jQuery.com September 2014 Security Retrospective

Posted on by

During the last two weeks of September, we found our way into the headlines due to a series of attacks on our web servers. Today, we wanted to give everyone a brief update on the status of our websites and a recap of what happened over the last two weeks.

jQuery Under Siege

Early on the morning of September 18th we were hit with a DDoS and went offline. We were down for a couple of hours. The sites were brought back up later that day on September 18th and all seemed well.

Later, during the afternoon of September 18th, we were contacted by a security company named RiskIQ reporting that their crawler had reported malware being served by our content sites. There were never any reports that the jQuery libraries nor the CDN were ever compromised. Immediately upon receiving that report, we completely destroyed and reimaged all of those machines, revoked and reissued all associated SSL certificates, and confirmed that there was no suspicious content being served at that point. Since then, our own team and security folks from Mozilla and MaxCDN have worked to analyze logs and attempt to confirm the impact of this attack.

On September 23rd, RiskIQ went public with their report which picked up steam throughout the day on various media outlets and Twitter. The next morning, September 24th, as DDoS attacks on our properties continued to increase both in frequency and magnitude, CVE-2014-6271, otherwise known as the ShellShock vulnerability, was issued. As we continued to respond to the media discussion and communicate to the community what had happened on September 18th, we were victimized again in a series of much more public attacks involving the repeated defacing of jquery.com.

Investigations into our systems have yet to find the initial attack vector. However, we did take some steps to make ourselves more secure. For instance, some of our WordPress installs were out of date, all of our servers were vulnerable to the recent shell vulnerabilities, NGINX was slightly out of date as well as maybe a few other patches etc. that needed to be made. The infrastructure team dove in and began making those changes and started building new, fully patched and secured servers to host our sites. It appears these changes were effective as the defacing stopped and we have not seen any evidence of intrusion since.

Later on September 24th, a massive and unrelenting DDoS attack began. It seemed as though it would come in waves, but did not stop until late on September 28th. Most of the time on September 26th and 27th was spent trying to implement various products and solutions in order to keep the servers alive. We fought day and night to try to keep the sites up. We have to commend Corey Frang, Adam Ulvi, the rest of the infrastructure team, and others; they worked through the nights and in alternating shifts to try to keep us on the internet. Without their efforts, we would not have had the short amounts of uptime we did. One significantly important step that we took was to reach out to CloudFlare, who generously and rapidly gave us access to their Enterprise service which has helped tremendously in mitigating these attacks.

Moving Forward

jQuery and the jQuery Foundation are important to the web ecosystem, as is evident from the amount of press and the number of concerned individuals and organizations that have reached out to ask questions about this attack. The jQuery Foundation works on a daily basis to maintain and improve our projects and the infrastructure around those projects. The goal of this work is to continue to make web developers’ jobs easier and make sure they have a voice in the world of standards and browsers. However, these objectives take a large quantity of resources. Whether those resources are provided by access to expertise of a company’s employees or services, or through financial support, we would be unable to continue this important work without the support of the open source community and our supporting members.

We have been asked several times throughout this ordeal about why we didn’t have XYZ service in place or why we didn’t have our security team keeping a closer eye on these types of risks. The simple answer is that our budgets are tight and resources are limited. Our infrastructure team, and most of our teams for that matter, are made up of volunteers who give their time for free to make sure things keep running. The Heartbleed and ShellShock vulnerabilities are recent examples of how badly things can go when open source projects are taken for granted and just assumed to be OK. Eventually something is going to fall through the cracks and those cracks become larger and more frequent when people are doing what they can in their spare time.

So how can you help? As an individual, get involved in one of our projects. We can always use help writing code, designing, maintaining servers, working on events and the list goes on. Take a look at contribute.jquery.org or come say hi on IRC in one of our many channels listed on irc.jquery.org. As an organization, we would love to hear about any service you may be willing to donate, any developers or other skilled professionals that you could spare for a few hours a week or if you can help financially. Send us a message at [email protected] and let us know how you can help.

We haven’t wanted to say too much about these attacks as they have been happening because we remain a juicy target in the eyes of hackers who are continuing to attempt to infiltrate our servers even as of this writing. In sharing all of this information with the community now, we’ve tried to balance the need to explain what’s been happening with the potential backlash that could happen as a result of coming out publicly and saying that we believe we have the situation under control.

That said, we do at this point believe that we have the situation under control. For this, a huge thanks is due to the entire jQuery infrastructure team, who rolled up their sleeves and worked tirelessly on these issues to get us back to a good place. We will continue to be vigilant in ensuring the reliability and safety of all of our resources for our community of users.

Update on jQuery.com Compromises

Posted on by

Today at 11:15AM EDT, the jQuery Infrastructure team received widespread reports and confirmed a compromise of jquery.com. This attack was aimed at defacing our sites, and did not inject malware like the attack that was reported on September 18th by RiskIQ. We believe that these are separate incidents that may have used the same attack vector.

We took the site down as soon as we realized there was a compromise and cleaned the infected files. We are taking steps to re-secure our servers, upgrade dependencies, and address vulnerabilities.

At no point today have there been reports of malware being distributed from any of our sites, nor has the code of any jQuery libraries on our website or CDN been affected or modified today or during last week’s reported attack. Some of this confusion stems from last week’s attackers having set up a domain name intended to dupe users into thinking it was the official jQuery CDN. Please note that the official domain for jQuery files hosted from our official CDN is code.jquery.com.

There has also been concern that the user accounts of developers and administrators who use jquery.com and the rest of our WordPress sites have somehow been compromised by this attack. However, the only people who have a user account for the WordPress sites affected by these attacks are members of the jQuery team; we do not have any public user registration for any sort of account on any of the affected sites.

We are continuing to actively work on and monitor this situation and will update you as we learn more.

Updates

We have moved http://jquery.com to a new server only running code we trust and are continuing to monitor the situation closely. – September 24, 2014 at 5:07 PM EDT via Twitter

Was jquery.com Compromised?

Posted on by

Lastest update on the compromise: Update on jQuery.com Compromises

Earlier today, RiskIQ published a blog post stating that the jQuery.com web servers were compromised and serving the RIG exploit kit for a short period of time on the afternoon of September 18th. Our internal investigation into our servers and logs have not yet found the RIG exploit kit or evidence that there was in fact a compromise.

RiskIQ was able to make contact with the jQuery Infrastructure team on September 18th, at which point with members of the RiskIQ team tried to find evidence of compromise. So far the investigation has been unable to reproduce or confirm that our servers were compromised. We have not been notified by any other security firm or users of jquery.com confirming a compromise. Normally, when we have issues with jQuery infrastructure, we hear reports within minutes on Twitter, via IRC, etc.

At no time have the hosted jQuery libraries been compromised.

Currently the only potential system compromised is the web software or server that runs jquery.com. We have asked RiskIQ to help us look through our server logs and systems to help identify when and how a compromise happened. Please check this blog post for updates on the situation.

Even though we don’t have immediate evidence of compromise, we have taken the proper precautions to ensure our servers are secure and clean. If you happened to visit any of the our sites on September 18th and are afraid of your system being compromised you can follow the advice RiskIQ recommends:

  • Immediately re-image system
  • Reset passwords for user accounts that have been used on the system
  • See if any suspicious activity has originated from the offending system

jQuery Chicago Roundup!

Posted on by
jQuery Conference Chicago logo

With just over a month until we set forth for the Windy City for the first jQuery Conference in Chicago, the moment’s opportune to bring you up to speed on what we’ve got in store for you this September!

Whatchu Talkin’ Bout?

Our speakers and talks are the highlight of any jQuery conference; our lineup in Chicago is no exception. We aim to cover a broad selection of subjects from across the realm of web development, from our jQuery Foundation projects like jQuery, jQuery UI, and jQuery Mobile (so we’ll be having talks from project leads Dave Methvin, Scott González, and Alex Schmitz) to the new frontiers where JavaScript now treads (so we’ve got Lisa Deluca talking about using Arduino and Cordova together, and Micah Ransdell talking about Netflix’s adoption of Node.js). We know you want to know more about the future of the open web platform, and that’s why we’re happy to have folks like John K. Paul to go over coming changes to the language in ECMAScript 6, and TJ VanToll and Kevin Hakanson to discuss new browser APIs for form validation and cryptography.

A lot of you come to conferences to learn practical things you can take home with you, and that’s why we’re excited about sessions from (among others) Brian Arnold and Cory Gackenheimer on debugging techniques and Phil Dutson on the process of building a jQuery plugin.  We know, however, that there’s a lot more to releasing code than, well, writing code, and we’re happy to have Kassandra Perch, Alex Sexton, and Kelly Andrews joining us to talk about how to choose and use tools to ship and support the projects we work on. And we know some of you travel to conferences for the fun and games, and we’re thrilled to have Sara Gorecki and Bodil Stokke on hand to talk about building games with web technology.

This is just a handful of the speakers and subjects that’ll be on our Chicago stage(s), and we invite you to take a few minutes to check out our entire program to see what else is on the docket!

Can You Hack It At #jqcon?

Of course you can! In Chicago, however, we’re partnering with MaxCDN, DigitalOcean, and MediaTemple to officially encourage you to do so! We’ve got a wealth of data about how folks use the jQuery CDN at code.jquery.com, and it’s up to you to help us understand it. The hackathon starts the night before the conference on September 11th, and you’re free to use any medium you see fit to play with the data, whether it’s a web application or a robot. Our sponsors have stepped up to reward three participants with bountiful rewards, so we hope you join us to team up, explore, and build!

Coming Home to Roost

We’re partnering with Bocoup for the second time this year to extend our trip to Chicago with Roost, a two-day intensive class on building modern web applications taught by Ashley Williams, Ben Alman, Irene Ros, and Mike Pennisi. Roost is targeted at developers who already know JavaScript, jQuery, HTML, and CSS, and are looking to understand how to develop a better workflow for building, testing, and maintaining their applications and incorporate technologies like Backbone, RequireJS, Stylus, and more. You can check out the full training curriculum and schedule to find out exactly what’s planned.

Accommodations

Both jQuery Conference and Roost are taking place at the Sheraton Chicago in the heart of the city, so the hotel’s a convenient place to stay for the purposes of both your edification and your vacation. We’re only able to offer a discounted rate of $269 per night until August 15th, so make sure to make your reservation in our room block as soon as you can! Staying in our room block is a really helpful way you can help the jQuery Foundation fulfill some of the large financial commitment we’ve made by setting up shop in Chicago.

Brought To You By

Our sponsors and foundation members make a huge difference in our ability to host an awesome jQuery Conference for the community, and we’re happy to take a moment to thank them right here! So here’s a big THANKS to Diamond sponsors WordPress and IBM, Platinum sponsor MediaTemple, Gold sponsors MaxCDN, Bocoup, BrowserStack, Mandrill & DigitalOcean, and Silver sponsors Pebble & Accenture. (We’re still welcoming sponsors – if you’d like to have your company be a part of #jqcon, please reach out!)

Student Discount

We’re glad to be able to offer a discount to current students interested in attending jQuery Conference or Roost. Please get in touch with us for more information on how you can save $150 on tickets to one event, or $200 on a combination ticket. We know the discount is modest, but this is only the second time we’ve been able to offer a student discount of any kind, and we hope it helps. Please be advised that if you use this discount, you’ll need to show a valid student ID at registration.

Join Us

The summer’s been flying by and we can’t believe we’re only five weeks out, and we hope you’ll consider joining us on our trip (or that you’ve already booked your ticket!). Check out the conference site for more on our program and speakers, lodging, and to buy your tickets. If you have any questions, always feel free to get in touch with us on Twitter or via e-mail.

Supporting the Cause, Improving the Web

Posted on by

To help the jQuery Foundation accomplish its mission to improve the open web and make it accessible to everyone, we established a membership program where organizations and individuals could join the foundation to help us support our goals. In return, members are recognized both on our websites and at conferences. Since that time, a number of companies, large and small, as well as individuals, have stepped up to support the foundation and continued success of the jQuery projects. A full listing of our members is available on the member page on jquery.org.

Corporate Memberships

Corporate memberships are available in several levels based on support, ranging from Bronze to Platinum. Beyond those levels is our top level membership called our Founding members. Currently, WordPress is our single Founding member at this time and they are a huge part of the jQuery Foundation mission and we would like to say a special thank you to them. We would not be here if it wasn’t for the support of WordPress and our many corporate members at every level.

So what does a member get in return for their support of the Foundation? Depending on the level of support, there are a number of ways we recognize and thank our members. Every member is recognized on the member page. As you progress up through the different levels of membership, more benefits such as conference recognition, free and reduced price conference sponsorship packages, invitations to team meetings to discuss the development and direction of the jQuery projects, and even the ability to host jQuery licensed events of your own. For more information about the corporate membership program, e-mail us at [email protected].

I’m not a Corporation, how can I help?

We’re glad you asked. The jQuery Foundation also has an individual membership program where people can donate smaller amounts to help support the Foundation and in return, we send out some cool jQuery branded gear. When the program started, we offered three levels of membership for individuals. That just got too complicated for both the members joining as well as the folks managing the payment and gift fulfillment. There is now only one level of individual membership at the $400 per year level. If you think about it, that’s really only a little more than $1/day to help keep the jQuery Foundation running. You can see all of our individual members listed on the member page. As new members are added, they will be listed as Heroes until the transition from a 3-tier to 1-tier program is complete and everyone has merged into a single list of Individual Members. If all of this has got you itching to become part of the next wave of individual members, head on over to https://jquery.org/join/ and join our ranks.

Membership may not be an option for everyone, but there are still ways you can support the Foundation’s work. The first way is through donations. The jQuery Foundation accepts donations, both large and small, through PayPal. If that’s an option that interests you, check out our donate page. Another way to help the foundation is by grabbing yourself a nice shirt or some stickers over at DevSwag. We have partnered with DevSwag, as many other open source projects have, to license the sale of official jQuery branded clothing and other items and a portion of the proceeds from those items are donated to the jQuery Foundation.

No matter if you’re a company or an individual, we hope you’ll take the time to consider supporting the jQuery Foundation to keep us working toward making the web accessible to everyone.

One Last Thing …

We thought we would let you know one more time about the upcoming jQuery Conference in San Diego. The conference is February 12-13 and is preceded by Bocoup’s 2 day training conference Roost on February 10-11. Don’t forget to take $50 off your ticket to one or both of these events using discount code jqblog50 at checkout!

Hosting and Configuring the jQuery Servers

Posted on by

The other day, we posted about our new content workflow, but we didn’t get into how all that content is actually served. Believe it or not, jQuery doesn’t just run on jQuery.

The servers

The servers themselves are hosted at Media Temple. We have been using their VPS services for many years to host all the things we need to host, of which there are a surprising number. We use over a dozen different servers (of various sizes) hosting everything in the jQuery network including many different web sites, applications and services vital to the community and development team. The reliability of the Media Temple VPS services and network for our infrastructure has been fantastic.

The setup

We couldn’t manage all of the servers without Puppet. Puppet is a configuration management tool that makes it really easy to express server configuration in a simple scripting language. Tasks like adding a domain to the Nginx configuration can be annoying, and hard to track changes using conventional methods. Using Puppet lets us store all the server configuration needed in a git repository, and deploy new machines very easily.

Another product that really shines in our setup is Nginx. Nginx is an open source web server focused on delivering the best performance possible. On our busiest Media Temple Dedicated Virtual server around peak times, Nginx handles about 300 HTTP requests per second, of which about 30 are serving pages from WordPress via php-fpm. Nginx’s built in fastcgi_cache handles a lot of that load, and more like 2 or 3 requests per second actually make it to PHP.

Thanks for the support!

Keeping a network of servers running to support a community as large as jQuery’s is a big job. To help ensure everything runs smoothly, we rely on jQuery Infrastructure team members Adam Ulvi and Ryan Neufeld, and for server and network-related issues we count on prompt and helpful support from the Media Temple team.

To celebrate their 7 years of serving the jQuery community, Media Temple is extending a special offer on their VPS and Grid Hosting. For the next 5 days, get 50% off an annual purchase of a Grid or VPS (up to level 3) service with the code LovejQuery50.

Speaking of support, if you need any support with jQuery, or the related web sites and services, check out one of our IRC channels on freenode.

Getting from GitHub to WordPress

Posted on by

Maintaining an open source project as big as jQuery requires the use of various software and services. Two of the products we rely on and enjoy the most are GitHub and WordPress.

We’ve been using and loving Git and GitHub for years now. The community collaboration has been phenomenal. We’ve seen a massive uptick in community-provided bug fixes, refactors, new features, etc. Even within the team, the services provided by GitHub have provided a huge productivity boost. Forks and pull requests provide a great mechanism for sharing code and peer code reviews. The interface renders almost every file exactly how we want it to, especially Markdown. The API and service hooks provide a great way to automate various tasks.

Even longer than we’ve been using GitHub, we’ve been using WordPress to manage our various web sites. We have a surprisingly large number of them. Between project sites, API documentation, tutorials, contribution guides, events, and organization sites, the number of web sites we maintain rivals the number of code projects we maintain. WordPress provides tools which make managing this many sites with a common brand almost as simple as maintaining just one site with shared users, theme inheritance, and a great plugin architecture, providing even more hooks than GitHub.

The missing pieces

Unfortunately, our WordPress experience lacked all the collaboration tools and workflow we love. Only a few people had access to edit content, and collaboration without pull requests is painful. Managing content on api.jquery.com was an even bigger hassle because of our XML based workflow, which the WordPress editor clearly wasn’t designed for.

While GitHub has tons of tools that we love, and they even have GitHub Pages, it lacked the infrastructure we need for managing our site content. GitHub Pages have no built-in features and can’t have any server-side processing. Features like search and commenting either need to be added per site via client-side JavaScript or can’t be implemented at all.

Bringing it all together

In order to resolve these issues, we decided to find a way to bring these two products together and get the best of both worlds. It started off pretty bumpy, but we managed to do just that! Things started to really pick up when we got the support of WordPress’ Lead Developer Andrew Nacin. Nacin played a key role in getting our new infrastructure set up and ensuring we were using WordPress as efficiently as possible. With his help, and the help of a few new projects – such as node-wordpress, grunt-wordpress, and grunt-jquery-content – we were able to build exactly what we wanted.

We now manage our WordPress theme in jquery-wp-content, and the content for all of our sites are stored and managed in individual repositories on GitHub. Storing the content of each site on GitHub gives us all the benefits of tracking tasks in issues, discussions on pull requests, visual diffs for changes, etc. The content of each page is generated by grunt-jquery-content from HTML, XML or Markdown source depending on the repository. This content is then synced to WordPress using grunt-wordpress. Just like our code, all of our site content is open source and released under the terms of the MIT license, with the exception of our branding which is not licensed for use by others.

We’re now powering a dozen and a half sites with this new process, averaging 20 contributors per site. Our most popular sites for community contribution are learn.jquery.com which is nearing triple digits and api.jquery.com which currently has 50 contributors. We’re averaging 40 pull requests per site as well, showing just how beneficial this new workflow has been for the team and the community. If you’d like to join in on this community effort, you can read more about our process and how to get involved on our contribution site and help make jQuery better for everyone.

jQuery 1.11.0 RC1 and 2.1.0 RC1 Released

Posted on by

We’re just about ready for the final release of jQuery 1.11 and 2.1! Before we release, we’d like you to sanity-check our work. It will save us both a bunch of work if you check things out now, rather than waiting for a release. If something’s not right, we can fix it before millions of people have to deal with it!

Testing is easy, just use one of these files on the jQuery CDN:

We’ve also published the files on npm for those of you using that for dependency management. This version should work properly with browserify.

This version is mainly about fixing bugs and supporting more dependency managers, so you shouldn’t expect to see compatibility issues if you’ve already migrated to 1.9 or higher. But that’s why we’re putting out a release candidate, we want this to be as stable as possible. If you do see problems, please report them at bugs.jquery.com.

Go forth and test!

Changelog

Common to both jQuery 1.11 RC1 and jQuery 2.1 RC1

Ajax

Attributes

Build

Core

Css

Data

Effects

Event

Misc

Selector

Support

jQuery 1.11 RC1

Ajax

Core

Effects

Support

jQuery 2.1 RC1

Ajax

Build

Core

Event

The jQuery Foundation and Standards

Posted on by

Most web developers think about jQuery in terms of its roots, as a library that tries to bring sanity to a disparate set of APIs and quirks that vary from browser to browser. Although that’s one of the things that jQuery was built to do, and still does, it’s not the only thing. jQuery defines a useful API that makes it as easy to work with one element as it does for a dozen. jQuery shortens verbose DOM API names and removes tedious boilerplate code, making it easier to write and to read code. jQuery adds functionality beyond the standard APIs for the work that web developers often need to do.

In short, jQuery isn’t just an API repairman for browsers. To the extent that we need to fix problems, we do it. But we’re even more interested in getting browsers to fix their problems, and in shaping future standards to avoid problems, so native APIs will work properly from the start. Then we can all build useful functionality on top of that solid foundation.

jQuery team members bring plenty of real-world experience that guide standards in the right direction. The earliest example of this is the querySelectorAll method, where John Resig pointed out that the implementation wasn’t quite what JavaScript developers needed. Unfortunately in the case of querySelectorAll, it was too late to do anything to fix the problems.

How jQuery Can Shape Standards

In order to provide input into emerging standards, the jQuery Foundation joined the World Wide Web Consortium (W3C) and ECMA International last year. In fact, it’s one of the main reasons the Foundation was formed. W3C and ECMA members tend to be representatives of the companies that make browsers and commercial software. We believe that we bring the voice of the rank-and-file web developer to the standards process.

Yehuda Katz and Rick Waldron have been active in the ECMA TC39 group, which defines the language officially known as EcmaScript but that we know as JavaScript. Rick’s excellent meeting notes can give you an inside view of the deliberations that go on during their in-person meetings.

Scott González and Kris Borchers have been working to refine the Pointer Events standard. It brings simplicity, regularity, and sanity to the handling of pointer technologies so that developers don’t have inconsistent (and conflicting!) event models for touch and mouse. During the transition, developers will be dealing with three pointer models–mouse, touch, and pointer. jQuery and jQuery UI want to simplify this transition to the standard.

Julian Aubourg has been participating on revisions to the XMLHttpRequest standard, a position for which he’s been battle-tested by jQuery’s $.ajax implementation. Knowing all the problems that jQuery has worked around provides him with experience to avoid the same problems in the future.

Scott González and TJ VanToll have been active in helping to define HTML5 input types such as <input type=”date”>, providing practical input based on experience with jQuery UI. TJ’s talk at the Portland jQuery Conference does a great job of covering the pitfalls of using HTML5 input types today, and emerging standards like Web Components that could make things easier for web developers.

The jQuery Foundation is also a strong advocate of accessibility; we want to make it easy for web developers to reach all users including those with vision or motor impairments. The W3C addresses those issues through the Web Accessibility Initiative, and specifically with Accessible Rich Internet Applications (ARIA). jQuery UI widgets are incorporating ARIA attributes, and Foundation member Deque Systems has sponsored several events on jQuery accessibility issues.

Finally, we coordinate and pass along bugs reported to jQuery that are due to standards violations in a particular browser. With most browsers updating every few months, it often doesn’t make sense for jQuery to incorporate large and complex bug fixes for temporary problems. But we’re committed to getting them fixed by the browser makers as soon as possible.

A Standards-Driven jQuery Future

jQuery isn’t a highly opinionated framework that demands control over all the DOM. In most cases you can (and often should) use the DOM APIs alongside jQuery. That was always the intended design; you can see it in aspects like the this object inside an event handler being a DOM element, not a jQuery object. About the only place where jQuery requires control is when elements in the DOM are replaced via methods like .html() or removed with a method like .empty(), so that any associated jQuery data can be cleared out.

Similarly, the built-in HTML5 input types can coexist with jQuery UI input widgets. jQuery UI is committed to providing user interface widgets that provide great functionality without sacrificing accessibility, inherently supporting standards such as ARIA.

The jQuery Foundation wants standards-based APIs and cutting-edge JavaScript features to be usable directly by developers. The good news is that the community is making good progress on that goal, and jQuery team members are helping through our participation in the standards process. Yet the continuing evolution of web standards and practices, combined with a vibrant third-party ecosystem of plugins and knowledge, still provide compelling reasons to use jQuery. Web developers deserve to have the best of both.

jQuery Austin Speaker Lineup

Posted on by
jQuery Conference Portland logo

With just over a month until jQuery Austin starts, I wanted to take a few minutes to point out the highlight of our conference program: our talks! With a single-track conference, it’s our job to select individual talks that will appeal to the entire conference audience. At the same time, we want to make sure we cover a broad range of subjects related to jQuery and front-end engineering so that every attendee can take home something that will make a difference in their day-to-day development. Those were our goals with our Call for Papers, and we hope you’ll agree our 20 selections fit the bill.

jQuery

One of the main focuses of #jqcon is to bring you the latest on what’s going on in the jQuery libraries, and there’s no one better for that than keynote speakers Dave Methvin and Scott González, development leads for jQuery and jQuery UI. Dave will be talking about more than just recent changes to jQuery core; he’ll be delving into how to diagnose what does (and doesn’t) cause performance woes in modern web apps. And with the jQuery UI and jQuery Mobile projects merging, you’ll want to be sure to hear Scott tell what the future has in store.

As increased modularity comes to jQuery, Timmy Willison will describe how and why we’re making the switch to AMD in core, and how to leverage these forthcoming changes in your apps. Julian Aubourg is going to take a dive into Deferreds and Promises, which have been proven to be a useful tool for managing asynchronous code, even since before their incorporation into jQuery a few years ago.

Mobile

We’re excited to have a number of talks on taming the burgeoning beast that is mobile development. Alex Schmitz will be reviewing the results of the Mobile team’s serious look at the performance of jQuery Mobile for the upcoming 1.4 release, and outline new features that have been added with performance in mind, and Asta Gindulyte will examine how to use jQuery Mobile across a wide variety of screen sizes, from phones right on up to televisions.

Figuring out how to serve the right images to your application’s users across devices and bandwidths has been one of the more interesting discussions in web development for the last year or two, and that’s why we’ve brought Christopher Schmitt to help you make sense of it all. Building applications that work offline is another challenge, and Seth Hallem will explain how to persist, search, update, and display data in HTML5 mobile apps.

Application Development

Debugging is the constant task of software development, and Brian Arnold will be walking us through the constantly-improving tools that can help improve your skills in this dark art. Sometimes, apps appear to work fine until they get into the hands of users who require a screenreader, so Jörn Zaefferer will be giving a primer on the important subject of how to make your web application accessible to all users.

Client-side MVC frameworks are certainly all the rage these days; after having talks on Backbone and Ember at jQuery Portland, we’re thrilled to bring AngularJS into the mix, with Burke Holland bringing you up to speed on directives, one of the framework’s coolest features. If you’ve been using MVC frameworks, one question that you’ve likely wrangled with is where to draw the line between reusable UI widgets and custom application code – which just happens to be one of the subjects Richard Lindsey will be presenting in his discussion of the jQuery UI Widget Factory.

Front-End Ops

Web applications are continuously becoming more JavaScript-centric, bringing increased rigor to the client-side. Grunt has taken off as a popular tool for building and minifying code, and Aaron Stacy‘s talk will explore how to use this JS task runner for even more. Many more developers are recognizing the importance of writing unit tests, and Travis Tidwell will be in Austin to help you incorporate running tests into your deployment process with PhantomJS.

All the technology in the world doesn’t change the fact that web applications are still written by human beings, and Monika Piotrowicz will analyze how we can improve our workflows to better accommodate all the different people who are involved and perhaps even build better products! The jQuery Foundation itself is one organization where we’ve made significant changes to how we work in order to get more developers involved in the project, and Anne-Gaelle Colom will be on hand to detail her experiences as she’s grown to become the Documentation lead for jQuery Mobile.

mind === blown

The open web platform continues to evolve and bring with it exciting new possibilities for what we can do in the browser. Jenn Schiffer will enlighten you on the canvas tag and how it can let you use your coding abilities to be creative and make art, and Vlad Filippov will bring this discussion into a full three dimensions as he shows off voxel.js, a WebGL-based toolkit for creating Minecraft-like worlds and interactive visualizations.

If you’ve got pockets and a phone that vibrates, then you’re surely aware of the utility of push notifications, and Kris Borchers will explain the finer points of their journey to the web platform. Web Components are another emerging spec that have the potential to change how we develop and share reusable widgets, and Juan Pablo Buritica will illuminate the current state of affairs and show tools that will let developers get started writing more modular code today.

Join Us

With so much in store, we hope you’ll head deep in the heart of Texas with us on September 10 and 11! Head on over to the conference site to read more about the program and buy your tickets today. In fact, we’re celebrating the renaissance of our RSS feed with $25 off coupon for anyone who uses the coupon code JQBLOG until we run out of tickets!

If you’re able to attend #jqcon, you’ll probably want to stay within walking distance of the Austin Convention Center in our room blocks at the Hyatt Place and Radisson hotels, especially if you want to be able to explore downtown Austin and rub elbows with your fellow attendees.

If you have any questions, always feel free to get in touch with us on Twitter or via e-mail. If not…see you there!