Category Archives: Technology

Technology related posts.

security-README file, “”

“Security is not about speed but finding help when there is a security issue should be.”

The “tl;dr”Security readme file has the project’s “security policy” and “vulnerability reporting” (A.K.A – “responsible security disclosure policy”) in a separate file. The security readme file is in the root directory of an open source project. Security readme files for open source repositories should be a new guideline.

I am asking the JavaScript ecosystem to use a “” (also referred to as a “security readme file”) to their repositories. My goal is to improve open source security by making policies more accessible and reporting security vulnerabilities easier for everyone.

This isn’t a new thought! While giving a talk at SFNode about “Node.js Security best practices” I realized “security.txt” functions in a similar way. Unfortunately, the “security.txt” file is not intended for humans to read. This is a standard for websites and servers to use in the wild ( A.K.A – the intra/internet ). BUT the idea is the same, provide a route for contributors to report a security issue easily.

Thank you to Rich Trott of Node.js for taking my talking point and running with it. I also want to take a moment to thank these other projects for already using security readme files (

Visit my GitHub repository “security-README”. I welcome comments to this idea so we can make the open source community a better place than we found it.

Please help me:

  1. Star this GitHub repo
    ( )
  2. Star this GitHub repo )
  3. Follow me “@trewaters” on GitHub
     ( )
  4. Follow me on Twitter )

SFNode Meetup, Nov 2018 talk

Thursday, November 1st, 2018

I ( Tre’ Grisby ) talked at a SFNode Meetup. The meetup was hosted by Quantcast in San Francisco, California. Quantcast was a great host and had one of the best receptions. I want to give a big thanks to Quantcast for being such gracious host!

My talk was titled “Node.js Security, best practices“. It was a top ten list of security practices that are beneficial for anyone getting started in node. The goal was to identify possible threats and tools a developer could use to minimize exposure to these threats.

I will not write out all my notes again here. Below is a link to all the resources I used in the talk.

As part of my talk I introduced a thought. In the pursuit of making security more accessible, and reporting vulnerabilities easier. I  asked the JavaScript open source ecosystem to start using a “” file in github repositories. ( Read more here… )

The tl;dr is… adding this file to the root directory should be a new standard. This file will have the project’s “security policy” and “vulnerability reporting expectations”. This way anyone that wants to report an issue can do so easily. This is modeled on the “security.txt” file. Check out my github repo and make comments to help me improve this proposed standard.

Please help me:

  1. Star this github repo )
  2. Follow me “@trewaters” on github )
  3. Follow me on Twitter )

Tutorial Review of

Tutorial Review
Setting Up a MEAN Stack Single Page Application

I will review a MEAN Tutorial I found on All mileage will vary. In order to learn code I like to do a little reading then dive into a tutorial. I can’t learn everything I need to know by reading. Computers are so complex I find it is better for me to dive in and start pecking away at the keyboard. By creating and fixing my own bugs I start to understand what is going on with the code.

I picked the MEAN stack because I know how to use MongoDB and wanted a full stack that would let me develop with MongoDB in a real-world way. I picked this tutorial by trial and error. I started a few tutorials but this one I could actually finish. The MEAN Stack is a popular choice for developing with javascript. The MEAN stack is an acronym for MongoDB, Expressjs, Angularjs, and Nodejs. Stack refers to the fact that this will cover the backend, middleware, and front end of your application.

I will only review the tutorials that I believe are helpful and this was one of them. walked me through a reasonable set of task that allowed me to have a full working application when I was done. That is a big plus. Some of these tutorials are not explicit enough for you to walk away with anything, but this one doesn’t fall into that trap. Plus if you want to take it to the next level they have more tutorials that share MEAN tricks they have learned since making this tutorial.

Try this tutorial at found at setting-up-a-mean-stack-single-page-application

Learning Developer Tools

For the first half of 2015 I have been learning new software technologies. Each new language, framework, or application is a tool to add to my development tool belt. Learning new technologies has been a commitment. I have a full-time job and family. I work hard to get 10 hours a week of software coding done. Learning something new takes all of that 10 hours.

Why add tools to my tool belt?

Software development is an ever changing environment. When I worked 10 years for the water/sewer district. I didn’t have to really push myself to learn anything new. They hired me 6 months out of school for what I already knew. Our stable business didn’t need breaking new technology to run. We had our business technologies that didn’t need to change often. You could pretty much do the same thing with a few upgrades for decades and it would be fine. I grew stagnant. I didn’t realize it until I moved to the San Francisco Bay Area with my family.

Job hunting with a 10 year old skill set made it daunting to look for and expect to find a decent job. Getting a job isn’t the issue. I want a dream job. I want to code software that the world uses. The only way to get that dream job is to learn some of the new technologies.

MongoDB started the path. I grew up with Microsoft SQL and structured databases. I enjoy structured databases and was intrigued at the idea of a NoSQL database. It sounded “cool”, it looked great and to my surprise it worked amazingly. All of a sudden using MongoDB freed me of decade old SQL bondage. The chains of conventional databases fell from wrist as I explored the capabilities of this new technology.

Learning and using are not the same thing…

While I learn something new and do tutorials I find that I get little time to really practice with the technology. It is important to use what you know or you lose it. I had to find a way to incorporate MongoDB into something I could develop. I learn by doing not just reading. Well that thought led me to the MEAN stack. MongoDB is used with Express.js, Angular.js and Node.js. If I want to use MongoDB in a real world way I need to be able to programatically add and remove data. MEAN allows me to do that but it meant that I should learn more stuff.

Now 6 months later I am finally at a point that I can start practicing and I am excited.

May the programming begin, in earnest!