Time is a very limited resource. You have only so many hours you can allocate to shape up your skills. It is very easy to get distracted by yet another newsletter, hacker news or a twitter feed and spend the rest of the evening reading articles. I am guilty of this one and too often I find myself consuming articles with the goal of just “completing” all open tabs. It is hard to find a good balance between meeting your learning goals and the fear of missing out on the new great thing. That is why having a strategy is so important.
I would like to share a few of my picks for 2018. I believe those subjects can viably augment your software development skills. I divided them into fundamentals and cutting edge so you can work on your craftsmanship and also satisfy your curiosity.
Do you consider these questions valid interview questions for someone who claims to know the language?
We all console.log everything when we stumble upon a bug but from time to time I cannot be grateful enough for a possibility to set up breakpoints and explore the running code using an actual debugger. Apart from the source inspector and debugging capabilities, there are multiple profiling and performance monitoring features. You can test user experience on a slow network or how it performs on low-end devices. Not everyone is using a $700 smartphone with unlimited LTE data plan.
DevTools are not only limited to be used with web applications but also available for Node.js if run with –inspector and –debug-brk flags.
ROI on time investment in learning DevTools is pretty clear to me. It will not give you a massive boost from the day one. Every-day, little speed-ups will collectively make you more performant developer.
- What’s New in DevTools
Security tends to be overlooked as in fast, agile teams you are focused on providing “business value”. Security on its own neither generates income nor improves the conversion rate but can save you money and reputation in the long run. This spans responsibility for securing of the system across the entire team.
Security should always be perceived as a process instead of something you have completed. There is no way to be done with securing your application but there are things you can do to protect yourself from a security breach. There are multiple security checklists on the internet. It is good to make yourself familiar with them, although I do not consider completing such checklist a learning here. As a developer, you should get a high-level understanding of existing threads and be able to maintain the system in a way that reduces possible vulnerabilities. And yes, it involves setting security headers, sanitizing input, using CSRF tokens and all that but also keeping track of known vulnerabilities in your dependencies (nodesecurity.io, snyk.io). Recently GitHub introduced a similar feature, too. When you plan your work, you take into account writing tests and maybe pair programming. Schedule time for security checks and updating your knowledge on the latest vulnerabilities.
It would be beneficial if you managed to grow an inner hacker. Your inner hacker thinks about possible flaws in your application when you are working on it. How would you perform XSS attack? Is it possible to inject SQL into query params? It is not an easy thing to keep in mind while developing. Very often we just focus on completing a task. Make sure that security check is a part of your CI and code review process. Never implement your own encryption. Rely on proven solutions, learn how and when to use crypto module, BCrypt, and Argon2.
- Keeping passwords safe in 2017
- JSJ 294: Node Security with Adam Baldwin
- I’m harvesting credit card numbers and passwords from your site. Here’s how.
Progressive Web Apps
Progressive Web Apps disrupted the model in which modern web applications used to work. Progressive Web Apps bridge the gap between a web page and a mobile application. It is now possible to significantly improve caching strategies with Cache API, pin your web app to the home screen and use it as an ordinary mobile application, even offline!
ServiceWorker is the biggest milestone (but not the only one), which makes the difference between a progressive web app and, let’s call it, a conventional one. You might consider ServiceWorker or, in general, Progressive Web Apps more of a cutting-edge topic. Truth is, it is possible to use it in Chrome since 2014. The ServiceWorker life cycle is fairly complicated with its own set of challenges and testing is much more difficult than you want it to be. Nonetheless, I am always happy to work on it due to how beneficial it is for the user.
There is a wide range of possible use cases. You should keep in mind the track-record of companies which successfully implemented new features into their apps substantially improving performance, user experience, and finally observed a conversion growth.
- Progressive Web Apps: What, Why, and How? – touching on a business incentive for adoption of Progressive Web Apps
- The offline cookbook – Jake’s blog is a great resource to learn more about ServiceWorkers
Blockchain is a really hyped up topic right now. Mostly due to the recent rapid growth of cryptocurrencies market capitalization. There are many more use cases for Blockchain than storing value and exchanging assets. Blockchain space created an opportunity for developers to utilize decentralized space with smart contracts.
If you are new to smart contracts, I would recommend getting started with Ethereum. It is the most mature platform, relatively well documented. Truffle is an Ethereum development framework, really helpful throughout the process of writing and testing smart contracts. Thanks to Web3.js it is possible to create a user interface which can communicate with your smart contract.