Table of Contents
Programming Style and your Brain
Visual ProcessingWhen confronted with something confusing like an optical illusion, the brain can often misinterpret what it sees. This misinterpretation is because messages between the head and the gut are in conflict. Doug explains how these conflicts influence a developer’s ability to write programs and use programming languages.
Programming StyleDoug argues that good programming style can help produce better programs. He also feels style should not be about personal preference or self-expression. Doug illustrates these concepts with his analysis of a switch statement.
CompositionWhere applicable, you should use elements of good composition. For example, Doug believes spaces should be used to disambiguate parentheses. Doug also shares a few examples where poor composition can lead to unintended consequences. These examples include immediately invocable functions, transitivity, and multiline string literals.
ScopeThe scope is one of the most useful inventions in programming; however, best practices around declarations differ from language to language. Doug explains why variables should always be declared at the top of their functions and functions should be declared before they are called. He also shares some thoughts on other declarations like global variables and the new prefix.
Bad StyleLess code isn’t necessarily better code. Doug explains the fascination developers have with creating “one-liners” and how it has led to operators like ++ and bad coding styles. Doug believes by avoiding these types of operators, many classes of errors can be eliminated.
Code Written for PerformanceOptimized code can make a program more difficult to read. Doug explains that most code has a negligible impact on performance and developers should only optimize the code taking the most time. He also recommends focusing on algorithm replacement as a means for increasing performance.
ObjectsAn object is a dynamic collection of properties. Every property has a key string that is unique within that object. Doug shares some APIs for working with Objects. He also talks about concepts like classes vs. prototypes, delegation, and prototypical inheritance.
Booleans and StringsAfter briefly talking about the Booleans, Doug dives into the strings. Strings are immutable sequences of 0 or more 16-bit Unicode characters. Doug outlines some methods in the API and shares a few style suggestions when using strings.
Function the Ultimate
Closure ExamplesDoug walks through a few code examples on how to use closure. He begins with a global variable example and demonstrates how closure can eliminate the possibility of variable conflict and allow for more performant reusability.
Module PatternThe module pattern is a much better technique for creating reusable objects through inheritance because function scope can be used as a container for private variables and methods. This eliminates the need to create global constructor functions or objects with “leaky” APIs. Doug demonstrates how the module pattern is easily transformed into a powerful constructor pattern.
Pseudoclassical Inheritance vs. Functional InheritanceDoug compares the old pseudoclassical inheritance model to the module-based function inheritance model. He also demonstrates how functional inheritance has added features like privacy making for tighter APIs.
The Metamorphosis of Ajax
The History of HTMLDoug spends some time looking at where the HTML language and syntax came from. HTML has roots in other markup languages like GML, Scribe and Runoff. Doug also shares a few examples of these parent languages.
The BrowserDoug walks through a flow chart of how the original web browsers functioned. This includes everything from fetching a URL to painting the display. He compares this original flow to scripted browsers which added an event loop.
The Script TagWhen the <script> tag was added to early browsers, there were a few hacks necessary to not break older browsers. Doug shares a little history about this tag. He also talks about the benefits of externalizing scripts and avoiding the document.write() method.
Document Tree StructureDoug summarizes the document tree and explains the relationship between child, sibling, and parent elements. He also demonstrates how to create a recursive function that can walk through the DOM by following the firstChild and nextSibling nodes.
Retrieving NodesNodes can be retrieved using many different methods. For example, the document class has methods getElementById() and getElementByName(). There are many other methods for retrieving one or more nodes. After discussing node retrieval, Doug demonstrates how to manipulate node properties through getters/setters and explores the style API.
EventsThe browser has an event-driven, single-threaded programming model. Events are targeted at particular nodes and trigger event handler functions. After introducing events and event handlers, Doug expands on some deeper topics like event bubbling and cancellation.
Division of LaborDevelopers typically need to decide how to divide applications between the browser and the server. Historically, the majority of the work was done on the server. Modern applications tend to rely more on the browser. Doug spends a few minutes explaining why he recommends to “seek the middle way”.
ES5: The New Parts
New SyntaxEven though it contradicted an original goal, ES5 introduced a lot of new syntax. Doug shares a few code examples of the new syntax added in ES5 including trailing commas, getters and setters, and constants. He also talks briefly about the addition of regular expression literals and JSON.
New MethodsDoug describes many of the new methods added in ES5. Most of these methods were added to the Array and Date objects, but he also covers the String.trim() and Object.create() methods.
Meta Object APIObjects have two kinds of properties: Data properties and Accessor properties. These properties are comprised of four attributes. Until ES5, these attributes were not accessible. Doug explains how the addition of the Meta Object API opens up access to property attributes.
Fun with Functions
Function Challenge 1After a brief explanation of the setup, Doug gives the audience a quiz. Then he begins the Fun with Functions exercises.
Function Challenge 2In this challenge, you will write the curry() function.
Function Challenge 3In this challenge, you will write the twice(), reverse(), composeu(), composeb(), and limit() functions.
Function Challenge 4In this challenge, you will write the from(), to(), fromTo() and element() functions.
Function Challenge 5In this challenge, you will write the collect(), filter(), and concat() functions.
Function Challenge 6In this challenge, you will write the gensymf(), gensymff(), and fibonaccif() functions.
Function Challenge 7In this challenge, you will write the counter() and revocable() functions.
Function Challenge 8In this challenge, you will write the m(), addm(), and liftm() functions.
Function Challenge 9In this challenge, you will write the exp() function and gives the instructions for writing the addg() function.
Function Challenge 10In this challenge, you will write the addg(), liftg(), arrayg(), and continuize() functions.
Building a Better ConstructorDoug takes a brief break from the function challenges to explain how to create a better constructor. He starts with a pattern he’s previously shown where a function is used to construct objects. He then revises the pattern to incorporate some ES6 syntax and make the code more secure and reliable.
Function Challenge 11In this challenge, you will write a wrapper method with get(), store(), and append() methods.
Identifying Security VulnerabilitiesDoug spends some time challenging the audience to find the security vulnerabilities within his vector() function. He fields questions about the code while guiding the discussion closer to a solution.
Identifying Security Vulnerabilities - ContinuedDoug continues to field audience questions about the vulnerabilities in the code.
Identifying Security Vulnerabilities - SolutionDoug walks through the solution for patching security vulnerabilities on the array object in the vector() function.
Function Challenge 12In this challenge, you will write a function that makes a publish/subscribe object.
Securing the pubsub() FunctionDoug demonstrates how to properly secure the publish() and subscribe() methods within the pubsub() function. He adds some error handling, replaces the for loop, and utilizes Object.freeze()
Securing the pubsub() Function - ContinuedDoug finishes his demonstration on how to secure the pubsub() function by ensuring messages are delivered in the correct order.
Principles of Security
CryptographyThe Kerckhoffs Principle states the design of a system should not require secrecy; and compromise of the system should not inconvenience the correspondents. This principle leads Doug into a discussion about cryptography and the One Time Pad.
Security and the BrowserThe browser platform is historically insecure. HTML5 has only made it more vulnerable. Doug outlines a number of the vulnerabilities presented by building applications in the browser. This includes the ability for an attacker to read the document, alter the display, and access database information.
Cross Site ScriptingCross site scripting attacks (XSS) were invented in 1995. Doug looks at some of the security steps that have been put in place to protect against XSS but stresses browsers are still insecure by default. He also analyzes what causes XSS vulnerabilities and why they still exist.
Object CapabilitiesUsing the principle of least authority, Doug explains how the “actor model” can be applied to object oriented programming to create more secure software. He calls this application Object Capabilities.
Reducing ComplexityBugs in code are often manifested from confusion. Complex code leads to more confusion and results in highly vulnerable systems. Doug shares a few recommendations about reducing complexity and how to write better code.
A Simple AttackDoug walks through a very simple example of a cross site scripting attack. He also stresses the importance of properly encoding all non-literal elements during concatenation. Doug wraps up his coverage on security with a few final thought and recommendations.
Asynchronous FunctionsAsynchronous functions return immediately. Success or failure are determined in the future. Doug explains how synchronicity works in a turn-based system. He talks about the history of the event loop and the need to adhere to the “law of turns”.
Functional ProgrammingFunctional programming has grown in popularity because it contains the solutions to a lot of the asynchronous problems of deeply nested event handlers. Doug introduces the RQ library which helps manage synchronicity in server applications.
RQ ExampleDoug shares an example of an RQ program. In this case, most of the logic is in the form of nested arrays. After demonstrating the application, Doug moves on to talk about RQ’s ability to handle other cases like timeouts and cancellations.
RQ Function TypesRQ has four types of functions. They are requestor, callback, factory, and cancel. Doug spends a few minutes looking at each function type and their use cases.
Testing with JSCheckTesting asynchronous systems can be difficult because often times a value to be tested is not available at the time of the assertion. Inspired by the Haskel-based library QuickCheck, Doug wrote a library called JSCheck. His library provides both case generation and testing over turns.
Closure and ContinuationDoug wraps up his coverage on Asynchronicity with a few final thoughts on closure and continuation. He also provides links to his RQ and JSCheck projects and answers a few audience questions.
The Better Parts
Arguments Against the Good PartsWhile Doug’s book is still relevant today, there are developers that have challenged many of his assertions. Doug lists some of the arguments he hears about the good parts and shares his thoughts.
Good Parts ReconsideredDoug looks back at the the original Good Parts and reflects on what’s changed. For example, originally he stopped using the new operator and switched to Object.create(). Now he’s stopped using Object.create(). Doug explains why and also talks about his experience with AdSafe.org
Evolution of InheritancePrototypical inheritance was Doug’s original method of choice. His views of inheritance have evolved, however. He now recommends using class-free object oriented programming. Doug reviews some of the function best practices he covered earlier in the course.
A Bug StoryDoug spends a few minutes talking about a bug he had with the int number format. It was due to the way overflow is handled. This has led him to propose a new number format called DEC64.
JSONDoug shares some thoughts about his work on the JSON data format. He also gives some advice to anyone designing alternative data formats.
Final ThoughtsDoug wraps up the course with a few final thoughts and begins answering some audience questions.
Audience Q&ADoug spends a few more minutes answering audience questions.