• Take Home Programming Interviews Suck

  3 November, 2017

  I don’t like take-home programming interviews. You know the type:

  Hey, here’s a spreadsheet of data. Create a simple web application that will display the data, allow searching and filtering of it using an api, and oh, I don’t know, how about it geolocates the address column to pop up a map when clicked on? Send us a stripped git repo! You’ve got 8 hours. Ready, set, go!

  At Surge we hire a lot. Since I’ve taken over designing and implementing the interviewing process, we’ve hired over 250 senior-level developers, interviewed well over 1000, and I personally have conducted no less than 150 full-length interviews. The suggestion to add exactly such a process has come up multiple times and I’ve been against it over and over. To be fair, I don’t think this applies to every company, but it does to us, and I think it applies to many who use such a process without thinking through its applications.

  I recently wrote up my objections and - after sharing them on a few Slacks - have been asked to post a slightly edited version here.

  So here goes.

  
  Comments

• The Absurdly Underestimated Dangers of CSV Injection

  7 October, 2017

  I’ve been doing the local usergroup circuit with this lately and have been asked to write it up.

  In some ways this is old news, but in other ways…well, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV.

  That is just about every application.

  Edit: Credit where due, I’ve been pointed to this article from 2014 by an actual security pro which discusses some of these vectors. And another one.

  Comments

• On `this` in Javascript

  3 August, 2017

  Nobody listens to me.

  I’ve been saying for years that the constructor pattern, any use of the new keyword or function constructors in Javascript should be considered extremely advanced and not generally worth the rise in complexity in your code. I’ve been telling people about simple objects, and avoiding the this keyword. I’ve been trying to spread that gospel far and wide. But Javascript went ahead anyways and introduced the class keyword, ReactJs compounds their jsx mistake by recommending inheritance-based component syntax, and I keep helping dozens upon dozens of beginners fix their broken code by explaining patiently the correct incantation of symbols that is needed to get their functions to bind properly when really they just needed functions, objects, and variables.

  Nobody listens to me.

  So lets just go ahead and reset. I’ll write this up once and for all, people can read it, and if there’s any questions…well hell, I’m in 10 different Slacks and a bunch of IRCs, I’m not exactly hard to track down.

  Let’s understand the this keyword

  This is actually a more narrow subject than the whole discussion on constructors and new, but the latter is predicated on it, so lets start here.

  Burn this into your brain: In javascript, this is just a function parameter that you don’t get to name.

  Its a mind-warp so let me try and guide you through it.

  Comments

• On Javascript vs C# and the importance of community

  17 April, 2017

  I just got into a Javascript slapfight.

  It started with a Quora question. Which is the better Language, C# or Javascript?

  Because I’m sometimes a glutton for punishment, I chose to reply in depth

  ---

  Which is the better language? C#, I have no qualms about saying this. It’s not even a contest. Just examine their origins.

  C# was designed at Microsoft, a huge and very successful company with a ton of resources, as a part of one of their flagship engineering efforts; the introduction of the .Net Framework. Its chief architect is Anders Hejlsberg - one of the top language designers in the world - who had previously worked on two successful languages: Turbo Pascale and Delphi. The C# team has lead the language with a steady hand, developing an ecosystem and fully integrated tooling, including the ubiquitous-in-the-space Visual Studio IDE. In addition they’ve had two incredibly powerful programming models to draw on: Java, which C# was patterned on and which had serious deficiencies which C# has arguably fixed; and F#, a fantastic academic language based on OCaml that serves as a sort of “minor league” for C# features, trying these out before rolling many into C#.

  Oh and also LINQ. LINQ is amazing and far too few people understand how insanely powerful it can be. If you’re learning C#, it is not strictly necessary at first, but at some point take the time to learn how LINQ providers work and how to write your own. You will up your game several times over.

  Ok then, what about Javascript?

  Well, Javascript was a language created by Netscape as they tried desperately to take ownership of the web space before Microsoft sat up and took too much notice. It was created pretty much entirely by Brenden Eich who, for all his brilliance, wasn’t super experienced at language design. It was written in literally 10 days because Netscape wanted it in the next version of Navigator. It was based on Scheme and Self - two fantastic languages, and the salvation of many of Javascript’s weird inconsistencies - but then made to “look” like Java as an afterthought because Netscape was in talks with Sun and wanted a little-brother connection for marketing reasons.

  It then sat on the shelf, barely used for anything beyond calendar widgets for nine years until Gmail introduced the world to the possibility of Ajax (they did not invent the term nor the concept, but credit where due for popularizing the technique and showing what was possible). It then tried to change way too much stuff at once, failed, and has only recently settled into a reasonable pace of gradual evolution. Just in time for WebAssembly to slowly start killing it off. Its freaking shocking that any of this worked at all!

  C# is the better language.

  But the language is not the whole story. There is also the community.

  Comments

• Understanding the State of Javascript Modules

  25 November, 2016

  If you’re new to the concept of Javascript modules you might be forgiven for thinking that nothing makes sense and the world is mad. You hear about browserify, webpack, rollup, gulp, requirejs, systemjs, jspm, amd, commonjs, npm, bower and it must all seem so insane. Why all these concepts? Why all this choice for something that is so straightforward that in most languages it doesn’t even have a name?

  I’ve explained it enough times that I feel like I have a rather good patter down so let’s try to the whys and whats out there for all to see. I highly recommend reading this article in order as each section builds upon concepts in the previous to explain not only what but why the various tools under discussion work the way that they do.

  Let’s start by understanding the underlying problem. Why are in-browser (as opposed to Nodejs) javascript modules different from modules in any other language?

  Ultimately, it has to do with browser code’s client-server nature. And yes, while many programming languages work great in a client-server paradigm, the difference is that javascript is one of few where the code itself is being pulled into the client dynamically as it runs, and especially that this is done in a way that is completely controlled by the user.

  Comments

OLDER

• 29 Oct Why You Don't Get React
• 07 Aug Predictions: XHTML
• 15 Jul CSS Only Tabs
• 14 Jul You don't need to learn map/reduce
• 14 Feb This can easily be the most important OSS thing I've done
• 18 Oct Why width 50% inline-blocks don't display side-by-side
• 12 Sep Talk Roundup - Be the Es6iest
• 27 Aug Automated Testing Venn Diagram
• 03 Jul Learn reduce
• 08 Jun Color Mixing Demo App
• 06 May Some self-indulgence from the nolatech chat
• 01 May Why Not MsTest
• 20 Apr Stop teaching h tags
• 19 Feb node-gyp won't install on Windows
• 10 Nov Don't Teach Object Oriented Javascript
• 31 Oct Use Simple Modules To Fix Up Your Ugly Brownfield App 1
• 02 Aug Talk Roundup - Be the Javascriptiest
• 29 Apr On this and new
• 09 Oct Open IIS Express to the Network
• 26 Sep Setting Up RequireJs
• 29 Apr Stop that = this'ing
• 16 Jan Error Handling and the Message Repackaging Anti-Pattern
• 12 May QuickTime and a TIFF (Uncompressed) decompressor are needed to see this picture