Programming Style and your Brain
- 04:14 - 14:26 Visual Processing When confronted with something confusing like an optical illusion, the brain can often misinterpret what it sees. This misinterpretation is because messages between the head and the gut are in conflict. Doug explains how these conflicts influence a developer’s ability to write programs and use programming languages.
14:27 - 26:18
- 26:19 - 34:38 Programming Style Doug argues that good programming style can help produce better programs. He also feels style should not be about personal preference or self-expression. Doug illustrates these concepts with his analysis of a switch statement.
- 34:39 - 45:35 Composition Where applicable, you should use elements of good composition. For example, Doug believes spaces should be used to disambiguate parentheses. Doug also shares a few examples where poor composition can lead to unintended consequences. These examples include immediately invocable functions, transitivity, and multiline string literals.
- 45:36 - 54:05 Scope The scope is one of the most useful inventions in programming; however, best practices around declarations differ from language to language. Doug explains why variables should always be declared at the top of their functions and functions should be declared before they are called. He also shares some thoughts on other declarations like global variables and the new prefix.
- 54:06 - 01:01:49 Bad Style Less code isn’t necessarily better code. Doug explains the fascination developers have with creating “one-liners” and how it has led to operators like ++ and bad coding styles. Doug believes by avoiding these types of operators, many classes of errors can be eliminated.
- 01:01:50 - 01:08:02 Code Written for Performance Optimized code can make a program more difficult to read. Doug explains that most code has a negligible impact on performance and developers should only optimize the code taking the most time. He also recommends focusing on algorithm replacement as a means for increasing performance.
- 01:22:53 - 01:30:16 Objects An object is a dynamic collection of properties. Every property has a key string that is unique within that object. Doug shares some APIs for working with Objects. He also talks about concepts like classes vs. prototypes, delegation, and prototypical inheritance.
- 01:39:27 - 01:45:26 Booleans and Strings After briefly talking about the Booleans, Doug dives into the strings. Strings are immutable sequences of 0 or more 16-bit Unicode characters. Doug outlines some methods in the API and shares a few style suggestions when using strings.
Function the Ultimate
- 02:37:03 - 02:50:54 Closure Examples Doug walks through a few code examples on how to use closure. He begins with a global variable example and demonstrates how closure can eliminate the possibility of variable conflict and allow for more performant reusability.
- 03:00:55 - 03:08:54 Module Pattern The module pattern is a much better technique for creating reusable objects through inheritance because function scope can be used as a container for private variables and methods. This eliminates the need to create global constructor functions or objects with “leaky” APIs. Doug demonstrates how the module pattern is easily transformed into a powerful constructor pattern.
- 03:08:55 - 03:15:28 Pseudoclassical Inheritance vs. Functional Inheritance Doug compares the old pseudoclassical inheritance model to the module-based function inheritance model. He also demonstrates how functional inheritance has added features like privacy making for tighter APIs.
The Metamorphosis of Ajax
- 03:15:29 - 03:24:37 The History of HTML Doug spends some time looking at where the HTML language and syntax came from. HTML has roots in other markup languages like GML, Scribe and Runoff. Doug also shares a few examples of these parent languages.
- 03:34:53 - 03:39:29 The Browser Doug walks through a flow chart of how the original web browsers functioned. This includes everything from fetching a URL to painting the display. He compares this original flow to scripted browsers which added an event loop.
- 03:39:30 - 03:47:18 The Script Tag When the <script> tag was added to early browsers, there were a few hacks necessary to not break older browsers. Doug shares a little history about this tag. He also talks about the benefits of externalizing scripts and avoiding the document.write() method.
- 03:47:19 - 03:52:56 Document Tree Structure Doug summarizes the document tree and explains the relationship between child, sibling, and parent elements. He also demonstrates how to create a recursive function that can walk through the DOM by following the firstChild and nextSibling nodes.
- 03:52:57 - 04:02:24 Retrieving Nodes Nodes can be retrieved using many different methods. For example, the document class has methods getElementById() and getElementByName(). There are many other methods for retrieving one or more nodes. After discussing node retrieval, Doug demonstrates how to manipulate node properties through getters/setters and explores the style API.
- 04:02:25 - 04:09:09 Events The browser has an event-driven, single-threaded programming model. Events are targeted at particular nodes and trigger event handler functions. After introducing events and event handlers, Doug expands on some deeper topics like event bubbling and cancellation.
- 04:13:54 - 04:20:08 Division of Labor Developers typically need to decide how to divide applications between the browser and the server. Historically, the majority of the work was done on the server. Modern applications tend to rely more on the browser. Doug spends a few minutes explaining why he recommends to “seek the middle way”.
ES5: The New Parts
- 04:24:52 - 04:30:39 New Syntax Even though it contradicted an original goal, ES5 introduced a lot of new syntax. Doug shares a few code examples of the new syntax added in ES5 including trailing commas, getters and setters, and constants. He also talks briefly about the addition of regular expression literals and JSON.
- 04:30:40 - 04:40:53 New Methods Doug describes many of the new methods added in ES5. Most of these methods were added to the Array and Date objects, but he also covers the String.trim() and Object.create() methods.
- 04:40:54 - 04:48:30 Meta Object API Objects have two kinds of properties: Data properties and Accessor properties. These properties are comprised of four attributes. Until ES5, these attributes were not accessible. Doug explains how the addition of the Meta Object API opens up access to property attributes.
04:48:31 - 04:57:00
- ***FYI - Looks like this video ended a few seconds early before he was done talking.
Fun with Functions
- 04:57:01 - 05:06:42 Function Challenge 1 After a brief explanation of the setup, Doug gives the audience a quiz. Then he begins the Fun with Functions exercises.
- 05:06:43 - 05:13:19 Function Challenge 2 In this challenge, you will write the curry() function.
- 05:13:20 - 05:22:44 Function Challenge 3 In this challenge, you will write the twice(), reverse(), composeu(), composeb(), and limit() functions.
- 05:22:45 - 05:34:41 Function Challenge 4 In this challenge, you will write the from(), to(), fromTo() and element() functions.
- 05:34:42 - 05:44:18 Function Challenge 5 In this challenge, you will write the collect(), filter(), and concat() functions.
- 05:44:19 - 05:55:23 Function Challenge 6 In this challenge, you will write the gensymf(), gensymff(), and fibonaccif() functions.
- 05:55:24 - 06:03:57 Function Challenge 7 In this challenge, you will write the counter() and revocable() functions.
- 06:03:58 - 06:11:28 Function Challenge 8 In this challenge, you will write the m(), addm(), and liftm() functions.
- 06:11:29 - 06:16:39 Function Challenge 9 In this challenge, you will write the exp() function and gives the instructions for writing the addg() function.
- 06:16:40 - 06:25:42 Function Challenge 10 In this challenge, you will write the addg(), liftg(), arrayg(), and continuize() functions.
- 06:25:43 - 06:36:47 Building a Better Constructor Doug takes a brief break from the function challenges to explain how to create a better constructor. He starts with a pattern he’s previously shown where a function is used to construct objects. He then revises the pattern to incorporate some ES6 syntax and make the code more secure and reliable.
- 06:36:48 - 06:40:17 Function Challenge 11 In this challenge, you will write a wrapper method with get(), store(), and append() methods.
- 06:40:18 - 06:49:01 Identifying Security Vulnerabilities Doug spends some time challenging the audience to find the security vulnerabilities within his vector() function. He fields questions about the code while guiding the discussion closer to a solution.
- 06:49:02 - 07:00:23 Identifying Security Vulnerabilities - Continued Doug continues to field audience questions about the vulnerabilities in the code.
- 07:00:24 - 07:08:34 Identifying Security Vulnerabilities - Solution Doug walks through the solution for patching security vulnerabilities on the array object in the vector() function.
- 07:08:35 - 07:13:49 Function Challenge 12 In this challenge, you will write a function that makes a publish/subscribe object.
- 07:13:50 - 07:22:48 Securing the pubsub() Function Doug demonstrates how to properly secure the publish() and subscribe() methods within the pubsub() function. He adds some error handling, replaces the for loop, and utilizes Object.freeze()
- 07:22:49 - 07:33:28 Securing the pubsub() Function - Continued Doug finishes his demonstration on how to secure the pubsub() function by ensuring messages are delivered in the correct order.
Principles of Security
- 07:44:16 - 07:57:06 Cryptography The Kerckhoffs Principle states the design of a system should not require secrecy; and compromise of the system should not inconvenience the correspondents. This principle leads Doug into a discussion about cryptography and the One Time Pad.
- 07:57:07 - 08:04:20 Security and the Browser The browser platform is historically insecure. HTML5 has only made it more vulnerable. Doug outlines a number of the vulnerabilities presented by building applications in the browser. This includes the ability for an attacker to read the document, alter the display, and access database information.
- 08:04:21 - 08:08:56 Cross Site Scripting Cross site scripting attacks (XSS) were invented in 1995. Doug looks at some of the security steps that have been put in place to protect against XSS but stresses browsers are still insecure by default. He also analyzes what causes XSS vulnerabilities and why they still exist.
- 08:08:57 - 08:17:12 Object Capabilities Using the principle of least authority, Doug explains how the “actor model” can be applied to object oriented programming to create more secure software. He calls this application Object Capabilities.
- 08:17:13 - 08:24:15 Reducing Complexity Bugs in code are often manifested from confusion. Complex code leads to more confusion and results in highly vulnerable systems. Doug shares a few recommendations about reducing complexity and how to write better code.
- 08:24:16 - 08:32:06 A Simple Attack Doug walks through a very simple example of a cross site scripting attack. He also stresses the importance of properly encoding all non-literal elements during concatenation. Doug wraps up his coverage on security with a few final thought and recommendations.
- 08:40:23 - 08:49:25 Asynchronous Functions Asynchronous functions return immediately. Success or failure are determined in the future. Doug explains how synchronicity works in a turn-based system. He talks about the history of the event loop and the need to adhere to the “law of turns”.
- 08:55:14 - 09:00:21 Functional Programming Functional programming has grown in popularity because it contains the solutions to a lot of the asynchronous problems of deeply nested event handlers. Doug introduces the RQ library which helps manage synchronicity in server applications.
- 09:00:22 - 09:08:14 RQ Example Doug shares an example of an RQ program. In this case, most of the logic is in the form of nested arrays. After demonstrating the application, Doug moves on to talk about RQ’s ability to handle other cases like timeouts and cancellations.
- 09:08:15 - 09:14:10 RQ Function Types RQ has four types of functions. They are requestor, callback, factory, and cancel. Doug spends a few minutes looking at each function type and their use cases.
- 09:14:11 - 09:24:14 Testing with JSCheck Testing asynchronous systems can be difficult because often times a value to be tested is not available at the time of the assertion. Inspired by the Haskel-based library QuickCheck, Doug wrote a library called JSCheck. His library provides both case generation and testing over turns.
09:24:15 - 09:27:27
Closure and Continuation
Doug wraps up his coverage on Asynchronicity with a few final thoughts on closure and continuation. He also provides links to his RQ and JSCheck projects and answers a few audience questions.
- https://github.com/douglascrockford/rq , https://github.com/douglascrockford/jscheck
The Better Parts
- 09:33:53 - 09:43:39 Arguments Against the Good Parts While Doug’s book is still relevant today, there are developers that have challenged many of his assertions. Doug lists some of the arguments he hears about the good parts and shares his thoughts.
- 09:53:55 - 10:01:29 Good Parts Reconsidered Doug looks back at the the original Good Parts and reflects on what’s changed. For example, originally he stopped using the new operator and switched to Object.create(). Now he’s stopped using Object.create(). Doug explains why and also talks about his experience with AdSafe.org
- 10:11:52 - 10:18:36 Evolution of Inheritance Prototypical inheritance was Doug’s original method of choice. His views of inheritance have evolved, however. He now recommends using class-free object oriented programming. Doug reviews some of the function best practices he covered earlier in the course.
- 10:18:37 - 10:30:31 A Bug Story Doug spends a few minutes talking about a bug he had with the int number format. It was due to the way overflow is handled. This has led him to propose a new number format called DEC64.
- 10:30:32 - 10:37:27 JSON Doug shares some thoughts about his work on the JSON data format. He also gives some advice to anyone designing alternative data formats.
- 10:37:28 - 10:44:08 Final Thoughts Doug wraps up the course with a few final thoughts and begins answering some audience questions.
- 10:44:09 - 10:52:45 Audience Q&A Doug spends a few more minutes answering audience questions.