Profile cover photo
Profile photo
Alan Ristić
Alan's posts

Post has shared content
Why the Xbox One will Take Over the Living Room

Post has shared content
Why the Xbox One will Take Over the Living Room

Post has attachment

Post has attachment

Post has shared content
Nice and helpfull!
Time-saving Developer Tooling Tips And Yeoman (18 mins)

Edit: there's a lengthier blog post with more tips and a little more about Yeoman here in case you're interested :)

Did you guys enjoy +Paul Irish's talk at Google I/O? 

In case you missed it, today we announced Yeoman ( - a project we've been working on to greatly help improve developer workflow. It's not been released just yet, but we're hoping to get it out the door sometime in the next month or so.

In this supplemental video, I discuss some more tips for developer tooling and ways in which Yeoman (and related projects) help us spend less time on process and more time building more awesome applications. 

Developer Tooling And Yeoman

tl;dr: do what you can to automate as much of your workflow as possible. 

(With special thanks to Grunt, HTML5 Boilerplate and more.)

Notes and links:

- Know your text editor inside out
* What key bindings/shortcuts can help you complete tasks more quickly? Do you know them all?
* How can your editor be extended? Packages?
  -- Zen coding (st2: ZenCoding package )
  -- Automatic linting (st2: SublimeLinter)
  -- Source style formatting (st2: Sublime Closure Linter, jsBeautifier)
- Your command-line build process and editor can integrated. Are you doing this?
  (for Sublime users, do you actually use this built in feature?)
  Wes has a guide for it here:

 - Do you have a scaffolding tool?
   -- if not, you're missing out. Scaffolding tools save you time creating
 parts of your application.
  -- grunt-bbb (backbone)
  -- brunch (backbone)
  -- brunch for ember

  -- angular + grails
  -- ember + grails

Watch process
 - Are you still manually refreshing your apps/pages on every change? Still
   having to compile CoffeeScript etc. each time too? Get a file watcher in place to automatically reload for you.
   -- LiveReload, CodeKit, Brunch and Grunt also do this well:
     -- LiveReload:      -- Grunt:      -- Brunch:      -- CodeKit:

 - Mocha    - Grunt Mocha task  - Jasmine    - and its Grunt task  - From Pauls talk (thanks to Ryan). Automated client-side testing in the cloud

Build process
 - We all need a solid build process for production
- The basics:
* Linting
* Unit testing
* Concatenation
* Minification
* Optimization

- These days also might need:
- Using AMD? Need to run modules through r.js
- Headless unit testing (PhantomJS, Zombie.js)
- Compile Compass, LESS, CoffeeScript files
- Image optimization (OptiPNG, JPEGTran)
- File revisioning
- Generating an application cache manifest


Interested in automated distributed CI for JS? 

I mention linting during a build process, but I mean to say running any scripts against linting whether its outside of this process in a pre-step or otherwise.

Post has shared content
#Devoxx  has posted video of "Securing the Client Side", which I think is well worth your time to watch. Slides are available at

The content should really be nothing surprising for anyone who's heard me talk about anything at all in the last few months, but I think it turned out well as a summary of the things I care about at the moment.

Here are a few of the core tenets:

* HTTPS everything: serving data over a secure transport layer is the only way to have any measure of protection against the evils of the web. It's an absolute prerequisite for any discussion of client-side security, and it's easier than you think to get started: is literally giving away certificates. There's really no excuse for any application to be served over HTTP. Also, use Strict Transport Security to mitigate the risk of SSL stripping and other such attacks (

* Escaping content correctly is possible, but hard. It seems like a simple problem, but years of practical experience teaches us that we are seriously bad at it as a community. In a quite well done presentation at AppSecUSA (, +Alex Russell elegantly phrases this as "discount[ing] the probability of perfection". I'll just call it naked cynicism: we are simply terrible at being perfect, and we need help.

* Use Content Security Policy ( It's the single best defense against content injection attacks (like XSS) that I know of. The HTML5Rocks article linked above is excellent, and the spec has just advanced to Candidate Recommendation in the W3C:

* Sandbox components of your applications using the `sandbox` attribute of `iframe` elements. This allows you to run dangerous portions of your application in a low-privilege environment, reducing their value to attackers, and making your application as a whole a less interesting target for attackers.

That's it! Security is easy! Sorta.

Post has shared content
Ha! Vsi jo igramo, hočeš/nočeš ;)

Post has attachment
Great overview of nodejs from senior programmer - tnx man!

I support the January 18th Wikipedia blackout to protest SOPA and PIPA. Show your support here

I support the January 18th Wikipedia blackout to protest SOPA and PIPA. Show your support here
Wait while more posts are being loaded