Hasty Treat - Target=_blank security issue? What's the deal with noopener and noreferrer?
In this Hasty Treat, Scott and Wes talk about noopener and noreferrer and why you should use them with links that have blank targets. Sentry - Sponsor If you want to know what’s happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry.io and using the coupon code “tastytreat”. Show Notes 03:35 - What’s the big deal? If you have a link that is target="_blank" you should add rel=“noopener” and rel=“noreferrer” Retail Me Not uses it Valid use cases: Same domain change the page from a popup Cross domain changing page data Example: https://mathiasbynens.github.io/rel-noopener/ 05:39 - Why doesn’t the browser just fix it? Safari did - You can use rel=“opener” to allow it Firefox did Chrome hasn’t yet https://twitter.com/HugoGiraudel/status/801475801397030912 10:48 - Does this hurt SEO? It breaks analytics of the recipient site, turning a referral visit from your site into direct traffic, unless the link has UTM or similar tracking parameters. If you have a site where passing traffic offsite is part of the business model, links need an affiliate id instead. Links @argyleink Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
27 Juli 202014min
Potluck - Beating Procrastination × Rollup vs Webpack × Leadership × Code Planning × Styled Components × More!
It’s another potluck! In this episode, Scott and Wes answer your questions about transitioning to backend dev, tips for beating procrastination, Rollup vs Webpack, code planning, growing as a leader and more! LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Sentry - Sponsor If you want to know what’s happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry.io and using the coupon code “tastytreat”. Show Notes 02:33 - I am a junior dev, coming up on two years at my current agency. I have been primarily on the frontend using Angular and templating with Handlebars and other HTML and CSS. I have been asked if I would be interested in moving more into backend, with a focus on Node.js. Outside of creating APIs, what else should I do to learn “backend”? 06:08 - I work as a web master and would like to be a frontend developer someday. Currently I am working on a MERN stack app on my own to enhance my skills, but have problems focusing and tend to procrastinate a lot. How do you tackle distractions and get things done? I would appreciate some tips. 11:00 - Rollup or Webpack? Webpack 5 still doesn’t seem to support ES6 module output, as described by Philip Walton, so instead of upgrading to Webpack 5, this might be a good time to think about switching to Rollup (or Parcel). 13:46 - I have been learning web development (HTML, CSS and JS) and am at a place where I can build simple websites for small businesses, but I feel like a beginner and am wondering if you have any recommendations on courses to get to a more intermediate/advanced level? 18:01 - Why should you choose Styled Components over other ways of writing CSS? 22:56 - What are your thoughts on companies that make senior developer roles require leadership responsibilities? A great technical person does not always make a great leader or visa versa. 26:36 - I am often not good at planning out code from the start. I find that it’s easier to start coding, write a few lines, run it to see where I’m at, and carry on. This technique doesn’t work when I need to wait for a deploy to finish before I can view the result, as it greatly increases dev time. Do you have any advice for what I can do better? 31:43 - I have a very random question. for context I’m a Mac and Linux user myself. However, recently while building our company application I’ve noticed that Windows does extremely weird things with font sizes. Since we have a pretty decent Windows user base, obviously this is something my partner and I want to solve. However I’m very unsure of the best way to handle it. It seems entirely different from user to user. How in the world do we as developers account for these inconsistencies? We have tried vertical media queries that more or less kick them to tablet mode. Obviously this is less than optimal. 37:50 - Are side projects common among developers? I recently mentioned to my boss that I have a few side projects - nothing serious, just for learning mostly - and he said he would rather I didn’t, and instead focus on my work. He said he hadn’t really heard of developers doing side projects, and that if I want to work on things that aren’t our work he has other things I can do. Links inputmag.com Focus app TSdx Rollup Webapck Parcel Beginner Javascript Typescript Darknet Diaries ××× SIIIIICK ××× PIIIICKS ××× Scott: Malicious Life Podcast Wes: LaCie Rugged USB-C External HDD Shameless Plugs Scott: Modern CSS Design Systems - Sign up for the year and save 25%! Wes: Beginner Javascript - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
22 Juli 202050min
Hasty Treat - Turbolinks + Server Generated HTML + JS Sprinkles
In this Hasty Treat, Scott and Wes talk about turbolinks — what it is, how to use is, popular apps using is, and more! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. Show Notes 02:50 - What is turbolinks? Generate HTML on the server Send it over the ajax request Load it in the page 03:55 - Who is using Turbolinks? GitHub Basecamp Hey.com 05:24 - Turbo Links javascript browser bundle Intercepts any link click Fetches the page HTML 09:19 - JS Sprinkles Vanilla JS jQuery Stimulus Alpine JS Links Turbolinks Syntax 254: Headless CMS Break Down & Roundup pjax Svelte Next.js Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
20 Juli 202015min
Video for the Web 2020 and Beyond
In this episode of Syntax, Scott and Wes talk about the future of video for the web! Sanity - Sponsor Sanity.io is a real-time headless CMS with a fully customizable Content Studio built in React. Get a Sanity powered site up and running in minutes at sanity.io/create. Get an awesome supercharged free developer plan on sanity.io/syntax. Freshbooks - Sponsor Get a 30 day free trial of Freshbooks at freshbooks.com/syntax and put SYNTAX in the “How did you hear about us?” section. Show Notes 08:19 - Scott’s Background in video Started editing in middle school Worked professionally as an editor and production assistant for magazine Created specialty flash video players Have been hosting video content since the start of my web career 09:12 - Terminology Transcoding - digital to digital conversion of one format to another Ingest - bringing a video to a new facility (ie uploaded video file or data stream to server) 10:51 - Streaming vs Downloading Streaming is basically chunks of content at a time, while download is waiting for the entire file to be downloaded before playing. 11:16 - Formats MP4 WebM DASH HLS (HTTP Live Streaming) m3u8 21:35 - Players shaka-player - https://github.com/google/shaka-player/ hls.js - https://hls-js.netlify.app/demo/ dash.js - https://github.com/Dash-Industry-Forum/dash.js video.js - https://videojs.com/ jw player - https://www.jwplayer.com/ Bit Movin player - https://bitmovin.com/docs/player Ooyala Brightcove - https://www.brightcove.com/en/ 27:48 - Services Roundup 🐴 YouTube - free Vimeo - $ MUX - $$ Wistia - Cloudflare - $$ JW Player - $ Cloudinary - $$$ Brightcove - $$$ Azure - $$ Bit Movin - $$ AWS - $$ 46:59 - What Scott did and how/why upchunk Mux Video.js Custom uploader Using polling Links Basecamp Hey Inbox YouTube Wistia Drip ConvertKit Vimeo https://fronteers.nl/congres/2015/sessions/jsmpeg-by-dominic-szablewski https://www.vidbeo.com/blog/hls-vs-dash HLS Can I Use youtube-dl Syntax Ep 254: Headless CMS Break Down & Roundup Cloudflare Mux Framer Motion Cloudinary upchunk ××× SIIIIICK ××× PIIIICKS ××× Scott: Flexibility Focus Podcast Wes: Mustie1 YouTube Channel Shameless Plugs Scott: CSS Variables Course - Sign up for the year and save 25%! Wes: All Courses - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
15 Juli 202053min
Hasty Treat - The Domain Name Game
In this Hasty Treat it’s another edition of the Top Level Domain Game! LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Show Notes 02:25 - How it works We pick a TLD from a list, and the other person needs to guess: Is it for a country or business? +5 points What country, business, or type of business is it for? +5 points How much per year does it cost to register? You may also say “unregisterable” +/- off by $$ https://www.101domain.com/ Is scott._ and wes._ available? -10 points for each 04:00 - .sd Scott: 5 + -5 + -126 + -10 + 10 = -126 05:46 - .ong Wes: 5 + -5 + -30 + 20 = -10 07:53 - .koeln Scott: 5 + -5 + -20 + 20 = -126 09:23 - .co.ke Wes: 10 + -15 + 0 = -15 11:00 - .tr Scott: 5 + -5 + 0 + 0 = -126 12:25 - .ist Wes: -5 + 5 + -10 + 0 = -25 13:57 - .xn—45q11c Scott: 5 + 5 + -295 + 10 = 20 = -401 16:40 - .reit Wes: 10 + -1460 + 10 = -1465 Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
13 Juli 202019min
Jerome Hardaway + Vets Who Code
In this episode of Syntax, Scott and Wes talk with Jerome Hardaway about web dev, vets who code, diversity in tech, and more! .TECH Domains - Sponsor If you need eyes on your project, you’ll need a domain, and .TECH is perfect for representing your brand. Find out if your .TECH domain is available at go.tech/syntax2020. Use the coupon code Syntax2020 and get 90% off 1- 5- and 10-year domain names. Sentry - Sponsor If you want to know what’s happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry.io and using the coupon code “tastytreat”. Guests Jerome Hardaway Show Notes 01:50 - Captain America of Tech 03:25 - Where do you work and what type of stuff do you work on? 08:03 - What was your introduction to programming? 15:46 - When did you start Vets Who Code? 24:13 - What is the stack behind Vets Who Code? 29:56 - How do you help prep vets to get jobs? 41:32 - How can you be an ally and amplify black voices in tech? 50:05 - Everybody against racism Links Vets Who Code Quicken Loans Eventbrite Animate.css Laws of UX react-spring General Assembly Code Bootcamps uses.tech keycode.info Tech Talent Pipeline @vetswhocode ××× SIIIIICK ××× PIIIICKS ××× Jerome: 1: HBO’s Watchmen 2: https://vidr.io/ Scott: Explained on Netflix Wes: Jeremy Fielding YouTube Channel Shameless Plugs Jerome: Vets Who Code Scott: Design Systems with CSS Variables - Sign up for the year and save 25%! Wes: All Courses - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
8 Juli 20201h 2min
Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms
In this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more! LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Show Notes 02:00 - So you made a form: Contact form Sales form Email signup for newsletter Bug report Sign up for an account Password reset 03:00 - Now someone is going to: Have a bot that submits it Maliciously write a bot that submits thousands 04:14 - So what can you do? 4:54 - Honey pot This is a field that is either hidden or you tell the user not to fill in Can goof up autofill Works in many cases 07:37 - IP Throttle Only allow each IP to do an action a certain number or times inside a window You may only try signing up once per 10 mins 09:48 Block known ASN 12:37 - Captcha Soft captcha: “What is 1 plus 1?” Annoying captcha: Type these letters Google captcha: Train our self driving cars Hidden captcha Cloudflare hCaptcha Links Cloudflare Digital Ocean Google reCaptcha Cloudflare hCaptcha Cloudinary Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets
6 Juli 202020min
Our React Wish List
In this episode of Syntax, Scott and Wes talk about what they wish existed in React! DevLifts - Sponsor Refactor your body with DevLifts. They have a few different programs: 1) fit.start (normally $19/month) has a few options (lean, bodyweight, and strong). Workouts are delivered via email each month, with access to a Slack community for questions and accountability. 2) Premium (normally $199/month) is a custom-tailored option, where you get your workouts and nutrition advice after answering a questionnaire. They also check in with you each week via Slack to see how it's going and make changes if necessary. Get 50% off fit.Start plans with code SYNTAX and 50% off Premium with code TASTY. Freshbooks - Sponsor Get a 30 day free trial of Freshbooks at freshbooks.com/syntax and put SYNTAX in the "How did you hear about us?" section. Show Notes React 03:53 - Unmount delay for animation 06:20 - Suspense with SSR released (or not because I think they are shelving it) Dan's tweet: https://twitter.com/dan_abramov/status/1259614150386425858 09:24 - File based components Like Svelte and Vue This would look like a file with a special scoped tag per page. 11:50 - Prevent Default shortcuts 13:00 - No more useIsoLayoutEffect useLayoutEffect on SSR should just work without a custom hook Simple data fetching strategy based on promises 15:52 - Recommended hooks E.g. "here is the best way to do things" Official list of best practice hooks 18:25 - A good form strategy Bind inputs to state directly without any change handlers Inputs and forms all around need more magic - it's painful 20:43 - Write once deploy everywhere Not likely ever E.g. automatic transformation into react-native (obviously not going to happen) 22:28 - Compile time directives https://github.com/bukharim96/directive-x 25:11 - Slots instead of children Allows for things like named slots more explicit than children JSX 26:44 - Removal of htmlFor, className and all other abominations of html 29:09 - Import Raact from React for JSX to work Soon will be fixed https://github.com/babel/babel/pull/11154 react-require 32:31 - Better conditional / if statement syntax 33:09 - Fragments by default Just do it for us - the error message already knows 33:54 - Automatic key ids If mapping an object, check for common _id or id 36:36 - Simple scoped CSS built in 37:29 - Short hand for props with same name is prop={prop} 39:00 - Prop interpolation without backticks: name="$first $last" Or just backticks without brackets name=${first} ${last} instead of name={${first} ${last}} Tooling 39:43 - Story for typescript/prettier/babel 40:11 - Automatic a href client side routing 41:51 - Scaffolding and component generation Links Svelte Vue React Native NativeScript react-spring Paul Henschel Scream Sneeze: https://twitter.com/morganc_smith/status/1235332301044801538 ××× SIIIIICK ××× PIIIICKS ××× Scott: Software Engineering Daily Podcast Wes: PicQuic Screwdriver Shameless Plugs Scott: Sapper For Everyone - Sign up for the year and save 25%! Wes: Wes' New Gatsby Course - Use the coupon code 'Syntax' for $10 off! Tweet us your tasty treats! Scott's Instagram LevelUpTutorials Instagram Wes' Instagram Wes' Twitter Wes' Facebook Scott's Twitter Make sure to include @SyntaxFM in your tweets
1 Juli 202052min
