could really try to sell it as a service. It sounds really impressive. And yes, handling those emails is actually such pain and such a service could be something that ease up the task.

And the second comment was about the async programming that we were talking before and with the Hack.

Basically, I see where you're going for, that actually if you want to provide an interface that the function that return some kind of result and in the meantime you want to leverage, there are async calls internally the library, that the way the tech provide it are actually quite great way to handle it.

So it's something like a wait function.

Manual Lemos: Right. Well, I think so.

I have to say it... I was talking about Hack... I have not tried it in practice because it's not yet a mature project that it can be rebuilt on different platforms. And at least, I use the openSUSE Linux for building it and I sort of gave up because requesting too many packages that either I did not have or when I tried to install them, it did not recognize the right versions, so it was sort of a pain.

So, I don't know yet how Hack is being perceived. If it will be as easy as it seems, I think so. And I think it was something that I've been asking for many times. I think there should be a simple way to do an asynchronous programming.

You can still have all the callback logic but if you need to wait for some asynchronous operation to finish, you do not have to go through loops. I mean, lots of callbacks and tricks.

For instance, in the case of this package I have... For instance, when you go...  Probably more interesting than talking is to show some code. Here in JSCritic, I... actually the code that I pasted here is the actual Node.js email validation.

And what happens here, if you want to simulate the delivery of the message of certain email address that is served by a certain domain, it can already get complex because some domains can have multiple SMTP servers.

So, you have to do some callbacks to first resolve the MX record for that domain, and that's OK. That's just a single callback. And then, it return several SMTP servers. And then, you need to validate the email servers one by one. You have to attempt to send a message to each of them because if you try the first and it fails, you need to skip to the next.

And this was really, really complicated because I have to... probably I'm not showing it correctly here because the code is somehow long. There's a lot of indenting here. Let me open up editor here and show it the editor.

Let me paste it here. Now switching the screen sharing and this just gets so complicated because... let me increase the font here. OK, I think you can read it here.

When you go to the validateEmailServer function... OK, validateEmailServer function, you can see that this already gets very complex because it does some DNS lookups, and then you have to put a callback function here and process the rest of the code.

And then, since you have to go through a loop, a list of servers, when you want to skip through the next server, you have to call the function itself, advancing one position in the list of server.

And this is the solution that I found. I found very ugly but I don't know if this is a better solution to iterate over an array of entries that need to process things asynchronously. And also to return results, you also have to do it synchronously and you have to call callbacks to call the callback function that the user, the programmers pass through it.

Arturs Sosins: Or interpreters for callback, actually also.

Manual Lemos: I don't know. If you have a list of many entries in an array, I'll probably blow up the stack because you cannot call too many functions recursively. There should be some limits. I don't know how JavaScript handles it nowadays. But for a small number of entries in array, I suppose it shouldn't be a big deal.

Well anyway, obvious to say that the way it is in Node.js is very complicated and the Node.js developers refuse to provide less painful solutions.

I don't know if it was the lack of knowledge about possible solutions like that Hack language provides or just because they are against principles of making seems look synchronous. Well, I don't know. Probably don't want to go too much into that discussion.

Christopher, what do you think? I don't know if you can...

Arturs Sosins: You need to unmute  him.

Christopher: Yeah. Well, I was curious about benchmarking. I mean if you throw like 5,000 email addresses, what would the through rate between the Node solution versus this application.

Manual Lemos: Yeah. Well, I don't know if it will make any difference because most of the things that take a long time are networking communications. So, it does not depend so much on the language. Because most of the time, it will be working for the DNS or the SMTP server to respond. So I think in terms of performance, probably it will not make a big difference.

Christopher: And can you cache the results once you verified the domain is valid?

Manual Lemos: Yeah, I can only do some caching because... I  was not thinking validating many addresses because the idea was not to make the lives easier to spammers that want to do some cleansing to the thousands of addresses.

But unfortunately, it's like a knife. It could be used for good purposes but there will always be people trying to use it for bad purposes.

Now that you mention that, I also want to comment that despite the class or package can detect disposable email addresses, the CSV file that could have non-disposable email domains is on purpose, it is empty. Because I do not want to help spammers to clean their stuff but it's not hard to figure the most important disposable email message. It just go on Google and... and then add them manually to your configuration.

Christopher: But you have to maintain it.

Manual Lemos: Yeah, right. But well, there are always new disposable email domains like every month or every week because once one starts being detected, the people that tend to use those disposable email addresses will skip to the next.

And they keep adding new domains and any adding new domain to the same disposable email address system will still be caught by this class because it can add to the blacklist the IP address to which the SMTP server will revolve.

So even if you change disposable email address domain, it will still result to the same SMTP server and this package can get it.

But the idea was not so much to upset people that use disposable email addresses. It was to avoid that disposable email addresses be cluttering the databases of your sites. Because after a while if you have many users with disposable email addresses in your service, if you are sending those letters to them, you are wasting bandwidth and CPU resources, sending newsletter to people that will not receiving those messages.

But that's just one aspect that I explained in the article. The idea is not to upset the people that use disposable email addresses but they have to understand that there are reasons why sites to not accept them.

JavaScript Innovation Award Winners of January 2014 (1:01:20)

Manuel Lemos: Basically, I have already talked about this topic. We could move on to another topic. Actually, we reached this regular section on which we comment on the Innovation Award nominees. In this case, we talked about the nominees of January. Unfortunately, there are not many, basically only two.

Arturs. which one would you like to comment?

Arturs Sosins: OK, let  me comment on the de-obfuscator. It's a package created by Dixan Santiesteban. I hope I pronounced it right. This package can take an obfuscated JavaScript code or even PHP code and make it more readable.

As you see, there is example basically where you have everything in one line or spaces removed and stuff like that. And you can then make it more readable like with the new lines within the text indentation.

Of course, it can't give a more meaningful variable names, like it could have and make coding points actually, but still it makes it easier to skim through the text and see what is there. You can distinct different functions and scopes. And I even put it in JSCritic and see that this does not do anything malicious or bad.

Manual Lemos: Now, I would like you to...

Arturs Sosins: Sure, why not? Yeah, so basically does what it does. It does it great and it's actually quite small, as I checked it.

Manual Lemos: Yeah, it could be an eventual improvement or at least idea for a new innovative package, not only to de-obfuscate the code but also change the names of the variables, because most option obfuscate is also to change the names of the variables to something that is less meaningful and probably not the types of... But OK, the suggestion is there from whoever can come up with that solution like that.

So, moving on, on my part, I would like to comment on the other package which is Node nmap.

And basically this is a wrapper around the nmap tool. This one was written by Jason Gerfen from the United States and he developed a package that is basically can call the nmap program and it can scan a network to find the computers that are in the network.

I don't know if it does any port scanning because I think it's the main purpose of nmap. And it's interesting because with this package that you can, for instance, know what are computers that are in your network and probably with something interesting with that.

I don't know if you guys have tried this. There are those applications for mobile phones like the Airdroid and  probably something else on the iPhone that provided the similar thing, which is you can communicate with your mobile phone to view your local Wi-Fi network as long as you know the IP address of the mobile phone.

And I think, probably with this tool, you probably can tell which are the computers that are in your network. Although, a Node.js, it will something for a server side. It somehow could be used for that purpose. So kudos to Jason for this class.

Unfortunately, this month, we do not have many package to talk about. But next month, we have already many packages. Probably January was a slow month, there were not many Innovative package to talk about.

Arturs Sosins:  After New Year, of course, it's the slow month.

Manual Lemos:  Yeah. People still digesting all the food that they got on Christmas and New Year, and that's why. Only after that, they start working.

Here in Brazil, it's somewhat different because the year only starts after the Carnival. That's the common job that Brazilians make about themselves, that the country sort of shuts down after Christmas. Everybody goes on vacation and then they only get start working after the Carnival. So after Carnival, everybody say "Happy New Year." It's like getting back to work, enough vacations.

Conclusion (1:07:14)

Manuel Lemos: So, basically, we have ended this podcast. We covered many interesting topics and it was great. And I'd like to thank you, Arturs, for coming once again. And also, Christopher.

I can see that this time the invitations via Google Hangouts and Google+, somehow it worked, because in previous months, there is always some problems that prevents things to work because the users that start with Google Hangout was different; the user that announced the event. And it's a bit confusing but it was very great to  have you hear, Christopher.

So, thank you again for your participation, too.

Christopher: You're welcome.

Manual Lemos: OK, so on my behalf, that is all for now. Bye.

Arturs Sosins:  Bye.

Christopher:  Bye.

You need to be a registered user or login to post a comment

26,081 JavaScript developers registered to the JS Classes site.
Be One of Us!

Login Immediately with your account on:


No comments were submitted yet.

  Blog JS Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog Does the Facebook Hac...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)