Please Contribute
Go to http://blog.omarduarte.me/stuff-every-junior-developer-should-know/ to learn more about this repository. Source Repository: https://github.com/omarduarte/juniors_should_know/
Any suggestions on the format and structure of this list are more than welcome. To contribute:
- Fork this repository
- Find awesome links (avoid w3schools!), shorten them, and add to the list (101, advanced, etc...)
- Send me a pull request
- ...
- Profit!
NON-TECH
- Dunning Kruger
- The Dunning Kruger Effect (Wikipedia) http://bit.ly/188ZIy5
- Dunnning Kruger Effect Graph http://bit.ly/1wCvhqu
- Impostor Syndrome
- Overcoming Impostor Syndrome http://bit.ly/1nPfFkA and http://bit.ly/1yU3l4Y
- Knowing your tools
- Get really fast at typing and editing, because that's what you spend all your time doing
- Automate any task that you do frequently; small tasks add up to big time savings
- Advice: "Stop judging people for their choice of editor."
- Touch Typing
- KeyBr http://bit.ly/1ti5cMc (Great UI, doesn't show hand position)
- Typing Club http://bit.ly/1vm7QQP (Excellent! Shows finger positions)
- Sublime Shortcuts
- Shortcuts Cheatsheet http://bit.ly/1x1xBeE
- OS X Shortcuts
- OS X Shortcuts: http://www.danrodney.com/mac/
- Chrome Shortcuts
- Chrome Devtools CheatSheet http://bit.ly/1v8nvoJ
The UNIX console
-
Learn most commonly used UNIX-based console commands.
Advice: Understanding Unix/Linux is key to become a better developer. Many things which might require complex programs can be done easily by pipelining basic Unix commands.
-
The Basics.
-
Basic commands everyone should be comfortable with. (http://bit.ly/1nVrUGa)
-
Basics about Unix in general, I/O redirection and pipelines (http://bit.ly/14wPCpj)
-
-
AWK tutorial. AWK is a real handy command all developers should know. (http://bit.ly/1DVsZYw)
-
SED tutorial. Another powerful and handy command. (http://bit.ly/1y8N7HV)
-
Advanced but incredibly handy.
-
AWK cheat sheet (http://bit.ly/1KGSBgp)
-
SED cheat sheet (http://bit.ly/1xXJkuT)
-
-
Beyond just the basics
- UNIX : The ultimate guide covers nearly all aspects of Unix/Linux (http://amzn.to/1FRUzKY)
-
HTML
- Advice: "HTML is meaningful".
- Lesson:
- Use the appropiate tags for the following:
- Headings
- Heading Structure http://bit.ly/1AgtQmB
- Articles
- The article element http://bit.ly/13QWuxK
- Lists
- HTML Lists http://bit.ly/1zOisPL
- Navigation
- Semantic Navigation with the nav element http://bit.ly/1xeALLQ
- Addresses
- The Address element http://bit.ly/1B2nkQD
- Times
- Best of Time http://bit.ly/1wyUFwd
- Headings
- Use the appropiate tags for the following:
- Lesson:
- Use <dl>
- The dl Element http://bit.ly/13QXqSS
- Forms
- Placeholders
- HTML5 Placeholders http://bit.ly/1CRWBIH
- Select Multiple
- HTML Multiple http://bit.ly/1rNklte
- label for={{ id-of-control-element }}
- W3 Standard Definition http://bit.ly/1wMQq0a
- Optgroup
- MDN Reference for optgroup http://mzl.la/1xCNDgR
- Mobile
- Autocomplete=off
- MDN Web Security Blog Post http://mzl.la/1Br6ARk
- Autocapitalize=off
- Disabling Auto-Correct And Auto-Capitalize Features On iPhone Inputs http://bit.ly/1tHUpRi
- Autocomplete=off
- Placeholders
- Advice: "Code Smells."
- Lesson: "Clean up before deploying. Comments are for you, not for the end user." CSS
- Master the Box Model
- The Box Model for Beginners http://bit.ly/1ljbFYS
- W3 Box Model Specifications http://bit.ly/13TljZD
- Tricks that can save you a ton of time
- border-box for box sizing
- display: table-cell
- http://mzl.la/1FqkDrr (all display properties)
- @media selectors
- Attribute selectors
- Explained: http://bit.ly/1FZvFro
- input[type=radio]
- div[data-foo~=value]
- div[data-foo|=value]
- a[href^=http]
- a[href$=.zip]
- Advice: "CSS animation is way better than Javascript animation"
- Lesson: Take with a grain of salt (http://bit.ly/1AGVrAq)
- Learn one of the following:
- SASS
- LESS
FrontEnd
- Advice: "Learn Javascript, CoffeeScript is not Javascript."
- Advice: "You don't always need an app."
- Advice: "Don't sacrifice UX over using a tool that makes your life easier."
- Lesson: "Your Rich apps take long to load up, specially when the user is using a mobile device. If you don't need an app to show the content, don't use an app. If you do, then show a static page (mocking the app) while your app loads in the background."
- Advice: "Handle the read case."
- Lesson: "Nothing makes a user more angry than being unable to reach the information they need."
- Indexability (SEO Basics)
- URLs
- TODO
- Crawlers
- TODO
- Site maps
- TODO
- Insite Links
- TODO
- URLs
UX
- Advice: "No one cares about carousels"
- Advice: "Don't move the cheese". -Lesson: "Messing with elements while scrolling will confuse and distract your users. Stop moving stuff."
- Advice: "Don't block the content with an email subscription call to action."
- My Advice: "Use sparingly. Only use when you feel your users have consumed most of the content they would in that visit and are about to leave the site."
State
- Advice: "Never break links."
- Lesson: "If you changed the URL for a page, always re-direct the old URL to the new one."
- URL Redirection
- TODO
- Advice: "Keep URLs Meaningful."
- Lesson: "Use pushState to change URL in Rich web apps. Your users should be able to copy an URL from their browser and be able to share it with their friends."
- pushState
- TODO
- pushState
- Lesson: "Use pushState to change URL in Rich web apps. Your users should be able to copy an URL from their browser and be able to share it with their friends."
- Advice: "Avoid hashbangs!".
- hashbang
- TODO
- hashbang
Sessions
- Cookies
- TODO (What are cookies?)
- Advice: "Cookies are not for storage. Your cookies shouldn't be larger than 4096 bytes."
- Security
- HttpOnly = true
- Secure = true
- TODO (Aditional cookies security).
- LocalStorage
- TODO (What is LocalStorage?)
- Advice: "Use it."
Security
- OWASP TOP 10
- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- List of Top 10 current security vulnerabilities
- XSS
- Cross Site Scripting: being tricked into executing external Javascript
- can lead to an attacker being able to do anything a victim can do through their browser
- OWASP XSS Prevention Cheatsheat: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
- Cross Site Request Forgery
- Victim has an active session and has been authenticated on another web site, such as a bank website
- Victim visits another website and is tricked into submitting an HTTP request to the valid website
- Victim thinks they are submitting a form to enter a contest, but are actually submitting a form to transfer all their money to China
- Can be prevented with input validation, specifically by using Regex
- OWASP CSRF Prevention Cheatsheat: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
- SQL Injections
- When user input goes directly into a database query, attackers can make malicious queries
- Attacker inputs a SQL query into a form
- Can be used to query the database for all user passwords or drop database tables
- Do not trust user input
- Prevention: Avoid dynamic DB queries or use Stored Procedures (developer defines query, users only supply the parameters)
- OWASP SQL Injection Prevention: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
- Other Types of Injection
- Command Injection: User-supplied input is passed to the system shell, allowing attacker to execute commands
- Code Injection: Attacker executes code in the application without accessing the shell
- Prevention: input validation
- Advice: "eval() is evil."
- OWASP Command Injection Prevention: https://www.owasp.org/index.php/Command_Injection
- Insecure Direct Object Reference
- Developer exposes access to an internal implementation object, such as a file, directory or database key
- Developer intends user to have access to a harmles file: www.example.com/images/my_image
- Attacker can reach sensitive files by climbing up the directory: www.example.com/images/../../../my_secret.key
- OWASP Insecure Direct Object References: https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
- See The OWASP Top 10 List for Other Common Vulnerabilities
- Authentication
- Identification
- User states who they are
- User can claim to be someone they are not
- ex. Entering your name or username
- Authentication
- Computer validates user identity
- ex. entering a password, showing a Drivers License
- Authorization
- Determining what a person is allowed to do in a system
- Assumes user has already been identified and authenticated
- Advice: "Don't do Authority via Identity" i.e. Everyone can edit cookies.
- Identification vs. Authentication vs. Authorization: https://danielmiessler.com/blog/security-identification-authentication-and-authorization/
- Identification
- Salting and hashing passwords
- Salting: Adding randomness to your encryption so that an attacker cannot reverse-engineer the passwords on your site
- Without salting, an attacker can try a common password with different encryption methods until one works: he now knows your encyption method
- When the attacker knows your encryption method, he can decrypt everyone's password
- Hashing: Using an algorithm, a password is converted to a long sequence of numbers and letters
- Example hash: 8743b52063cd84097a65d1633f5c74f5
- Advice: "Use bcrypt."
Performance
- Speed
- Time taken to process 1 request
- TODO
- Efficiency
- Resources used per request
- Todo
- Throughput
- Total amount of requests processed per second.
- Concurrent Requests / Process time of one request
- Todo
- Latency
- Time that the user perceives to get a response.
- Todo
Caching
- Caching === storage for speed
- Client caching
- TODO
- Edge Caching
- CDNs
- TODO
- Multicast DNS
- TODO
- CDNs
- Asset Caching
- Todo
- Full Page Caching
- TODO
- Fragment Caching
- TODO
- Query Caching
- TODO
- Preprocessing
- Todo
Debugging and Testing
- Advice: "Don't be superstitious."
- Lesson: TODO
- Advice: "Be Explorative."
- Lesson: "Use your language's Read Eval Print Loop (console) to test out everything you don't quite understand."
- Error Messages
- Advice: "'Oops!' is not an error message"
- Source Maps
- TODO
Coding Antipatterns
- Globals
- Advice: TODO
- God Objects
- Advice: TODO
- Giant Function Signatures
- Advice: TODO
- Variable Names
- Advice: "You're not charged by the character."
- Lesson: "Most editors have autocomplete. A long explicit variable name is better than a short, confusing one."
- Advice: "You're not charged by the character."
- Advice: "Stop being clever."
- Lesson: "You're coding for the next programmer that's going to read your code 2 years later when you're out in vacactions. Using obscure patterns and hard to read, yet clever, code requires a much higher investment of time to understand."
- Advice: "Be Boring."
- Lesson: "Use what works. Don't re-invent the wheel. Not everything is special."
Code Readability
- Advice: "Pretend the person that's going to read your code 6 months from now has your address and a gun."
- Lesson: "Before commiting, try to read your code from scratch and see if it's readable enough for the next person to understand. Change structure when necessary, try to eliminate confusion (or code line hopping) by being extra explicit. Your coding style shouldn't be unique and representative of yourself, but something understood and consumeable by everyone."
Time
-
Advice: "Use UTC"
- TODO
-
Advice: "Use ISO 8601 as timestamps"
- TODO
-
Character Encoding
- UTF-8
- TODO
- UTF-32
- TODO
- Internationalization
- TODO
- UTF-8
Chosing a DataBases
- CAP Theorem
- TODO
- Other DB Characteristics
- Indexability
- TODO
- Durability
- TODO
- Scalability
- TODO
- Speed vs throughput
- TODO
- Indexability
- Types
- Memory
- TODO
- Memcache
- TODO
- Redis
- TODO
- MongoDB
- Advice: "For prototypes only."
- TODO
- CouchDB
- Advice: "Don't use CouchDB."
- TODO
- Level DB
- TODO
- MySQL
- TODO
- SQL is actually great
- http://seldo.com/weblog/2010/07/12/in_defence_of_sql
- Postgres
- TODO
- Oracle
- TODO
- Cassandra
- TODO
- Riak
- TODO
- Neo4J
- TODO
- The File System as a DB
- TODO
- Hadoop
- HDFS
- TODO
- HBase
- TODO
- HDFS
- S3
- TODO
- Memory
- Replication
- Advice: "Replication is not a substitute for Backups."
- Race Conditions
- TODO
- ORM is an antipattern
Tips
- Javascript
- Advice: "Who cares if it is tabs or spaces"
- Git
-
Advice: "Know the ins and out of Git. Don't be afraid of rebasing"
-
Git Rebase: Atlassian merging vs. rebasing
-
The Golden Rule Of Rebasing: Don't rebase public branches
-
Rebasing detaches your entire branch and places it on top of another, giving a linear commit graph.
-
Merging joins the head of two branches, showing a fork in the commit graph.
-
If you are unsure of how a rebase will turn out, do it in a separate branch to avoid getting your working copy into an unrecoverable state
-
Advantages:
- Linear history
- Easier to use
git log
and more advanced commands such asgit bisect
-
Disadvantages:
- Harder to determine when merges happened/loses context with time (older commits can be placed after newer ones)
- A destructive operation (changes commit hashes AKA "history")
-
-
Git Merge Conflicts
- TODO
-
- Deployment
- Automate Deployment
- TODO
- Automate Deployment
- Architecture Patterns
- MVC
- TODO
- MVP
- TODO
- SOA
- TODO
- Event-driven
- TODO
- P2P
- TODO
- MVC
Career
- People are bad at giving technical interviews http://bit.ly/1C35JrQ
- Here's how to do well at interviews http://bit.ly/1oxEJ9g
- Essential tips for making your resume http://bit.ly/1JtoMyc