Last updated: 2023/02/27
If you haven't used Docker or are unfamiliar with containers as an idea, you're doing something wrong. Being able to launch an entire application in its own environment, independent of what's on your computer, is an amazing feature for programmers. Burke Holland's satirical writing explores how to run a web application in a remote container using VS Code. Although he uses the *cough* inferior *cough* OS known as Windows (fight me, I'm an Arch Linux user), I'll forgive him for the breadth of points he covers in regards to getting things running with containers.
It's good to know about how the framework you're using works. No brainer.
So you know that I'm trying to delve more into design patterns and programming paradigms in order to improve my coding productivity. Declarative programming is one of the patterns I stumbled upon, and it focuses on the logic of a computer rather than its control flow. Peter Suggate's extensive article applies the principle to a web application, and exemplifies it by using a finite state machine to control front end UI processes.
The state of web development 10 years ago was probably pretty depressing and frustrating. However, in the past decade, a lot has changed in terms of developer comfort. David Heinemeier Hansson explains how bundlers, one of the parts of the software chain that make web development a hassle, are being made obsolete by HTTP2 and growing browser support for ES6.
If you write code, you're definitely vaguely familiar with OOP, and probably at some point debated FP vs OOP vs DOP (data-oriented). Well in this article, Yehonathan Sharvit explores how concept very central to OOP can be reimplemented using a functional/data-oriented approach. Is it really an improvement on the OOP implementation? YOU DECIDE!
"Great DX shouldn't come at the expense of great UX". That's how Matt Stobbs starts the article, describing Svelte's philosophy. If you're not in the know, Svelte is a lovely new web dev framework. Matt covers Svelte's philosophy from his perspective and a couple of the things (with examples) that make Svelte different from other popular frameworks.
My motto for this newsletter is that you find inspiration in unexpected places. I think that rings especially true when you're debugging code, and the solution comes from some past or obscure material you once read. In this diagnostic article, Bruce Dawson demonstrates how seemingly unrelated knowledge about floating point addition came in handy when debugging a problem in Chromium.
James Shore discusses the importance of automated tests and the various ways to write them. The author describes the problems with the easy, obvious way to write tests and the benefits of using mocks and spies. He also describes the problems with using mocks and spies and how they can be avoided. The article is broken up into bite-sized pieces with lots of code examples.
- You have to adjust production code to work for tests (using an off switch)
- Tests become more "sociable", meaning multiple can fail from a single bug
- There's a long list of benefits for not mocking things for tests
Joseph Junker discusses how the visitor pattern can be used to mix functional and object oriented programming in a beneficial way.
- The visitor pattern enables a beneficial mixing of functional and object oriented programming and has a deep and rigorous connection to type theory
- Functional programming makes it easy to define new functions, and hard to add new data, object oriented programming makes it easy to define new data, and hard to add new functions
- Can make the visitors more lightweight by just making them into TS/JS objects
Injecting code into remote processes isn't the safest thing to do, and is actually a common way for malicious actors to get existing processes to run code that the actor has written. Nonetheless, it's interesting to know how it's done. In this informative article, Vladimir takes "a running Node.js HTTP server and, from another local Node.js process, [injects] a script into it to make it log all incoming HTTP requests".
With the explosion of streaming services, like streaming movies, TV shows, or people live streaming, streaming libraries for browsers have also popped up all over the place. One disadvantage with most of these libraries is that they don't allow you to manipulate lower level features. Eugene Zemtsov has written an article introducing the WebCodecs API, which give developers access to browser built-in features like "video and audio decoders, video and audio encoders, raw video frames, and image decoders". Eugene also explains the workflow and provides examples for each of the individual components.
This article is from one of the readers of the newsletter! Web developers often have to deal with bundlers, which are tools that help coalesce all of the different files and file types that go into making a modern website. Webpack is one of the most popular tools for this, and in this extensive article, Andrei Gatej thoroughly explains its inner workings.
Refactoring is a big part of any kind of programming, because any project you'll work on will have some sort of technical debt. We all sometimes take shortcuts. Well Pablo Aguiar has taken a great meme, good ol' Karen, and put her to work rewriting unit tests for lazy Python devs that used time.sleep on asynchronous functions.
- Their latest version is already supported by Babel and will soon be supported by TypeScript
- Decorators are a keyword that starts with an symbol and can be put in front of classes and class members (such as methods) to enable a number of different functionalities
- They are mostly an object-oriented feature and popular in OOP frameworks and libraries
- Generators are rarely used
- Laziness allows you to process large data sets by loading one item at a time into memory
- There aren't a lot of built in iterator utility functions
- An action is a transition in a state machine/state transition system
- Talks about the theoretical concepts of refinement mappings and auxiliary variables
- Refinement mappings overcome both state incompatibility and the need for action sequences
- The underlying cause of each vulnerability is identified and fully working exploits are demonstrated
- Recommends ways to prevent similar issues from occurring in the future
- The first part of the series focuses on vulnerabilities in VSCode extensions, in particular two Microsoft extensions: SARIF viewer and Live Preview
Alex Ellis plays with the Web Audio API to detect pitch.
Austin Gil describes how one could redirect traffic using edge computing as an alternative to NGINX.
Alex Weisberger discusses how to upgrade one's model-based testing strategy.
This two-part blog series covers how Vasco Franco found and disclosed three vulnerabilities in VSCode extensions and one vulnerability in VSCode itself.