Categories
Technology

My Current Version of Learning Node

As we finished up Learning Node, 2nd, the Node.js Foundation released Node version 6. I quickly did a run through to see if I needed to modify the book text. Yes, indeed, I did.

One of the major changes was how new Buffers are created. This is a major change, considering how integral Buffers are to Node. I hastily re-wrote the section on Buffers in the book, noting that the existing examples demonstrate how to create a Buffer in Node 4.x, but not Node 6.x and later. I also provided additional examples for Node 6.x.

Another major change was how to refer to the fast lane version of Node.js, originally called “Node Stable”. Now, it’s referred to as “Node Current”.

I may have influenced this change. I filed bugs last year about the Node documentation.  One bug had to do with the confusion surrounding which version of Node should be the “default” API.

The Node.js Foundation recommends the LTS versions for production use, because of their long-term stability (hence the name). However, if you access API documentation for Node.js directly, such as searching for Buffer in Google, you’ll get the new Current version.

We went back and forth in the comments about the problems inherent with having the least stable API as the default documented API. I also repeatedly pointed out the problems when you have multiple “current” versions of Node (LTS and Stable), and how would people know which is the current version of Node.js?

To be honest, I didn’t see renaming Stable to Current to be one of the possible solutions. That’s a bit like sweeping dirt under the rug. Oh look! We can’t see the dirt now!

Back to finishing up the book. I quickly changed Stable to Current where applicable. What’s done is done. I hope the book does well.

This is my last book on Node. I may, in the future, write other books on technology, but not Node. Change is the byword for the Node community and that doesn’t translate well when it comes to writing books. I will, eventually, return to technical writing here at Burningbird in addition to my other writing, and I will write about Node. But no books.

And when I write on Node, it will be the current version. Whatever that may be.

 

 

Categories
Technology

The Getting-Smarter SmartThings Home Hub

When last we left our intrepid, if challenged, SmartThings home hub, it was not having the best of times.

CNet picked up my previous story, and expanded on it in an article titled Samsung’s smart home push hits disconnect. In addition, researchers exposed what they considered to be serious security flaws with the hub.

Multiple issues exist in SmartThings’ framework, the researchers say, but most pressing are the privileges given to apps, many of which they don’t need to function. A smart lock might only need the ability to lock itself remotely, for instance, but the SmartThings API bundles that command with the unlock command, which an attacker can leverage to carry out a physical attack. Another over-granting of permissions involves the way in which SmartApps connect to physical devices. When a user downloads a SmartApp, it asks for specific permissions to perform its intended purpose. After being installed, SmartThings then lists all the devices that could be used with that app because of its ability to sync with those permissions. But it also gives the app more access than it needs.

In response, SmartThings CEO Alex Hawkinson apologized in the SmartThings community forum, promising improvements. He also posts a weekly update (the latest) about what improvements have been pushed out that week. In addition, the company recently hired Amazon’s former director of engineering, Robert Parker, to oversee the improvements.

As a result, SmartThing users have been seeing an improvement in the hub. We’re no longer seeing the “red bar of death” that used to be so common in the Android app. In addition, performance has improved, including better detection of presence, as well as quicker response to actions. Scheduled events actually run on schedule, after months of erratic behavior.

Hawkinson also responded to the security concerns:

A research report entitled “Security Analysis of Emerging Smart Home Applications” was released this morning by a team from the University of Michigan and Microsoft Research. The report discloses hypothetical vulnerabilities in the SmartThings platform and demonstrates how, under certain circumstances, they could be exploited. Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report. It is important to note that none of the vulnerabilities described have affected any of our customers thanks to the SmartApp approval processes that we have in place.

The system has stabilized enough that some of us are tentatively moving back into the world of the Smart Home Monitor—the golden child of the SmartThings network, responsible for security. It is this application that had the most faulty behavior, with frequent false alarms, and not being able to manually arm or disarm the system.

I turned on SHM last week for the first time in over two months. Unfortunately, I also had a false alarm at exactly 5:04 AM last Thursday, when one of my monitors detected movement where there was none. However, I do believe this is more the monitor (I’ve had some issues with SmartThings own motion sensors in the past)—perhaps reacting to a spider, or air flow eddies—and not the application or the hub. I’ve switched to a different motion sensor (the Fibaro Motion Sensor), and so far no additional false alarms.

We can now easily arm and disarm the SHM security system. When the security alert did go off, all the appropriate lights and alarms were triggered, and notifications sent. In addition, when I dismissed the alert, the alarms were immediately silenced, though I had to turn off all the lights manually.

There are still issues with the SmartThings Hub. The biggest concern is that most of the activity related to the Hub occurs within the cloud rather than locally. This means that if we lose internet connectivity—something that happens daily for me during the hottest part of the day in the summer—automatic actions that should still function, don’t.

We also still don’t have Rule Machine, the extremely popular community-developed application, and no idea if it will ever return.

Still, I’ll take the improvements we’ve received, and the promise of more.

I’m moving the SmartThings Hub from “hold on buying” to, “OK, you can give it a try, but don’t go crazy buying devices just yet”.

Categories
Technology Writing

Learning Node, 2nd Edition is now live

Learning Node 2nd cover

Learning Node, 2nd Edition is now in production and should be hitting the streets within a few weeks. We had a bit of excitement when Node 6.0 was rolled out, just as we entered production. However, this edition of the book was specifically designed to accommodate Node’s rather energetic release schedule, and the book survived with only minimal changes.

In this edition, I focused heavily on the Node core API, rather than third-party modules. I figured the book audience either consists of front-end developers working with JavaScript in the browser, or server-side developers who have worked with other tools. In either case, the audience wants to know how to work with Node…not this module or that. Node, itself.

My one trip into the fanciful was the chapter on Node in other environments. In this chapter, I had a chance to introduce the reader to Microsoft’s new ChakraCore for Node, as well as using Node with Arduino and Raspberry Pi, and with the Internet of Things (IoT). I figured by Chapter 12, we all deserved a special treat.

The book’s Table of Contents:

Preface
1. The Node Environment
2. Node Building Blocks: the Global Objects, Events, and Node’s Asynchronous Nature
3. Basics of Node Modules and Npm
4. Interactive Node with REPL and More on the Console
5. Node and the Web
6. Node and the Local System
7. Networking, Sockets, and Security
8. Child Processes
9. Node and ES6
10. Full-stack Node Development
11. Node in Development and Production
12. Node in New Environments

A more detailed TOC is available at O’Reilly.

I had a good crew at O’Reilly on the book, and an exceptionally good tech reviewer in Ethan Brown.

Categories
Technology

The not-so-smart SmartThings Home Hub

One of the most popular smart home controllers is SmartThings, especially the company’s newest hub, SmartThings V2. Interest in the hub was sufficient to attract the attention of Samsung, who bought SmartThings in August, 2014. Samsung recently touted SmartThings as the hub controller for many of its new smart home endeavors.

Categories
Technology

Nest: Don’t toss it on the Smart Home dead pile just yet

Having heavily invested in Nest products, it’s disconcerting to read articles with titles such as Nest, Google’s $3 billion Bet, May Be in Trouble, or With $340 million in revenue, Nest is underperforming, and its future at Google is at risk. If Google dumps Nest, then who is going to maintain my Nest Protects (smoke and carbon monoxide detectors), thermostat, and Dropcam/NestCams?

The short version of the stories is that Nest is under-performing, it’s having problems with management, and talent is jumping ship. Well, Google, oh, sorry, Alphabet, can fix all of these problems: solve the management problems and work on keeping the necessary staff onboard. Alphabet/Nest also needs to roll out new products and integrate the Nest products with OnHub, which, from a smart home perspective, is dumb as a stump. Both efforts would be an interesting challenge to employees and engineer fresh interest in the brand.

I like my Nest products. I like the softly glowing green ring from my Protects when I turn out the light, letting me know they’re watching out for me. I also like that I can see how their battery is holding up just by using my smartphone. No more battery-low beeping in the middle of the night.

My one Dropcam, and a second NestCam are terrific. They’re the only video cameras I know that you can install indoors, point outdoors through windows, and get a good picture—whether daylight, or illuminated by outdoor lights. They adjust beautifully to changing light conditions, are quite responsive, and you can turn them off when you don’t need them.

My Nest thermostat is very useful…other than the one time the software glitch drained all the battery, leading to some very embarrassing moments for Nest and Alphabet. But my energy use has dropped because of the thermostat, and I have more finite control over what happens, and when.

I also have an IFTTT recipe where my Netatmo  triggers my Nest thermostat to turn on the fan, when it detects carbon monoxide levels exceeding 1500ppm. No more groggy, sleepy days working at the computer.

This IFTTT capability isn’t the only new integration. I can now control the thermostat using Amazon’s Echo, and in case of a fire, the Protects trigger my Philips Hue lights to briefly turn on bright red, to wake us up, and then dim red, which is better for seeing in smoke. They also flash yellow when there’s a warning.

What’s been missing from Nest in the past was smart home integration with other products. The division is now getting its act together in this regard. It would be a shame to cut it loose when it’s just now starting to get interesting.

Come on Alphabet, if you’re going to be a multi-headed hydra, then you have to know when to step back and when to step in. If the head of Nest, Tony Fadell, is as bad as people are saying, then toss his butt into the void and bring in fresh talent. If he isn’t that bad, then defend him. Either way, demonstrate your commitment to the company. No one is going to buy your products, no matter how shiny, if people think you’re going to cut both the products and the customers, loose to fend on our own.

A good place to start showing commitment is demonstrating some new smart home magic: Nest, meet OnHub. OnHub…OnHub…wake up, OnHub…meet Nest.