Comments on: Web developers’ areas of expertise http://akibjorklund.com/2009/areas-of-expertise web generalist Thu, 09 Sep 2010 04:39:43 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Conscious Development » Blog Archive » Multi-competence required today http://akibjorklund.com/2009/areas-of-expertise#comment-14585 Conscious Development » Blog Archive » Multi-competence required today Tue, 29 Sep 2009 20:59:51 +0000 http://akibjorklund.com/?p=1013#comment-14585 [...] My Colleaque Jouni had a nice post about what you need to learn in coming year if you are a Microsoft developer. Another colleaque, Aki, posted a nice summary of what expertise every web developer should possess. [...] [...] My Colleaque Jouni had a nice post about what you need to learn in coming year if you are a Microsoft developer. Another colleaque, Aki, posted a nice summary of what expertise every web developer should possess. [...]

]]> By: Aki Björklund http://akibjorklund.com/2009/areas-of-expertise#comment-13751 Aki Björklund Sun, 09 Aug 2009 11:14:27 +0000 http://akibjorklund.com/?p=1013#comment-13751 Thank you for your insightful comment, I agree with you completely. (I think I fixed your comment like you intended it to be, email me if you need other changes. I really should implement a preview.) Thank you for your insightful comment, I agree with you completely.

(I think I fixed your comment like you intended it to be, email me if you need other changes. I really should implement a preview.)

]]> By: Tuomas Salo http://akibjorklund.com/2009/areas-of-expertise#comment-13750 Tuomas Salo Sun, 09 Aug 2009 10:57:37 +0000 http://akibjorklund.com/?p=1013#comment-13750 (Argh, I really hate these semi-HTML comment boxes without preview...) (Argh, I really hate these semi-HTML comment boxes without preview…)

]]> By: Tuomas Salo http://akibjorklund.com/2009/areas-of-expertise#comment-13749 Tuomas Salo Sun, 09 Aug 2009 10:56:05 +0000 http://akibjorklund.com/?p=1013#comment-13749 Security - I finally found it, just above the Misc category. I'd prefer seeing security related items within most categories. It goes way beyond XSS and CSRF. Thinking securitywise is a lot more than just "remembering to use htmlspecialchars()". There are new threats when using AJAX, JS libraries, etc. As you said, the list is not complete. How about adding these: <em>Validating your HTML/XML code</em>. Especially, understanding the concepts of wellformedness vs. validity is important. And with XML, there should be an <em>How to really generate well-formed XML</em> item, since people often fuck that up. I've seen way too many unescaped ampersands in "RSS feeds" or other "XML input" that somebody generates with bad homegrown code. You do mention performance, but only on the server side. Performance should be on the client side list, too. It has to do with browsers, AJAX, etc. Today we see a lot of <code>$('div').load("/anotherpage.php #just-a-small-part")</code> crap, because people don't care or they really don't understand how the browser will do this trick. Unicode/UTF-8/etc should be there, too. It's not too easy, and every developer <em>will</em> face problems. Joel Spolsky has written <a href="http://www.joelonsoftware.com/articles/Unicode.html" rel="nofollow">a good article on unicode</a>. And yes, even character sets have to do with security. Security – I finally found it, just above the Misc category. I’d prefer seeing security related items within most categories. It goes way beyond XSS and CSRF. Thinking securitywise is a lot more than just “remembering to use htmlspecialchars()”. There are new threats when using AJAX, JS libraries, etc.

As you said, the list is not complete. How about adding these:

Validating your HTML/XML code. Especially, understanding the concepts of wellformedness vs. validity is important. And with XML, there should be an How to really generate well-formed XML item, since people often fuck that up. I’ve seen way too many unescaped ampersands in “RSS feeds” or other “XML input” that somebody generates with bad homegrown code.

You do mention performance, but only on the server side. Performance should be on the client side list, too. It has to do with browsers, AJAX, etc. Today we see a lot of $('div').load("/anotherpage.php #just-a-small-part") crap, because people don’t care or they really don’t understand how the browser will do this trick.

Unicode/UTF-8/etc should be there, too. It’s not too easy, and every developer will face problems. Joel Spolsky has written a good article on unicode. And yes, even character sets have to do with security.

]]>