Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
394 lines (365 sloc) 13.9 KB

Please Contribute

Go to http://blog.omarduarte.me/stuff-every-junior-developer-should-know/ to learn more about this repository. Source Repository: https://github.com/omarduarte/juniors_should_know/

Any suggestions on the format and structure of this list are more than welcome. To contribute:

  1. Fork this repository
  2. Find awesome links (avoid w3schools!), shorten them, and add to the list (101, advanced, etc...)
  3. Send me a pull request
  4. ...
  5. Profit!

NON-TECH

The UNIX console

  • Learn most commonly used UNIX-based console commands.

    Advice: Understanding Unix/Linux is key to become a better developer. Many things which might require complex programs can be done easily by pipelining basic Unix commands.

HTML

FrontEnd

  • Advice: "Learn Javascript, CoffeeScript is not Javascript."
  • Advice: "You don't always need an app."
  • Advice: "Don't sacrifice UX over using a tool that makes your life easier."
    • Lesson: "Your Rich apps take long to load up, specially when the user is using a mobile device. If you don't need an app to show the content, don't use an app. If you do, then show a static page (mocking the app) while your app loads in the background."
  • Advice: "Handle the read case."
    • Lesson: "Nothing makes a user more angry than being unable to reach the information they need."
  • Indexability (SEO Basics)
    • URLs
      • TODO
    • Crawlers
      • TODO
    • Site maps
      • TODO
    • Insite Links
      • TODO

UX

  • Advice: "No one cares about carousels"
  • Advice: "Don't move the cheese". -Lesson: "Messing with elements while scrolling will confuse and distract your users. Stop moving stuff."
  • Advice: "Don't block the content with an email subscription call to action."
    • My Advice: "Use sparingly. Only use when you feel your users have consumed most of the content they would in that visit and are about to leave the site."

State

  • Advice: "Never break links."
    • Lesson: "If you changed the URL for a page, always re-direct the old URL to the new one."
    • URL Redirection
      • TODO
  • Advice: "Keep URLs Meaningful."
    • Lesson: "Use pushState to change URL in Rich web apps. Your users should be able to copy an URL from their browser and be able to share it with their friends."
      • pushState
        • TODO
  • Advice: "Avoid hashbangs!".
    • hashbang
      • TODO

Sessions

  • Cookies
    • TODO (What are cookies?)
    • Advice: "Cookies are not for storage. Your cookies shouldn't be larger than 4096 bytes."
    • Security
      • HttpOnly = true
      • Secure = true
      • TODO (Aditional cookies security).
  • LocalStorage
    • TODO (What is LocalStorage?)
    • Advice: "Use it."

Security

  • OWASP TOP 10
  • XSS
  • Cross Site Request Forgery
    • Victim has an active session and has been authenticated on another web site, such as a bank website
    • Victim visits another website and is tricked into submitting an HTTP request to the valid website
    • Victim thinks they are submitting a form to enter a contest, but are actually submitting a form to transfer all their money to China
    • Can be prevented with input validation, specifically by using Regex
    • OWASP CSRF Prevention Cheatsheat: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
  • SQL Injections
    • When user input goes directly into a database query, attackers can make malicious queries
    • Attacker inputs a SQL query into a form
    • Can be used to query the database for all user passwords or drop database tables
    • Do not trust user input
    • Prevention: Avoid dynamic DB queries or use Stored Procedures (developer defines query, users only supply the parameters)
    • OWASP SQL Injection Prevention: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
  • Other Types of Injection
    • Command Injection: User-supplied input is passed to the system shell, allowing attacker to execute commands
    • Code Injection: Attacker executes code in the application without accessing the shell
    • Prevention: input validation
    • Advice: "eval() is evil."
    • OWASP Command Injection Prevention: https://www.owasp.org/index.php/Command_Injection
  • Insecure Direct Object Reference
  • See The OWASP Top 10 List for Other Common Vulnerabilities
  • Authentication
    • Identification
      • User states who they are
      • User can claim to be someone they are not
      • ex. Entering your name or username
    • Authentication
      • Computer validates user identity
      • ex. entering a password, showing a Drivers License
    • Authorization
      • Determining what a person is allowed to do in a system
      • Assumes user has already been identified and authenticated
      • Advice: "Don't do Authority via Identity" i.e. Everyone can edit cookies.
    • Identification vs. Authentication vs. Authorization: https://danielmiessler.com/blog/security-identification-authentication-and-authorization/
  • Salting and hashing passwords
    • Salting: Adding randomness to your encryption so that an attacker cannot reverse-engineer the passwords on your site
    • Without salting, an attacker can try a common password with different encryption methods until one works: he now knows your encyption method
    • When the attacker knows your encryption method, he can decrypt everyone's password
    • Hashing: Using an algorithm, a password is converted to a long sequence of numbers and letters
    • Example hash: 8743b52063cd84097a65d1633f5c74f5
    • Advice: "Use bcrypt."

Performance

  • Speed
    • Time taken to process 1 request
    • TODO
  • Efficiency
    • Resources used per request
    • Todo
  • Throughput
    • Total amount of requests processed per second.
    • Concurrent Requests / Process time of one request
    • Todo
  • Latency
    • Time that the user perceives to get a response.
    • Todo

Caching

  • Caching === storage for speed
  • Client caching
    • TODO
  • Edge Caching
    • CDNs
      • TODO
    • Multicast DNS
      • TODO
  • Asset Caching
    • Todo
  • Full Page Caching
    • TODO
  • Fragment Caching
    • TODO
  • Query Caching
    • TODO
  • Preprocessing
    • Todo

Debugging and Testing

  • Advice: "Don't be superstitious."
    • Lesson: TODO
  • Advice: "Be Explorative."
    • Lesson: "Use your language's Read Eval Print Loop (console) to test out everything you don't quite understand."
  • Error Messages
    • Advice: "'Oops!' is not an error message"
  • Source Maps
    • TODO

Coding Antipatterns

  • Globals
    • Advice: TODO
  • God Objects
    • Advice: TODO
  • Giant Function Signatures
    • Advice: TODO
  • Variable Names
    • Advice: "You're not charged by the character."
      • Lesson: "Most editors have autocomplete. A long explicit variable name is better than a short, confusing one."
  • Advice: "Stop being clever."
    • Lesson: "You're coding for the next programmer that's going to read your code 2 years later when you're out in vacactions. Using obscure patterns and hard to read, yet clever, code requires a much higher investment of time to understand."
  • Advice: "Be Boring."
    • Lesson: "Use what works. Don't re-invent the wheel. Not everything is special."

Code Readability

  • Advice: "Pretend the person that's going to read your code 6 months from now has your address and a gun."
    • Lesson: "Before commiting, try to read your code from scratch and see if it's readable enough for the next person to understand. Change structure when necessary, try to eliminate confusion (or code line hopping) by being extra explicit. Your coding style shouldn't be unique and representative of yourself, but something understood and consumeable by everyone."

Time

  • Advice: "Use UTC"

    • TODO
  • Advice: "Use ISO 8601 as timestamps"

    • TODO
  • Character Encoding

    • UTF-8
      • TODO
    • UTF-32
      • TODO
    • Internationalization
      • TODO

Chosing a DataBases

  • CAP Theorem
    • TODO
  • Other DB Characteristics
    • Indexability
      • TODO
    • Durability
      • TODO
    • Scalability
      • TODO
    • Speed vs throughput
      • TODO
  • Types
    • Memory
      • TODO
    • Memcache
      • TODO
    • Redis
      • TODO
    • MongoDB
      • Advice: "For prototypes only."
      • TODO
    • CouchDB
      • Advice: "Don't use CouchDB."
      • TODO
    • Level DB
      • TODO
    • MySQL
    • Postgres
      • TODO
    • Oracle
      • TODO
    • Cassandra
      • TODO
    • Riak
      • TODO
    • Neo4J
      • TODO
    • The File System as a DB
      • TODO
    • Hadoop
      • HDFS
        • TODO
      • HBase
        • TODO
    • S3
      • TODO
  • Replication
    • Advice: "Replication is not a substitute for Backups."
  • Race Conditions
    • TODO
  • ORM is an antipattern

Tips

  • Javascript
    • Advice: "Who cares if it is tabs or spaces"
  • Git
    • Advice: "Know the ins and out of Git. Don't be afraid of rebasing"
    • Git Rebase
      • TODO
    • Git Merge Conflicts
      • TODO
  • Deployment
    • Automate Deployment
      • TODO
  • Architecture Patterns
    • MVC
      • TODO
    • MVP
      • TODO
    • SOA
      • TODO
    • Event-driven
      • TODO
    • P2P
      • TODO

Career